IPv6 home set-up | OpenWrt 18.06.1 - how to?
I am struggling with the IPv6 home set-up. I don't understand networking much to be honest.
My ISP informed me last year he is IPv6 fully capable.
I did not manage to set it up in my router since then. I told them, but they don't care much since almost all web is Dual-stack / IPv4 capable.
So, they only came once to check if the problem is on their side: they claim it is not and that either my operating systems (Windows 10 Pro, Linux Mint 19.0 Cinnamon, Android 7.0) and their settings are the problems, or the router is badly set-up.
The problem
Since I am sure to have the IPv6 enabled in all of the mentioned systems, I come to realize that maybe my router is old, please understand it as no more supported, the model is: TP-Link Archer C5 v1.2 with firmware dated 2015-04-28.
Somehow sometimes, even early today I was able to get a set-up from DHCPv6 as follows:
IP: 2a02:768:7c00:14a:32b5:c2ff:feb9:c8f3/64
Gateway: fe80::225:90ff:fef5:7c13
DNS1: 2a02:768:0:1010::3
DNS2: 2a02:768:0:1010::2
The question (original)
Is such setting as above even technically correct, I mean I see the gateway as probably local-only address, is that the problem due to which I cannot browse IPv6-only sites?
UPDATE - OpenWrt
I am entirely new to OpenWrt. Please guide me. Thank you.
I have managed to upload OpenWrt 18.06.1 into my router and also made both the Wifi 5G and 2.4G working, with a public static IPv4 address.
Basic information
- Model: TP-Link Archer C5 v1
- Architecture: Qualcomm Atheros QCA9558 ver 1 rev 0
- Firmware Version: OpenWrt 18.06.1 r7258-5eb055306f / LuCI openwrt-18.06 branch (git-18.228.31946-f64b152)
- Kernel Version: 4.9.120
I am able to SSH to the router as root
. Here are the most basic information.
# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd62:320d:015a::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1'
option proto 'static'
option ipaddr '192.168.0.1'
option netmask '255.255.255.0'
option ip6addr '2a02:768:7c00:14a:32b5:c2ff:feb9:c8f3/64'
option ip6gw 'fe80::225:90ff:fef5:7c13'
config interface 'wan'
option ifname 'eth0.2'
option proto 'static'
option ipaddr '10.7.113.62'
option netmask '255.255.255.252'
option gateway '10.7.113.61'
option dns '8.8.8.8 10.255.255.10'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'static'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option dhcpv6 'server'
option ra 'server'
option force '1'
option ra_management '1'
option leasetime '15m'
option ra_default '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option ra 'server'
option dhcpv6 'server'
option ra_management '1'
list dns '2a02:768:0:1010:0:0:0:3'
list dns '2a02:768:0:1010:0:0:0:2'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
To answer the comment:
can you ping ipv6.google.com ? the ip addresses look logical. Its also worth mentioning what your ISP settings are - I had to find mine on their forums back in the day and the settings varied based on whether you're on cable or fibre. Some local knowledge might be useful here.
Not able to
ping6
. 100% packet loss.ISP settings - see below.
I am on normal cable = ethernet = about 20/10 Mbit/s.
Ask me anything.
Current statuss from GUI:
I have tried to use DHCPv6 without success. That is why I posted this question.
ISP
Name: Starnet s.r.o.
Web: http://www.starnet.cz/
ASN: 44489, see here
IPv6 assignment: They told me they use the Native IPv6 using DHCPv6.
DHCPv6
I have been informed by the ISP, they assign prefixes automatically through DHCPv6, and that no static configuration is possible at this point.
So, I removed all of the static settings and turned on DHCPv6 with a forced request for a 64 prefix.
Before I hit apply for enabling the DHCPv6 in WAN6 section, it looked like:
network.wan6.proto=dhcpv6
network.wan6.reqaddress=force
network.wan6.reqprefix=64
This did not change a thing, what's more, the IPv6 uplink is greyed out as Not configured.
In light of the fact they want an enormous amount of money without any guarantee that their technician would solve the problem in my place, I'm hereby putting one juicy bounty on this question.
I will try to edit this question in order for it to be clearer anytime you ask me a new question.
I browse the OpenWrt interface each day for 3 days, but maybe just maybe I found something new (to me at least), it is called VLANs, and I don't know what is its purpose, so I am posting it:
ISP StarNet
I have found they do have some not really valuable information on their website:
http://www.starnet.cz/info/ipv6
Which you can easily Google translate for instance.
Another thing confirmed, I have found on their Facebook page:
The prefix is 64. And they plan on making 56 also.
Ping6
At the current setting, and directly from LuCI (GUI) interface, when I try to ping6
ipv6.google.com
, I get:
PING ipv6.google.com (2a00:1450:400d:805::200e): 56 data bytes
ping6: sendto: Permission denied
Bug?
I have found the following bug report of my exact version:
https://bugs.openwrt.org/index.php?do=details&task_id=1763
The person suggests downgrading to 17.0.1.5 solves the IPv6 issue, could anyone competent have a look at that bug report for me, I don't really understand it.
Bug confirmed
The bug report is absolutely correct, I do not understand why it is not assigned or why it has very low priority, but I was able to get IPv6 address prefix on 17.x firmware:
The hatch
I don't have internet connection from the 17.x firmware, just able to ping and ping6 directly from the router, please help me out to figure this out.
IPv6 Upstream is finally on!
After downgrade to 17.x, there was no internet connection available from the clients, but when upgraded back to the 18.x firmware, IPv6 Upstream is finally on.
LAN IPv6
The last step should be enabling IPv6 to the clients. I have no IPv6 on Windows / Linux / Android, so there is something wrong, I just don't know what it is.
Bounty is still On
I respect rules, so there will be no cancel bounty requests anymore.
In order to grant someone those 300 points offered, I have some bonus questions for you.
Bonus questions for 300 points
Could anyone explain to me the difference and usefulness of the Stateful and Stateless IPv6 assignment? Maybe security implications including. Heavily cited please, thank you.
Could you further explain what DUID = DHCP Unique IDentifier is for? I mean what is its purpose and usage. Maybe security implications including. Heavily cited please, thank you.
In a nutshell:
Stateful DHCPv6 auto-configuration of IPv6 is the equivalent of DHCP in IPv4. A DHCPv6 service provides the IPv6 address to the client device and both client and server maintain the "state" of that address (i.e. lease time, etc). The router in its router advertisement message will tell the newly come-up host to ask for all address (global address, DNS address, SIP proxy server address) from the DHCPv6 server.
Stateless DHCPv6 is for the auto-configuration by the client device of its IPv6 address and routing based on the router advertisements. The router tells the newly come-up host to take only the extra information like DNS, SIP proxy server address from the DHCPv6 server, while the global address is given to the host by the prefix present in the router advertisement message. The router gives the prefix of 64 bits and the host uses its MAC address (48 bits) converted in EUI-64 method to obtain a global IPv6 address.
In detail, from the article What is the difference between stateful and stateless IPv6?
IPv6 address assignment options
Static (manual) address assignment – exactly like with IPv4.
Stateless Address Auto Configuration (SLAAC) – nodes listen for ICMPv6 Router Advertisements (RA) messages periodically sent out by routers on the local link, or requested by the node using an RA solicitation message. They can then create a Global unicast IPv6 address by combining its interface EUI-64 (based on the MAC address on Ethernet interfaces) plus the Link Prefix obtained via the Router Advertisement. This is a unique feature only to IPv6 which provides simple “plug & play” networking. By default, SLAAC does not provide anything to the client outside of an IPv6 address and a default gateway. SLAAC is greatly discussed in RFC 4862.
Stateless DHCPv6 – with this option SLAAC is still used to get the IP address, but DHCP is used to obtain “other” configuration options, usually things like DNS, NTP, etc. The advantage here is that the DHCP server is not required to store any dynamic state information about any individual clients. In case of large networks which has huge number of end points attached to it, implementing stateless DHCPv6 will highly reduce the number of DHCPv6 messages that are needed for address state refreshment.
Stateful DHCPv6 – functions exactly the same as IPv4 DHCP in which hosts receive both their IPv6 address and additional parameters from the DHCP server. Like DHCP for IPv4, the components of a DHCPv6 infrastructure consist of DHCPv6 clients that request configuration, DHCPv6 servers that provide configuration, and DHCPv6 relay agents that convey messages between clients and servers when clients are on subnets that do not have a DHCPv6 server. You can learn more about DHCP for IPv6 in RFC 3315.
NOTE: The only way to get a default gateway in IPv6 is via a RA message. DHCPv6 does not carry default route information at this time.
DHCP Unique Identifier
This is a unique identifier generated by the client itself that serves to uniquely identify it for the DHCPv6 server.
From Wikipedia DHCPv6:
DHCP Unique Identifier
The DHCP Unique Identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client. The first 16 bits of a DUID contain the DUID type, of which there are four types. The meaning of the remaining DUID depends on the type.
So, there were two separate problems:
WAN - IPv6 Upstream not connecting
LAN - Error in the configuration
For #1, i.e. WAN configuration, I tried pretty much everything that the GUI offers without success.
Since I finally came with a workaround, I will share it with you:
Downgrade to the 17.x firmware. It will keep your settings, don't worry.
Upgrade back to the 18.x firmware.
That's all, magically the IPv6 WAN Upstream is finally connecting.
For #2, i.e. LAN configuration, set it up as follows:
Network - Interfaces - LAN - Common Configuration - General Setup tab - IPv6 assignment length must be set to the length of your prefix.
-
Network - Interfaces - LAN - DHCP Server is based on how you topology is like, in my case the following works:
Router Advertisement-Service: server-mode
DHCPv6-Service: server-mode
NDP-Proxy: hybrid-mode
DHCPv6-Mode: stateless + stateful
I will keep this answer updated if I find further errors in the configuration.
I have now tested my Windows 10, Linux Mint 19, and Android 7.0 on http://test-ipv6.com/
and I got:
Test with IPv4 DNS record
ok (0.267s) using ipv4
Test with IPv6 DNS record
ok (0.168s) using ipv6
Test with Dual Stack DNS record
ok (0.206s) using ipv6
Test for Dual Stack DNS and large packet
ok (0.154s) using ipv6
Test IPv4 without DNS
ok (0.108s) using ipv4
Test IPv6 without DNS
ok (0.091s) using ipv6
Test IPv6 large packet
ok (0.256s) using ipv6
Test if your ISP's DNS server uses IPv6
ok (0.275s) using ipv6
Find IPv4 Service Provider
ok (0.128s) using ipv4 ASN 44489
Find IPv6 Service Provider
ok (0.107s) using ipv6 ASN 44489
which is 100% Ok. Those 2 skipped tests were caused by accessing the test site using HTTPS, which is still in beta there, so it is probably better to use plain HTTP: http://test-ipv6.com/
That's it. I now need to fiddle around firewalls and stateful + stateless IPv6, but that will not change the fact, that I've managed to make IPv6 work in my home.
I found one additional test site, which could be useful:
IPv6-only: http://v6.testmyipv6.com/
Dual-Stack: http://ds.testmyipv6.com/