Topic: Static IPv6 address on LAN (br-lan) interface gets removed by LuCI

The content of this topic has been archived on 22 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

cvmiller

19 Mar 2018, 17:44

I recently started using an "extra OpenWrt" router as a smart AP. That is the WAN ports are NOT connected. I wanted to be able to manage this AP using IPv6. I can easily add a static IPv6 address for the LAN interface to the /etc/config/network file:

config 'interface' 'lan'
        option 'proto' 'static'
        option 'ip6addr' '2001:DB8:1111:EFGH::2/64'  # static IPv6 address

But if I touch the config with LuCI (the web interface) the static IPv6 address for the LAN is removed. Is there a more correct way to assign a static IPv6 address to the LAN interface where LuCI won't remove it?

Post #2

mikma

19 Mar 2018, 19:46

Shouldn't there be a "ifname" as well?

Post #3

cvmiller

19 Mar 2018, 20:19

Sorry, I had abbreviated the section. Here's the full section:

config interface 'lan'
    option type 'bridge'
    option ifname 'eth1'
    option proto 'static'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option ipaddr '192.168.38.1'
    option ip6addr '2001:470:ebbd:0:6a1:51ff:fea0:9339/64'

Post #4

mikma

19 Mar 2018, 21:16

I'm not sure combining ip6assign and ip6addr in one interface is a good idea. Maybe you should use ip6ifaceid instead of ip6addr.

Or add an alias interface (i.e. another interface with ifname set to br-lan) and configure the ipv6 address on that interfaces

Post #5

cvmiller

20 Mar 2018, 18:07

Thanks for the ideas. Looks like ip6ifaceid is only used for PD (and this has no PD, as I am only using the LAN interface for management).

Tried creating a LAN6 in LuCI, and it looks like it should work, but when I ssh into the router (using link-local address) I don't see the assigned Global Address (GUA) to any of the interfaces. And I can't ping the GUA.

So I put the ip6addr back in the 'config interface lan' section, and it works, I just have to remember not to edit that interface in LuCI.

It would be nice if LuCI had a blank for static IPv6 address in the LAN interface config, since the 'proto' is STATIC.

Post #6

mikma

20 Mar 2018, 21:20

Can't you edit in luci if you disable "IPv6 assignment length"? The IPv6 address setting is only available in luci when "IPv6 assignment length" is disable.

Post #7

cvmiller

20 Mar 2018, 22:43

Yeah, that works in LuCI! Thanks Mikma.

Post #8

chandaweia

22 Mar 2018, 08:41

I configured openwrt to AP-mode and PC is supposed to get ipv6 and ping public ipv6 through openwrt. After configuring some files, PC can get public ipv6, but lan port cannot get ipv6 and in openwrt I cannot ping public ipv6. Also in PC I see the PC send the echo request but get no echo reply. Anything about icmpv6 that will be forwarded to outside will be discarded by openwrt, although icmpv6 outside can be accepted by this PC. I don't know how to solve it.

/etc/configure/dhcp file is the following

config dhcp 'lan'
        option interface 'lan'
        option type 'bridge'
        option proto 'dhcp'
        option ra 'relay'
        option dhcpv6 'relay'
        option ndp 'relay'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config dhcp 'wan6'
        option interface 'wan'
        option ra 'relay'
        option ndp 'relay'
        option dhcpv6 'relay'
        option master '1'

and the network file:

config interface 'loopback'       
        option ifname 'lo'        
        option proto 'static'     
        option ipaddr '127.0.0.1' 
        option netmask '255.0.0.0'
                              
config globals 'globals'      
                              
config interface 'lan'                    
        option ifname 'eth0.1'            
        option force_link '1'             
        option type 'bridge'              
        option proto 'static'             
        option ip6assign '60'             
        option macaddr '10:0d:7f:43:f0:3d'
        option ipaddr '211.68.122.15'   
        option netmask '255.255.255.128'
        option gateway '211.68.122.1'
        option dns '222.28.155.55'  
                                    
config interface 'wan'              
        option ifname 'eth0.2'      
        option _orig_ifname 'eth0.2'
        option _orig_bridge 'false'
        option proto 'dhcpv6'  
        option reqaddress 'try'
        option reqprefix 'auto'
                               
config interface 'wan6'        
        option ifname 'eth0.2' 
        option proto 'dhcpv6'  
        option auto '0'        
        option reqaddress 'try'
        option reqprefix 'auto'
                              
config switch                  
        option name 'switch0'  
        option reset '1'         
        option enable_vlan '1'   
config switch_vlan            
        option device 'switch0'
        option vlan '1'        
        option ports '0t 1 2 3 4'
                                 
config switch_vlan               
        option device 'switch0'  
        option vlan '2'          
        option ports '0t 5'

I will be very grateful if someone can figure out how I can revise them in order to achieve that PC can ping public ipv6.

Post #9

cvmiller

22 Mar 2018, 17:13

Are you sure that your ISP is not delegating a prefix to your LAN (using DHCPv6-PD)? You may want to back up your config, and reset the defaults, which should work quite well with DHCPv6-PD from your ISP.

I have found odhcpd 'relay' mode to be temperamental.

Post #10

chandaweia

27 Mar 2018, 03:32

I want that openwrt could work as AP mode,my dhcpv6 server couldn't delegate a prefix to my LAN and my LAN, WAN and WAN6 have no ipv6. The version of openwrt is 15.05.1, however, I found that the openwrt 12.09 works well and has no problem.I don't know the difference between 15.05.1 and 12.09.What's more, the packet of ping can be forwarded by openwrt, but the packet of neighbor solicitation cannot be forwarded. And also I found that I ping the ipv6 of this PC from outside, my PC can get ping request. I can't figure out how to revise it.

cvmiller wrote:

Are you sure that your ISP is not delegating a prefix to your LAN (using DHCPv6-PD)? You may want to back up your config, and reset the defaults, which should work quite well with DHCPv6-PD from your ISP.
I have found odhcpd 'relay' mode to be temperamental.

(Last edited by chandaweia on 27 Mar 2018, 04:22)

Post #11

cvmiller

27 Mar 2018, 05:23

You may you have little (to no) protection from the outside world (e.g. a firewall) as you currently have things configured.

I wrote a script to setup IPv6 as bridging while continuing to route IPv4, and have basic firewall of the bridged IPv6 packets. Given that you have moved back to 12.09, I am not sure it will work, as I have only tested it on 15.05 and 17.01. You can find it on github.

https://github.com/cvmiller/v6brouter

Post #12

chandaweia

27 Mar 2018, 06:12

I use openwrt 15.05 and 17.01 is the best. I want that openwrt can work on pure ipv6 network without ipv4 and need not to work with nat. The openwrt only works as AP mode. I compare 15.05 the with the 12.09, however, I can't figure out what happend in 15.05 and it just can't forward neighbor solicitation, although it can reply the neighbor solicitation from outside.

Post #13

cvmiller

27 Mar 2018, 16:57

Not sure what you mean by AP mode. What I meant was that there is NO wan connection at all. I am bridging everything through the LAN interface (and ethernet ports) and the DHCP/DHCPv6/RA servers are all disabled on the LAN. In that config, the OpenWrt device only provides a link between the wireless & wired.

If you are looking for no IPv4 NAT, and just forwarding of IPv6 (without firewall) you may want to consider the config I describe.

The discussion might have continued from here.

Page 1 of 1