IPv6: how to get public adress on wan

Hi,

My ISP recently start providing IPv6 in addition to IPv4. I get automatically a /56 prefix delegation and all my devices on the LAN are now attributed an IP within the IPv6 prefix delegated. They can access the IPv6 Internet and, when firewall on turris is configured to allow it, are reachable from the Internet.

What I cannot get to work though is IPv6 connectivity on the Turris Omnia itself on the WAN side. The only public IPv6 that is attributed on the turris is on the LAN interface, on the WAN interface, I only get a fe80 address.

Current status:

root@turris:~# ip a show dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 532
    link/ether d8:58:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 93.12.xx.xx/23 brd 93.12.xx.255 scope global eth2
       valid_lft forever preferred_lft forever
    inet6 fe80::da58:xxff:fexx:xxxx/64 scope link 
       valid_lft forever preferred_lft forever
root@turris:~# ip a show dev br-lan
49: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 04:f0:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 2a02:xxxx:xxxx:xxxx::1/60 scope global dynamic noprefixroute 
       valid_lft 189sec preferred_lft 189sec
    inet6 fe80::da58:xxff:fexx:xxxx/64 scope link 
       valid_lft forever preferred_lft forever

/etc/config/network relevant content:

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option bridge_empty '1'
	option igmp_snooping '1'
	list ifname 'lan0'
	list ifname 'lan1'
	list ifname 'lan2'
	list ifname 'lan3'
	list ifname 'lan4'

config interface 'wan'
	option proto 'dhcp'
	option ifname 'eth2'
	option vendorid 'xxxxx'
	#option ipv6 '1'

config interface 'wan6'
	option ifname '@wan'
	option proto 'dhcpv6'

I have tried setting the now commented option ipv6 to “1” or “auto” with the same result. I have read this page (https://openwrt.org/docs/guide-user/network/ipv6/start) but I do not understand how to get something else than the link local address that is described there.

my Turris Omnia obtains the PD address from the WAN-router (FritzBox).
You are sure your WAN Internet-Router provides the PD address successful?
TO does not need configuration at that point. Works out of the box for me (as far as I remember).

If you need config examples please let me know.
PGP email or private message preferred.

Not resolved is the issue to forward the PD address to the local client hosts. If the upstream router is restarted after the Turris Omnia had a restart (of network) it does not work.

See recent discussion tagged ipv6 here in the forum.
Workaround described there.

If you want to access remote machines via PD have a look at my cookbook (only in german). URL is in the discussion.

Hope to point you in the right direction …

I have no WAN-router, Turris Omnia is my WAN router.

PD is working as you can see a /56 IPv6 prefix delegated.

LAN devices got an IPv6 address in the /60 prefix allocated from the PD one. They can access to the IPv6 internet flawlessly and can be reached from the Internet as well when allowed by TOS firewall.

Turris => IPv6 LAN devices is working as well.

What is not working is Turris => IPv6 Internet. And I suspect it is because there is no GA IPv6 on the eth2 (wan) interface, only on the br-lan interface. But I don’t understand how to change this.

This depends on your ISP deployment. In general, it is not necessarry to have an extra global IPv6 address on the WAN interface as operating system will happily use any suitable address from any interface. So it should work out of the box.

Since it is obviously not working, I guess there could be problem with the way routing table is constructed for delegated prefix received via DHCPv6. You can try to fix it by adding this option to the wan6 interface.

 option 'sourcefilter' '0'

If it does not help, try to share the routing table and results of ping and traceroute from the router.