Hey,
i noticed that IPv6 isn’t working on my LAN anymore, not sure when it stopped working but before it did work:
IPv6 on the WAN side (Turris) is working however:
Any ideas why it stopped working on the LAN side?
Thanks
What does network> interfaces in Luci say about IPV6?
Hmmm… and what does the network>diagnostics >ping IPV6 do?
The only thing i see different on my MOX ( that has PPPoE ) is the IPV6-PD ends with a /48 and i have no IPV6:
Maybe delete the WAN 6, and restart the IP4 WAN?
ALso i did not change my config:
root@turris:/etc/config# cat firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'REJECT'
option forward 'REJECT'
option sentinel_dynfw '1'
option sentinel_fwlogs '1'
option sentinel_minipot '1'
list network 'wan'
option haas_proxy '1'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include
option path '/usr/share/firewall/turris'
option reload '1'
config include
option path '/etc/firewall.d/with_reload/firewall.include.sh'
option reload '1'
config include
option path '/etc/firewall.d/without_reload/firewall.include.sh'
option reload '0'
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option output 'ACCEPT'
option name 'vpn'
option forward 'REJECT'
option input 'ACCEPT'
list network 'vpn'
config forwarding
option dest 'vpn'
option src 'lan'
config forwarding
option dest 'wan'
option src 'lan'
config forwarding
option dest 'lan'
option src 'vpn'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config zone 'turris_vpn_client'
option name 'tr_vpn_cl'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
config forwarding 'turris_vpn_client_forward'
option src 'lan'
option dest 'tr_vpn_cl'
config rule
option src 'wan'
option name 'allow multicast'
option dest 'lan'
list dest_ip '224.0.0.0/4'
option target 'ACCEPT'
list proto 'all'
config redirect
option dest_port '8123'
option src 'wan'
option src_dport '8123'
option target 'DNAT'
option dest_ip '192.168.1.24'
option dest 'lan'
list proto 'tcp'
option name 'HomeAssistant_8123'
config redirect
option dest_port '443'
option src 'wan'
option src_dport '443'
option target 'DNAT'
option dest_ip '192.168.1.24'
option dest 'lan'
list proto 'tcp'
option name 'HomeAssistant_443'
config include 'sentinel_firewall'
option type 'script'
option path '/usr/libexec/sentinel/firewall.sh'
option family 'any'
option reload '1'
and network-config aswell:
root@turris:/etc/config# cat network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'fd1b:24d2:ca62::/48'
config interface 'lan'
option _orig_ifname 'eth0 eth2'
option _orig_bridge 'true'
option _turris_mode 'managed'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '64'
option device 'br-lan'
config interface 'wan'
option username 'xxxxxxxxxxxxxxxxxxxxxx@t-online.de'
option proto 'pppoe'
option password 'xxxxxxx'
option ipv6 'auto'
option device 'eth2.7'
config interface 'vpn'
option _orig_ifname 'tun0'
option _orig_bridge 'false'
option proto 'none'
option auto '1'
option device 'tun0'
config device 'br_lan'
option name 'br-lan'
option igmp_snooping '1'
list ports 'lan0'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'tun0'
option type 'bridge'
option igmpversion '2'
dhcp-config:
root@turris:/etc/config# cat dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option port '0'
option nonwildcard '0'
option dnssec '1'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
config dhcp 'lan'
option interface 'lan'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
option start '31'
option limit '200'
option leasetime '155520000'
list dhcp_option '6,192.168.1.1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
Ah ok, so outgoing does work? Maybe ISP issues?
IPv6 seems working on the WAN side so i think it maybe a Problem with the Firewall or DHCP?
Maybe delete the WAN 6, and restart the IP4 WAN?
Everything looks good here. There is clearly a DHCPv6 prefix received. Can you post output of ifstatus wan6 command?
Also on the LAN machines, do they receive some IPv6 addresses or not? If yes, what does traceroute say?
root@turris:/etc/config# ifstatus wan6
Interface wan6 not found
Yes they do receive IPv6 addresses:
traceroute on one of the clients in LAN:
ben@framework13:~$ traceroute openwrt.org
traceroute to openwrt.org (64.226.122.113), 30 hops max, 60 byte packets
1 _gateway (192.168.1.1) 1.743 ms 1.684 ms 1.673 ms
2 p3e9bf691.dip0.t-ipconnect.de (62.155.246.145) 3.909 ms 3.897 ms 3.886 ms
3 f-ed14-i.f.de.net.dtag.de (217.0.203.26) 8.314 ms f-ed14-i.f.de.net.dtag.de (217.5.67.246) 8.303 ms f-ed14-i.f.de.net.dtag.de (217.5.70.154) 6.939 ms
4 80.156.162.178 (80.156.162.178) 6.927 ms 6.916 ms 6.903 ms
5 if-be-25-2.ecore1.fr0-frankfurt.as6453.net (80.231.65.21) 6.952 ms 6.880 ms 6.869 ms
6 195.219.50.42 (195.219.50.42) 6.856 ms 195.219.50.90 (195.219.50.90) 7.075 ms 195.219.50.42 (195.219.50.42) 5.892 ms
7 * * *
8 * * *
9 * * *
10 * * *
11 wiki-03.infra.openwrt.org (64.226.122.113) 7.261 ms 7.205 ms 7.181 ms
ben@framework13:~$ traceroute6 openwrt.org
traceroute to openwrt.org (2a03:b0c0:3:d0::1a51:c001), 30 hops max, 80 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Well, this is obviously wrong. And since you cannot even see the first hop in IPv6 traceroute, it is apparent that the computer’s IPv6 config is out of sync with the router.
There has to be wan6 interface in its default config, which is:
config interface 'wan6'
option device '@wan'
option proto 'dhcpv6'
Put it back, restart the router and also reconnect the client to make sure the IPv6 configuration is not stale.
Then look at the wan6 status again. You should see delegated prefix being correctly assigned to the lan interface.
something wrong in my config?
Ok i put the wan6 back into my interface config and restarted the router, heres how the config looks now:
root@turris:~# cat /etc/config/network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'fd1b:24d2:ca62::/48'
config interface 'lan'
option _orig_ifname 'eth0 eth2'
option _orig_bridge 'true'
option _turris_mode 'managed'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '64'
option device 'br-lan'
config interface 'wan'
option username 'xxxxxxxxxxxxxxxxxxxxxxx@t-online.de'
option proto 'pppoe'
option password 'xxxxx'
option device 'eth2.7'
# option ipv6 '1'
option ipv6 'auto'
config interface 'vpn'
option _orig_ifname 'tun0'
option _orig_bridge 'false'
option proto 'none'
option auto '1'
option device 'tun0'
config device 'br_lan'
option name 'br-lan'
option igmp_snooping '1'
list ports 'lan0'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'tun0'
option type 'bridge'
config interface 'wan6'
option device '@wan'
option proto 'dhcpv6'
option reqprefix 'auto'
option reqaddress 'try'
config device 'dev_wan'
option name 'eth2.7'
option igmpversion '2'
I do get shown two Interfaces WAN_6 and WAN6 which doesn’t look right for me:
Reconnected the client also nothing seems to have changed:
IPv6 Addresses are received by the client:
root@turris:~# ifstatus wan_6
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": true,
"uptime": 756,
"l3_device": "pppoe-wan",
"proto": "dhcpv6",
"device": "pppoe-wan",
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
],
"ipv6-address": [
{
"address": "2003:e1:9fff:123f:dd70:b281:7160:6078",
"mask": 64,
"preferred": 1643,
"valid": 14243
}
],
"ipv6-prefix": [
{
"address": "2003:e1:9f11:f700::",
"mask": 56,
"preferred": 85642,
"valid": 85642,
"class": "wan_6",
"assigned": {
"lan": {
"address": "2003:e1:9f11:f700::",
"mask": 64
}
}
}
],
"ipv6-prefix-assignment": [
],
"route": [
{
"target": "::",
"mask": 0,
"nexthop": "fe80::e86:10ff:fef7:3884",
"metric": 512,
"valid": 1643,
"source": "2003:e1:9f11:f700::/56"
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::e86:10ff:fef7:3884",
"metric": 512,
"valid": 1643,
"source": "2003:e1:9fff:123f:dd70:b281:7160:6078/64"
}
],
"dns-server": [
"2003:180:2:8100::53",
"2003:180:2:8000::53"
],
"dns-search": [
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
"passthru": "001700202003018000028100000000000000005320030180000280000000000000000053",
"zone": "wan"
}
}
root@turris:~# ifstatus wan6
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 819,
"l3_device": "pppoe-wan",
"proto": "dhcpv6",
"device": "pppoe-wan",
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
],
"ipv6-address": [
{
"address": "2003:e1:9fff:123f:dd70:b281:7160:6078",
"mask": 64,
"preferred": 1583,
"valid": 14183
}
],
"ipv6-prefix": [
],
"ipv6-prefix-assignment": [
],
"route": [
{
"target": "::",
"mask": 0,
"nexthop": "fe80::e86:10ff:fef7:3884",
"metric": 512,
"valid": 1583,
"source": "2003:e1:9fff:123f:dd70:b281:7160:6078/64"
}
],
"dns-server": [
"2003:180:2:8100::53",
"2003:180:2:8000::53"
],
"dns-search": [
],
"neighbors": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"neighbors": [
]
},
"data": {
}
}
Can you try pinging Google from your Omnia from both its delegated prefix and non-delegated address?
ping -6 -I 2003:e1:9f49:c900::1 google.com
ping -6 -I 2003:e1:9fff:4a17:fccb:4633:7ed3:d6fe google.com
It works now, i had to add the wan6 interface while also adding it to the wan zone in the firewall:
Here is my working config:
root@turris:~# cat /etc/config/network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'fd1b:24d2:ca62::/48'
config interface 'lan'
option _orig_ifname 'eth0 eth2'
option _orig_bridge 'true'
option _turris_mode 'managed'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '64'
option device 'br-lan'
list ip6class 'wan6'
config interface 'wan'
option username 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@t-online.de'
option proto 'pppoe'
option password 'xxxxx'
option device 'eth2.7'
option ipv6 '0'
option ip6assign '64'
list ip6class 'wan6'
config interface 'vpn'
option _orig_ifname 'tun0'
option _orig_bridge 'false'
option proto 'none'
option auto '1'
option device 'tun0'
config device 'br_lan'
option name 'br-lan'
option igmp_snooping '1'
list ports 'lan0'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'tun0'
option type 'bridge'
config interface 'wan6'
option device '@wan'
option proto 'dhcpv6'
option reqprefix 'auto'
option reqaddress 'try'
config device 'dev_wan'
option name 'eth2.7'
option igmpversion '2'
root@turris:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'REJECT'
option forward 'REJECT'
option sentinel_dynfw '1'
option sentinel_fwlogs '1'
option sentinel_minipot '1'
option haas_proxy '1'
list network 'wan'
list network 'wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_port '547'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
list dest_ip 'fe80::/10'
list src_ip 'fe80::/10'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include
option path '/usr/share/firewall/turris'
option reload '1'
config include
option path '/etc/firewall.d/with_reload/firewall.include.sh'
option reload '1'
config include
option path '/etc/firewall.d/without_reload/firewall.include.sh'
option reload '0'
config zone
option output 'ACCEPT'
option name 'vpn'
option forward 'REJECT'
option input 'ACCEPT'
list network 'vpn'
config forwarding
option dest 'vpn'
option src 'lan'
config forwarding
option dest 'wan'
option src 'lan'
config forwarding
option dest 'lan'
option src 'vpn'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config zone 'turris_vpn_client'
option name 'tr_vpn_cl'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
config forwarding 'turris_vpn_client_forward'
option src 'lan'
option dest 'tr_vpn_cl'
config include 'sentinel_firewall'
option type 'script'
option path '/usr/libexec/sentinel/firewall.sh'
option family 'any'
option reload '1'
root@turris:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option port '0'
option nonwildcard '0'
option dnssec '1'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
config dhcp 'lan'
option interface 'lan'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
option start '31'
option limit '200'
option leasetime '155520000'
list dhcp_option '6,192.168.1.1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
list ra_flags 'none'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
Thanks 
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.