I took several attempts to set up IPv6 on my OpenWrt router (TP-Link Archer C7 v2 running Chaos Calmer 15.05) but I cannot get it to work, hence I ask for help here.
My network layout is this:
Cisco Cable Gateway <--> OpenWrt Router (in router mode) <--> LAN and WiFi clients
What I accomplished so far:
- IPv4 works fine on all devices. The OpenWrt router acts as a DHCP client to the cable gateway and as a DHCP server for a separate subnet for the clients.
- IPv6 works fine on the OpenWrt Router (configured as a DCHPv6 client), but clients can't establish IPv6 connections to external servers.
The problems are (as far as I understand or could find out):
(1) My Cisco cable gateway runs a firmware crippled by the ISP. It's not possible to set it to bridged mode.
(2) The Cisco gateway gets a /56 prefix, however it doesn't seem to support PD (Prefix Delegation) according to forum entries.
So, the OpenWrt router behind the gateway gets a valid IPv6 address and I can ping or trace IPv6 addresses from the OpenWrt router. But the clients attached to the OpenWrt router do not get IPv6 addresses with the same (globally routable) prefix, and they cannot ping external IPv6 addresses. They can however, ping the IPv6 address of the OpenWRT router (but not the cable gateway).
What I do not want:
I know it would be much easier to get IPv6 and IPv4 working if I set my OpenWrt router as a dumb access point. However, since my ISP has full access to my cable gateway, I would like my OpenWrt to work as my "gatekeeper", i.e. I definitely want to use the firewall on OpenWrt to ensure the integrity of my home network.
Nevertheless, I'm sure there are ways to work around my the given boundaries. I'm new to IPv6, so maybe for some here the possible solutions are obvious. But I couldn't draw the "right" conclusions from the Documentation/Wiki.
So, please, what options do you see for me to get IPv6 working?
I have two things in mind:
a) Somehow let my cable gateway handle the IPv6 address assignments (like forwarding the address negotiation traffic) while still keep the firewall functionality of OpenWrt to protect my home network.
b) Set the OpenWrt router up as a gateway/proxy that masks all clients requests as coming from the OpenWrt router (something like NAT) so all IPv6 traffic is routed through the OpenWrt machine and the clients are actually not reachable from outside. (This would actually be my preferred option, if possible, although I know it's not ideal to have an additional "translation layer".)
EDIT: I found a solution for approach b) with the package kmod-ipt-nat6. See post 6 for full documentation!
I'd appreaciate any advice you can give me to setup IPv6.
Thank you and regards,
(Last edited by silentcreek on 2 Nov 2015, 11:18)