Posted: Wed Jun 02, 2021 13:44 Post subject: DD-WRT v3 beta - IPv6 ISP with multiple Prefix Delegations
Hello everyone,
I have read many posts about IPv6 DD-WRT support but nothing helps me to solve my issue about IPv6 native implementation.
Currently my Internet Provider provides IPv6 with multiple Prefix Delegation. On modem side, I have options to configure 8 subnets : 2a01:e0a:abcd:xxx0::/64 >> 2a01:e0a:abcd:xxx7::/64. For each subnet/prefix I should indicate a Next hop.
However provider advice to not use first subnet (xxx0).
So I configure 2nd subnet (xxx1) : 2a01:e0a:abcd:xxx1::/64 with Next hop to eth0 DD-WRT ipv6 address (fe80::1e88:1abc:ab12:a468).
On DD-WRT side I configure IPv6 with these settings :
**DHCPv6 with Prefix Delegation (not sure about this setting)
**Prefix Length 64
**Assigned Router Prefix : 2a01:e0a:abcd:xxx1::
**Radvd disabled
Ping ipv6 works fine from DD-WRT router ; but not from workstations or devices behind DD-WRT (iOS/Android).
All devices behind DD-WRT router receive an IPV6 but ipv6 ping not working... I don't understand why ?
I noticed that devices receive two ip v6 addresses (on subnet xxx1) (checked on Windows 10 & iOS devices) : Normal situation ?
Should I add a specific route on DD-WRT ? I see some posts about it but not sure what should I do.
Should I use "DHCPv6 Prefix Delegation" and not "Native IPV6" ?
Thank for you help,
Regards
Last edited by fdumont on Sat Jun 05, 2021 11:18; edited 6 times in total
WAN IP v4 (from Internet providerd) is assigned to vlan2
On vlan2 I have an inet6 addr (2a01:.....) with Global Scope
My dnsmasq options :
#Enable Router Advertisements
enable-ra
#Enable the DHCP server - IPV6 range
dhcp-range=::10,::1ff,constructor:br0,ra-names,slaac,64,24h
Thank for your answer but I don't understand & share your answer.
I can ping through ipv6 successfully IPv6 addresses (like 2606:4700:4700::1111 -> 1.1.1.1 ipv6 DNS).
Ipv6 works fine from DD-WRT router itself but not from workstation behind (whatever the LAN interface use by workstations eth0 or Wifi eth1-eth2). Workstations receive correctly IPv6 address (with prefix 2a01:e00:.....) but it seems that I have a routing problem from DD-WRT router.
I don't know where is the problem exactly : from br0 ... (only a local scope on this interface) ? from routing table ? I have a global scope with IPv6 2a01:e00:... address on the vlan2 interface.
Thank for your tip ; unfortunately it doesn't work .
But I got new IP v6 address on workstation with the right subnet 2a01:e99:abcd:e121.....
I am not sure about with interface should host ipv6 "2a01:e99:abcd:e121::1" --> vlan2 or br0 ?
Currently on my configuration my IP v4 from my provider is assigned to vlan2.
And this interface (vlan2) has always an ipv6 address on the first subnet "e120" (subnet that the provider doesn't advice to sue).
I try this command to understand how this ipv6 is assigned to vlan2 interface : killall dhcp6c && dhcp6c -c /tmp/dhcp6c.conf -d -T LL vlan2
--> But nothing happens ... nothing inside /var/log/messages
You should only need one ipv6 (global) address for the router... since that is the point of it being global scope (ie no NAT) The only reason that you would need a second is if your router is allocated a prefix that you are handing out internally....
Is the intent to obtain ipv6 through slaac or through dhcp6
But DD-WRT is a little different ; and my config also a little bit different (I want use only the delegation "e121" - not the first one "2a01......:e120")
Joined: 13 Aug 2013 Posts: 6866 Location: Romerike, Norway
Posted: Fri Jun 04, 2021 11:25 Post subject:
Set it to Native.
It can be a routing issue with the route you entered on the isp router. Enter the Global Scope address on the dd-wrt routers wan instead of the Link Local address.
Thank for your answer but I don't understand & share your answer.
I can ping through ipv6 successfully IPv6 addresses (like 2606:4700:4700::1111 -> 1.1.1.1 ipv6 DNS).
Ipv6 works fine from DD-WRT router itself but not from workstation behind (whatever the LAN interface use by workstations eth0 or Wifi eth1-eth2). Workstations receive correctly IPv6 address (with prefix 2a01:e00:.....) but it seems that I have a routing problem from DD-WRT router.
My bad the whois lookup I used did not do a proper recursive query into RIPE.
Now the next question which you didn't yet answer is how is your dd-wrt router connected to the Internet? Is it an ethernet port into a jack on the telephone pole on your street or what? Did your ISP put a router box into your place?
The point of DHCP-PD is whatever you are getting the DHCPv6 from has to have allocated a subnet split out of the IPv6 block you are assigned. In effect when it's issued it installs a route in your ISP's side. So please let us know WHAT your dd-wrt box is plugged into since that is a critical part of this.
Back to the basic, I remove all IPv6 configuration (Ipv6, Dnsmasq pv6 settings, ..).
Back to my initial situation : IPv6 works fine from DD-WRT and not from Workstations behind DD-WRT.
First, my config :
Optical Network <> ISP Box (Bridge mode) <> DD-WRT <> Workstations (LAN)
NB : DD-WRT is connected to the ISP Box through the WAN port
ISP Box Settings (Free provider - Optical Freebox OS) :
Bridge mode (router mode disabled)
Dhcpv6 not enabled (not recommended for Android devices)
IPv6 firewall not enabled
Local-link IPv6 address : fe80::e69e:abcd:ab7c:779f
Subnet delegation nexthop Configuration (ISP offer x8 /64 delegations)
> 2a01:e0a:22a:xxx0::/64 => nothing (not recommended to use according ISP)
> 2a01:e0a:22a:xxx1::/64 => fe80::1e88:1abc:ab12:a468 => Subnet delegation "xxx1" that I would use for my devices behind DD-WRT (fe80::1e88:1abc:ab12:a468 is the local link of the eth0 interface)
DD-WRT Config :
* Connection WAN Type: Automatic DHCP
* Ipv6:
- Ipv6 type = DHCPv6 with Prefix Delegation
- Prefix Length = 64
- Static DNS 1: 2a01:e0c:1:1599::22
- Static DNS 1: 2a01:e0c:1:1599::23
NB : My ISP use both SLAAC a DHCP6 according what I found (but not sure)
With these basic settings : DD-WRT received a public IPv6 address (I suppose from ISP) on the first subnet (2a01:e0a:22a:xxx0:1e87:2cff:fe67:c469).
This public IPv6 is assigned to vlan2 interface (same interface that got IPv4 public address).
Ping from DD-WRT to IPv6 (google/1.1.1.1) works fine.
Routing table
Code:
ip -6 route show >>
2a01:e0a:22a:xxx0::/64 dev vlan2 metric 256 expires 86082sec
fe80::/64 dev eth0 metric 256
fe80::/64 dev vlan1 metric 256
fe80::/64 dev br0 metric 256
fe80::/64 dev eth1 metric 256
fe80::/64 dev eth2 metric 256
fe80::/64 dev vlan2 metric 256
default via fe80::e69e:abcd:ab7c:779f dev vlan2 metric 1024 expires 1482sec
default dev vlan2 metric 2048
unreachable default dev lo metric -1 error -101
ff00::/8 dev eth0 metric 256
ff00::/8 dev vlan1 metric 256
ff00::/8 dev br0 metric 256
ff00::/8 dev eth1 metric 256
ff00::/8 dev eth2 metric 256
ff00::/8 dev vlan2 metric 256
unreachable default dev lo metric -1 error -101
So currently IPv6 works fine from DD-WRT, but nothing on devices behind DD-WRT router.
Next step with your help (I hope) :
- Manage IPv6 subnet delegation "xxx1" to assign public IPv6 to my devices behind DD-WRT router : Should I use netmasq for it ? Or RADVD ?
On Windows workstation with the local-link ipv6 address :
- Ping to DD-WRT br0 (fe80::1e88:1abc:ab12:a46a) works fine
- Ping to DD-WRT eth0 (fe80::1e88:1abc:ab12:a468) failed > I think it's normal ; On IPv4 there is no use of this interface by workstation.
Last edited by fdumont on Sun Jun 06, 2021 9:37; edited 1 time in total