Dear Members,
I have a Turris MOX router, running Turris OS 6.5.2, and have configured IPv6 through Hurricane Electric’s tunnel broker service, since my ISP only offers IPv4 connectivity.
After struggling for a while, I also took a Netgear WAX206 router with vanilla OpenWrt 23.05.2, and configured it with the same settings, and there, things worked for the first try.
Now on the MOX, the road was a bit (well actually a lot) bumpier.
After debugging things for many hours over many weeks, I now turn to you for help, because I don’t exactly understand what may be causing the behavior I experience.
Currently the situation is that the tunnel is up, I can access the IPv6 Internet successfully from the router itself (IPv6 connectivity tests from the reForis webUI pass as well),
but not from my machine attached to the LAN. (Even this is much better than what I had before.)
Funnily enough though, I can successfully ping my machine from the IPv6 internet successfully, but not in the other direction.
The technical details are as follows:
Through the HE tunnel, I am getting the 2001:470:XXXX::0/48 prefix. I then subdivide the address space to two /64 subnets: 2001:470:XXXX::0/64 and 2001:470:XXXX:1::0/64, for my LAN and WLAN networks.
My workstation which is connected to the LAN, is where I am primarily testing from, and the goal would be to ensure that IPv6 access works from there too.
Explanation: from the workstation I can’t ping one of a popular Hungarian website’s IPv6 addresses. (The MOX routers replies with “No route” from its LAN interface.)
I can ping the remote endpoint of the IPv6 tunnel though.
[09:35] janos@workstation{10}:[~]{1}$ ping -6 index.hu
PING index.hu(manis-1.cdn.magex.hu (2a02:730:4000::c0)) 56 data bytes
From 2001:470:XXXX::1 (2001:470:XXXX::1) icmp_seq=1 Destination unreachable: No route
From 2001:470:XXXX::1 (2001:470:XXXX::1) icmp_seq=2 Destination unreachable: No route
From 2001:470:XXXX::1 (2001:470:XXXX::1) icmp_seq=3 Destination unreachable: No route
From 2001:470:XXXX::1 (2001:470:XXXX::1) icmp_seq=4 Destination unreachable: No route
From 2001:470:XXXX::1 (2001:470:XXXX::1) icmp_seq=5 Destination unreachable: No route
From 2001:470:XXXX::1 (2001:470:XXXX::1) icmp_seq=6 Destination unreachable: No route
^C
--- index.hu ping statistics ---
6 packets transmitted, 0 received, +6 errors, 100% packet loss, time 5006ms
[09:35] janos@workstation{12}:[~]{0}$ ping 2001:470:YYYY:ZZZ::1
PING 2001:470:YYYY:ZZZ::1(2001:470:YYYY:ZZZ::1) 56 data bytes
64 bytes from 2001:470:YYYY:ZZZ::1: icmp_seq=1 ttl=63 time=18.1 ms
64 bytes from 2001:470:YYYY:ZZZ::1: icmp_seq=2 ttl=63 time=15.8 ms
64 bytes from 2001:470:YYYY:ZZZ::1: icmp_seq=3 ttl=63 time=18.5 ms
64 bytes from 2001:470:YYYY:ZZZ::1: icmp_seq=4 ttl=63 time=19.2 ms
64 bytes from 2001:470:YYYY:ZZZ::1: icmp_seq=5 ttl=63 time=16.1 ms
^C
--- 2001:470:YYYY:ZZZ::1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 15.846/17.557/19.228/1.330 ms
The interesting thing is that the same commands work OK when issued on the MOX router.
And on top of this, the configs do look okay on both MOX and the workstation:
root@mox:~# ip -6 ro sh
2001:470:YYYY:ZZZ::/64 dev 6in4-wan6 proto kernel metric 256 pref medium
2001:470:XXXX::/64 dev br-lan proto static metric 1024 pref medium
2001:470:XXXX:1::/64 dev br-wlan proto static metric 1024 pref medium
unreachable 2001:470:XXXX::/48 dev lo proto static metric 2147483647 pref medium
unreachable fdec:2f47:8966::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev br-wlan proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev wlan1-1 proto kernel metric 256 pref medium
fe80::/64 dev 6in4-wan6 proto kernel metric 256 pref medium
fe80::/64 dev tun_turris proto kernel metric 256 pref medium
default via 2001:470:YYYY:ZZZ::1 dev 6in4-wan6 proto static metric 1 pref medium
root@mox:~# ip -6 a s dev br-lan
69: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default qlen 10000
inet6 2001:470:XXXX::1/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::da58:d7ff:fe00:cdb9/64 scope link
valid_lft forever preferred_lft forever
root@mox:~# ip -6 a s dev 6in4-wan6
73: 6in4-wan6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
inet6 2001:470:YYYY:ZZZ::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::c0a8:5e/64 scope link
valid_lft forever preferred_lft forever
root@mox:~#
root@workstation:~# ip -6 ro sh
::1 dev lo proto kernel metric 256 pref medium
2001:470:XXXX::fe5 dev enxc84bd6bc65b0 proto kernel metric 100 pref medium
2001:470:XXXX::/64 dev enxc84bd6bc65b0 proto ra metric 100 pref medium
fe80::/64 dev vnet2 proto kernel metric 256 pref medium
fe80::/64 dev enxc84bd6bc65b0 proto kernel metric 1024 pref medium
default via fe80::da58:d7ff:fe00:cdb9 dev enxc84bd6bc65b0 proto ra metric 100 pref medium
root@workstation:~# ip -6 a s dev enxc84bd6bc65b0
23: enxc84bd6bc65b0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UP group default qlen 1000
inet6 2001:470:XXXX::fe5/128 scope global dynamic noprefixroute
valid_lft 20676sec preferred_lft 20676sec
inet6 2001:470:XXXX:0:ce30:9085:4d25:6149/64 scope global temporary dynamic
valid_lft 596676sec preferred_lft 78054sec
inet6 2001:470:XXXX:0:59a:cad9:3a0d:f9c0/64 scope global mngtmpaddr noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::c11e:3bbc:e954:a623/64 scope link noprefixroute
valid_lft forever preferred_lft forever
root@workstation:~#
Do any of you have any idea what might be at play here?
The default route is set up properly on the router, and the workstation also has a proper default gateway, pointing to the MOX router’s LAN interface.
Furthermore, I have checked things, and the WAX206 OpenWrt and MOX uci network and firewall configurations do match. I have also checked and this can’t be a firewall issue either.
Any further ideas on what I should check, or update in the configs?
Thanks in advance!
Best regards,
János