I have a couple of Wi-Fi bridges set up using relayd¹ and would like to get them working with IPv6.
However, my ISP only provides a /64 through prefix delegation, which I'm aware is not ideal. Here's what my main router (also running OpenWrt) gets, with the cable modem set to bridge mode:
The Wi-Fi bridges are set up with everything (Router Advertisement Service, DHCPv6 Service, NDP Proxy) on relay mode on the LAN interface, and with a "WWAN6" interface as a DHCPv6 client. As a result, the WWAN interface gets a /64 address, which is not passed down to the LAN interface because it is not a prefix:
Using relayd is something of a hack, though it does have its place.
First question, do you really need distinct subnets for your IPv6 traffic?
With IPv6, I'd first check to see if your IPS will provide either a wider address space, or multiple /64s. Comcast in the US, for example, will give out a /60 if your DHCPv6 client is capable of requesting it.
Worst case would be "no" and that you need subnets. In that case you can do the "ugly" splitting of the prefix into /68s or the like, depending on how many you need.
As jeff mentioned, IPv6 and relayd doesn't work (there have been a few rejected attempts for adding this functionality to the upstream kernel recently), an easier solution would be switch to WDS/ 4addr (if possible, which means all involved APs need to run OpenWrt), which passes IPv6 traffic through transparently (single subnet for all devices).
I don't need distinct subnets, just a way to get the devices behind the bridge on IPv6.
My ISP is known to only provide a /64 no matter what the router requests. They promised they would eventually move to /56, but that was two years ago and it hasn't happened yet.
Yes, WDS is great. I had it on my previous setup with a cheap TP-Link WR841N as AP. Never had the chance to test it with IPv6 though.
Unfortunately my EAP245 has no OpenWrt port (I would definitely use WDS if there was a port), and its stock firmware uses the Atheros binary driver => no WDS.
Are you getting IPv6-prefix automatically or setting it manually?
I have a similar configuration and can't obtain prefix automatically, only external IPv6-address.
You could in theory make your router into a filtering brouter. Install ebtables, Turn on the bridge iptables syscl and bridge WAN and LAN, then in the brouter ebtable deny ipv4 packets so they get routed.
GRE for tunnels is pretty much a hand-configured thing. If you do decide to go down that route, let me know. There are some tricks in the config, and increasing the 802.11 link's MTU "is a must" to prevent strange connectivity problems, due to how L2 tunnels work, in general. Plenty of MTU on 802.11, so you're not breaking any rules...
WDS has been "OK" for me, but never much impressed. I run backhaul over 802.11s with batman-adv as the higher-level routing protocol these days with good throughput on 5 GHz.
GRE tunnels are perhaps a tad better, but maintaining them as topologies change with five or more nodes here made the "turn-key" nature of batman-adv more attractive. If you only have two end points, it might be worth setting up.
Then again, if a cable or power-line modem does the trick, that's pretty easy to maintain!