IPv6 WAN gateway assigned to LAN interface

Benoit · December 12, 2016, 10:00pm

I do not understand why 2a01:e34:eebf:b5d0::1/64 is assigned to my LAN interface!

$ ip -6 a
[...]
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1472 state UP qlen 532
    inet6 2a01:e34:eebf:b5d0::2/126 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::da58:d7ff:fe00:30ca/64 scope link 
       valid_lft forever preferred_lft forever
18: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1472 state UP qlen 1000
    inet6 fd65:f4d:54af::1/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 2a01:e34:eebf:b5d0::1/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 2a01:e34:eebf:b5d0::3/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::da58:d7ff:fe00:30c9/64 scope link 
       valid_lft forever preferred_lft forever

From my /etc/config/network:

config interface 'lan'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.3.1'
    option netmask '255.255.255.0'
    option mtu '1472'
    option ifname 'eth0 eth2'
    option ip6addr '2a01:e34:eebf:b5d0::3/64'
    option ip6prefix '2a01:e34:eebf:b5d0::/64'
    option ip6assign '64'

config interface 'wan'
    option ifname 'eth1'
    option proto 'dhcp'
    option mtu '1472'
    option peerdns '0'
    list dns '8.8.8.8'

config interface 'wan6'
    option ifname '@wan'
    option _orig_bridge 'false'
    option proto 'static'
    option ip6addr '2a01:e34:eebf:b5d0::2/126'
    option ip6prefix '2a01:e34:eebf:b5d0::/64'
    option ip6gw '2a01:e34:eebf:b5d0::1'

When requesting name resolution on ::3, dnsmasq answers from ::1, which is dropped by the client firewall (asymetric routing).

Any idea?

Thanks

Ondrej_Caletka · December 12, 2016, 10:08pm

Don’t set up any ip6addr nor ip6prefix to the lan interface. They all belong to wan6. IPv6 address of lan interface is automagically configured by ip6assign out of ip6prefix of other interface(s).

As far as I know, the ::1 address is hardcoded in OpenWRT netifd and cannot be changed. For further information, refer to OpenWRT native IPv6-stack wikipage.

Benoit · December 13, 2016, 9:21am

Ok, thank you.
What is supposed to happen if proto is static (necessary for IPv4), and I give no ip6addr?
Anyway, I forced ip6addr to [prefix]::1, and it’s ok!

Isn’t it a problem that the same [prefix]::1 is assigned once on the DSL router (default gateway on WAN interface) and once on the LAN interface ?

Ondrej_Caletka · December 13, 2016, 12:11pm

It will get assigned automatically out of the ip6prefix of other interfaces (usually wan6). See ifstatus wan6 output to see the assignment.

Setting ip6addr to different address will not help, because there are filters set up by OpenWRT IPv6 stack, which would prevent forwarding of any unknown IP prefixes.

It is. You should have different prefix on WAN and LAN side. Usually, you get the LAN prefix leased using DHCPv6 Prefix delegation. But if your DSL router doesn’t do prefix delegation, you have to delegate a route statically (if DSL router supports it and your provider gives you short enough prefix) or switch DSL router to bridge mode.

Benoit · December 13, 2016, 1:13pm

On the WAN side, the DSL router is (prefix)::1, and let me configure next hop to (prefix)::2, which is the address I assigned to the Omnia WAN interface. The WAN network is (prefix)::/126. I added a static default route to the fe80 address of the DSL router.

It seems to work, but it is not clean…

The DSL box is in bridge mode, but only for IPv4.

Ondrej_Caletka · December 13, 2016, 4:02pm

Interesting solution. If it is possible to choose address of the DSL modem, I would change it to something like ::1:10/127 and use a /127 on the WAN link. This would be somehow cleaner solution. But if it works like this, then then I think it’s OK.

Benoit · December 13, 2016, 4:28pm

Unfortunately, the DSL router address cannot be configured.

Thanks.

Jirka · March 24, 2017, 4:36pm

Hello,

is there an option, to use static ipv6 for downstream? Ive got /63 on wan6, but ip6hint doesnt work for me, interfaces got two subnets (via ip6assign), avaible from assigned /63, and thats end of ipv6 options for the rest of interfaces.

I would like to setup downstream as one subnet for lan+wifi, and second one for the VPN.

Ondrej_Caletka · March 27, 2017, 7:13am

Although you can set static IPv6 for a downstream port, it would not work due to ingress filtrering of IPv6 traffic. You should let netifd assign IPv6 to downstream ports according to ip6assign option. ip6hint should work, although I’m not sure what should be the proper contents for such long assignment as /63.

If you have only /63 on wan6, that means only at most two /64 subnets. If you have more than two subnets with ip6assign option, any extra interfaces will not get any IPv6. So just delete ip6assign option from those interfaces and it should work as expected.