Are your WAN IPs GUA? Those start with the number 2 or 3, not F. When posting IPv6 addresses there is no harm in not redacting the first few digits, and that is helpful to identify the type of address.
You can remove ULA prefix (starts with FD) to reduce confusion. Most home networks have no need for ULA addresses.
The default configuration with ipv6 auto will spawn and configure a wan_6 interface for you; though you may need to add it to the wan firewall zone. Remove the wan6 interface if using this method.
@cah1982 you do seem to be getting the correct GUA prefix from the ISP and a /64 subnet is being allocated to the LAN.
It might just be worth trying an IPCONFIG/release and IPCONFIG/renew on your windows device and see if that gives a correct IPv6 address in the 2a00... range
This should work as long as the DHCP and firewall are at defaults so that a RA and DHCPv6 server is running on LAN and the firewall does not block it. Running wireshark on the PC should show Router Advertisement packets being sent by the router. If you have those the PC should configure itself with a v6 GUA unless something in the PC is not as default.
It appears the ISP is not sending an address for the router itself, only a prefix. This means the router does not hold a GUA that it can use to originate a connection to the v6 Internet from internal processes (such as DNS and NTP), though it can still forward from the LAN. This is a non-standard operation by the ISP but you can work around it by setting ip6assign 64 on wan6 to have it take a /64 out of the /56 for its own use. Then a ping -6 openwrt.org from the router CLI should be successful.
I think that's the norm when the ISP connection type is PPPoE. The PPPoE only gets an IPv4 address and the wan6 interface uses the PPPoE tunnel to get an IPv6 PD via DHCPv6. That's certainly the way my connection works to a UK ISP who uses the Openreach network, which will be similar to @cah1982 s BT connection.
I can certainly ping openwrt.org successfully via ipv6.
Good point on the Firewall though @cah1982 do you have the following rules in the firewall
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
As far as I'm aware, my rules are the defaults, I've certainly not changed them.
I'd ceratinly remove the option src_ip and dest_ip lines from the Allow-DHCPv6 rule and how on earth your Allow-MLD has option target DROP instead of ACCEPT I dont understand. I'd certainly change that!
The list entries in my config are restricting the rule to certain icmp types, although when I check my rule with LUCI it shows the type as 'any'. That is possibly caused by a recent update from 23.05 to 24.10
I'd suggest adding the list entries as again as far as I'm aware that's the default
Here's my config from a BT connection on a Flint 2 running v23. It's all defaults, setup the pppoe connection and IPv6 just worked.
Network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdd8:0af5:0af2::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
option igmp_snooping '1'
option multicast '1'
config device
option name 'lan1'
option macaddr '94:83:c4:a2:8f:fc'
config device
option name 'lan2'
option macaddr '94:83:c4:a2:8f:fc'
config device
option name 'lan3'
option macaddr '94:83:c4:a2:8f:fc'
config device
option name 'lan4'
option macaddr '94:83:c4:a2:8f:fc'
config device
option name 'lan5'
option macaddr '94:83:c4:a2:8f:fc'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.3'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth1'
option macaddr '94:83:c4:a2:8f:fa'
config interface 'wan'
option device 'eth1'
option proto 'pppoe'
option username 'bthomehub@btinternet.com'
option password 'bt'
option ipv6 'auto'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
Firewall
config defaults
option syn_flood 1
option input REJECT
option output ACCEPT
option forward REJECT
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
Check the IPv6 RA settings tab as well. Make sure Enable SLAAC is checked.
There are two ways for devices to get IPv6 addresses SLAAC and DHCPv6, some devices e.g Android, insist on using SLAAC whereas others e.g Windows will use either. Since all devices will use SLAAC if available, then you don't actually need the DHCPv6-Service enabled in the IPv6 settings.
