Need help exposing LAN ipv6 to internet (init7)

Software SW help
1

Hi all, as stated i need help exposing devices using ipv6 behind a turris omnia to the internet.

Note: i successfully expose a ipv4 lan device via port forwarding but that limits me to a single device being reachable on any given port. The advantage of ipv6 is, it would be static and i could assign multiple domains.

i think ipv6 works as intended, my omnia gets two ipv6 as well as a /48-prefix from ISP (init7), as well as ipv6 gateway & dns.

  • Turris Omnia
    IPv6: 2a02:168:2000:82::b/128
    IPv6: 2a02:168:2000:82:da58:d7ff:fe00:302e/64
    IPv6-PD: 2a02:168:b182::/48

odhcp hands out GUA’s based on this prefix to the devices in my lan. and devices are reachable as intended using their ipv6 from inside the lan.

  • Device in LAN

IPv6: 2a02:168:b182:0:a0ba:69ff:fe07:a5a/64

routes on the omnia look ok (fe80::200:f7ff:fef7:256 is the ipv6 gateway i get from the isp?!):

root@turris /root # ip -6 route | grep b182
default from 2a02:168:b182::/48 via fe80::200:f7ff:fef7:256 dev eth2 proto static metric 384 pref medium
2a02:168:b182::/64 dev br-lan proto static metric 1024 pref medium
unreachable 2a02:168:b182::/48 dev lo proto static metric 2147483647 pref medium

however an online traceroute shows that the routes on the internet seem to be incomplete as it never reaches my omnia. but it looks like it’s just one hop short as thats basically my isp’s pop next door:

| hop | rtt | rtt | rtt | ip address
...
| 30  | 138 | 138 | 138 | 2a02:168:2000:82::1

so it looks like something to do with RA/SLAAC… both of which are new to me.

my dhcp config:

config dhcp 'lan'
	option interface 'lan'
	option dhcpv6 'server'
	option ra 'server'
	option ignore '0'
	option leasetime '43200'
	option start '2'
	option limit '99'
	list dhcp_option '6,192.168.0.1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

as well as:

root@turris /root # cat /proc/sys/net/ipv6/conf/eth2/accept_ra
0
root@turris /root # cat /proc/sys/net/ipv6/conf/all/forwarding 
1
root@turris /root # cat /proc/sys/net/ipv6/conf/eth2/autoconf 
1
2

Which address did you use as the target for the traceroute? Did you check whether your firewall rules allow this traceroute traffic (check which protocol it’s using!)?