IPv6: how to get public adress on wan

Hi,

My ISP recently start providing IPv6 in addition to IPv4. I get automatically a /56 prefix delegation and all my devices on the LAN are now attributed an IP within the IPv6 prefix delegated. They can access the IPv6 Internet and, when firewall on turris is configured to allow it, are reachable from the Internet.

What I cannot get to work though is IPv6 connectivity on the Turris Omnia itself on the WAN side. The only public IPv6 that is attributed on the turris is on the LAN interface, on the WAN interface, I only get a fe80 address.

Current status:

root@turris:~# ip a show dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 532
    link/ether d8:58:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 93.12.xx.xx/23 brd 93.12.xx.255 scope global eth2
       valid_lft forever preferred_lft forever
    inet6 fe80::da58:xxff:fexx:xxxx/64 scope link 
       valid_lft forever preferred_lft forever
root@turris:~# ip a show dev br-lan
49: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 04:f0:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 2a02:xxxx:xxxx:xxxx::1/60 scope global dynamic noprefixroute 
       valid_lft 189sec preferred_lft 189sec
    inet6 fe80::da58:xxff:fexx:xxxx/64 scope link 
       valid_lft forever preferred_lft forever

/etc/config/network relevant content:

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option bridge_empty '1'
	option igmp_snooping '1'
	list ifname 'lan0'
	list ifname 'lan1'
	list ifname 'lan2'
	list ifname 'lan3'
	list ifname 'lan4'

config interface 'wan'
	option proto 'dhcp'
	option ifname 'eth2'
	option vendorid 'xxxxx'
	#option ipv6 '1'

config interface 'wan6'
	option ifname '@wan'
	option proto 'dhcpv6'

I have tried setting the now commented option ipv6 to “1” or “auto” with the same result. I have read this page (https://openwrt.org/docs/guide-user/network/ipv6/start) but I do not understand how to get something else than the link local address that is described there.

my Turris Omnia obtains the PD address from the WAN-router (FritzBox).
You are sure your WAN Internet-Router provides the PD address successful?
TO does not need configuration at that point. Works out of the box for me (as far as I remember).

If you need config examples please let me know.
PGP email or private message preferred.

Not resolved is the issue to forward the PD address to the local client hosts. If the upstream router is restarted after the Turris Omnia had a restart (of network) it does not work.

See recent discussion tagged ipv6 here in the forum.
Workaround described there.

If you want to access remote machines via PD have a look at my cookbook (only in german). URL is in the discussion.

Hope to point you in the right direction …

I have no WAN-router, Turris Omnia is my WAN router.

PD is working as you can see a /56 IPv6 prefix delegated.

LAN devices got an IPv6 address in the /60 prefix allocated from the PD one. They can access to the IPv6 internet flawlessly and can be reached from the Internet as well when allowed by TOS firewall.

Turris => IPv6 LAN devices is working as well.

What is not working is Turris => IPv6 Internet. And I suspect it is because there is no GA IPv6 on the eth2 (wan) interface, only on the br-lan interface. But I don’t understand how to change this.

This depends on your ISP deployment. In general, it is not necessarry to have an extra global IPv6 address on the WAN interface as operating system will happily use any suitable address from any interface. So it should work out of the box.

Since it is obviously not working, I guess there could be problem with the way routing table is constructed for delegated prefix received via DHCPv6. You can try to fix it by adding this option to the wan6 interface.

 option 'sourcefilter' '0'

If it does not help, try to share the routing table and results of ping and traceroute from the router.

No same result.

# ping ipv6.speed.netmetr.cz
ping: unknown host ipv6.speed.netmetr.cz
# dig ipv6.speed.netmetr.cz AAAA

; <<>> DiG 9.16.8 <<>> ipv6.speed.netmetr.cz AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9998
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ipv6.speed.netmetr.cz.		IN	AAAA

;; ANSWER SECTION:
ipv6.speed.netmetr.cz.	1800	IN	AAAA	2001:1488:ffff::97

;; Query time: 30 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jan 20 16:43:02 CET 2021
;; MSG SIZE  rcvd: 78
# ip -6 r
2a02:xxxx:xxxx:xxxx::/64 dev br-lan proto static metric 1024 pref medium
unreachable 2a02:xxxx:xxxx:xxxx::/56 dev lo proto static metric 2147483647 error 4294967183 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev eth2 proto kernel metric 256 pref medium
fe80::/64 dev tun_turris proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
default via fe80::a67b:xxff:fexx:xxxx dev eth2 proto static metric 512 pref medium

Ping on OpenWRT is IPv4-only. If you want to ping IPv6 target, you have to use ping6.

Since you have a unrestricted default GW in the routing table as well as some GUA. I see no reason why the router should not be able to communicate over IPv6.

Damn, you are right it is working with ping6… Sorry about that.

Now it seems I was not the only one unaware of this,

# netmetr 
Checking uuid on the control server...
Requesting test config from the control server...
Starting ping test...
ping: unknown host ipv6.speed.netmetr.cz
ping: unknown host ipv6.speed.netmetr.cz
ping: unknown host ipv6.speed.netmetr.cz
ping: unknown host ipv6.speed.netmetr.cz
ping: unknown host ipv6.speed.netmetr.cz
ping: unknown host ipv6.speed.netmetr.cz
ping: unknown host ipv6.speed.netmetr.cz
ping: unknown host ipv6.speed.netmetr.cz
ping: unknown host ipv6.speed.netmetr.cz
ping: unknown host ipv6.speed.netmetr.cz
Starting speed test...

I will have a look if I can open a PR to correct this.

It seems we just have to wait for netmetr 2.0.0 to be available: https://gitlab.nic.cz/turris/netmetr-client/-/commit/893efe53318c290370691d03d431f2129105de60

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.