Hi All,
I want to do a complicated IPv6 setup and even after reading the manual pages
of OpenWRT (https://wiki.openwrt.org/doc/uci/network) I am not quite clear on how to do it.
I receive from my ISP an IPv6 /48 prefix. Behind the Turris Omnia router I have
in the LAN an other router giving access to a second network (called secure network)
What I want to do:
1) define 2 IPv6 address for the Turris Omnia in the LAN. One address with
ULA and the second one with an IPv6 routable address (I am not
interested in the address used in the WAN).
2) Advertising in the lan the IPv6 prefix of two networks (one network in ULA,
the other with routable address).
The two adress in point 1 will be in these /64 networks.
3) define a static route to the secure network (reachable by the other router
connected to the lan).
4) allow traffic in firewall from/to the secure network.
I have made some progress with this setup but they are still some points I don’t undertsand well.
The situation:
I receive from my ISP the following prefix 2001:DB8:6781::/48. I want to have two address on
the LAN interfaces: one address 2001:DB8:6781:5:cafe:be21:8891:90aa/64 and one address fd00:db80:6781:5:cafe:be21:8891:90aa/64.
A solution:
To achieve that goal I have setup in the file “/etc/config/network” the following parameters:
config globals 'globals’
option ula_prefix ‘fd00:db80:6781::/48’
Now I get the two wished address on the interface.
Remaining questions:
What I don’t understand well is the use of the value 60 (which seem to be the default)
for the “ip6assign” parameter.
What is the interest to have a network /60?
This could be to be able to subnet (since I have a second router and thus a second network
behind this interface). Unfortunately, in that case, I am not able to get the address I want
on the interface. The “ip6hint” parameter is ignored.
An other solution would be to use the “ip6addr” on the lan interface. However,
I have read somewhere that this is discouradged (or even wrong).
I have not found the reason behind that.
exactly, a bigger prefix is intended for prefix delegation to downstream routers
you could leave your current setup as it is and add a second interface on that device, choose protocol static and set no ipv4, just ip6assign 60, that should do the trick
Openwrt uses ip6assign parameter to decided how large prefix it allows for the interface.
Directly connected link uses /64 size, but the router is prepared to delegate prefix further to other routers.
This will usually happen with DHCPv6-PD (prefix delegation). Downlink router can further assign prefixes to its interfaces. The default ip6assign value 60 allows 16 /64 prefixes downstream from the interface. One of them
is the local link /64. As you get /48 prefix from your ISP, you could use ip6assign 56, for instance, that would allow
256 /64 prefixes downstream.
There is a new, more automatic mechanism called homenet or by protocol name HNCP.
Openwrt supports this also. It can assign IPv4 subnets automaticly. Unfortunately Turris
seems to have an older version that is not fully compatible with RFC7788. Thus recent Openwrt/LEDE
versions won’t work with Turris.
Thanks for the info. This was a good hint in the right direction.
The solution which has worked was to add a second interface but
by specifying as interface name “br-lan” (and not “eth0” and “eth2”).
