I couldn't get any real help in the DDWRT, so I am reaching out to see if I can get more information on this matter.
I requested a /48 from HE. Need to subnet them to at least 3 different VLANs. I am using an example in the DDWRT WIKI]https://wiki.dd-wrt.com/wiki/index.php/IPv6%2C_6in4_tunnel_-_GUI_only] DDWRT WIKI (https://wiki.dd-wrt.com/wiki/index.php/IPv6%2C_6in4_tunnel_-_GUI_only) that someone wrote, but it's for /64. So I am somewhat modifying for my needs. The problem I am having now is that none of my LAN clients can route through the WAN router. They all get IPv6 ip assignments. The DDWRT Router itself CAN reach beyond the Tunnel gateway and get ping6 replies.
using DHCPv6 to serve. My routed /48 is 2001:470:fxxx::/48 using subnet of 2001:470:fxxx::/64, 2001:470:fxxx:1::/64, 2001:470:fxxx:2::/64
This is a Broadcon SoC. So eth0 = CPU/SoC vlan2=WAN Ethernet port br0=local lan (default) and br1 and vlan6 are created.
Here is the dhcp6s.conf:
option refreshtime 900;
interface br0 {
address-pool main 3600;
};
interface br1 {
address-pool guest 3600;
};
interface vlan6 {
address-pool guest 3600;
};
pool main {
range 2001:470:fxxx::1 to 2001:470:fxxx::ffff;
# line above is Assigned/Routed Prefix ::1 to ::ffff
};
pool quest {
range 2001:470:fxxx:2::1 to 2001:470:fxxx:2::ffff;
# line above is Assigned/Routed Prefix ::1 to ::ffff
};
pool vlan6 {
range 2001:470:fxxx:1::1 to 2001:470:fxxx:1::ffff;
# line above is Assigned/Routed Prefix ::1 to ::ffff
};
I am using radvd for router advertisements here is the radvd.conf:
interface br0
{
AdvSendAdvert on;
MinRtrAdvInterval 60;
MaxRtrAdvInterval 600;
AdvDefaultLifetime 9000;
prefix 2001:470:fxxx::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
route ::/0 {
AdvRouteLifetime infinity;
};
interface br1
{
AdvSendAdvert on;
MinRtrAdvInterval 60;
MaxRtrAdvInterval 600;
AdvDefaultLifetime 9000;
prefix 2001:470:fxxx:2::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
route ::/0 {
AdvRouteLifetime infinity;
};
interface vlan6
{
AdvSendAdvert on;
MinRtrAdvInterval 60;
MaxRtrAdvInterval 600;
AdvDefaultLifetime 9000;
prefix 2001:470:fxxx:1::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
route ::/0 {
AdvRouteLifetime infinity;
};
};
Again, all my VLANs are getting the correct subnet IPs. Even my local LAN client CAN ping the HE's Tunnel IPv6 address; which is 2001:470:c:1xxx::2.
But! It just WON'T GO BEYOND WAN.
Here is my IPv6 route table looks like:
root@ddwrt-ac3200:~# ip -6 route list
2001:470:c:1xxx::/64 dev ip6tun metric 256
2001:470:fxxx::/64 dev br0 metric 256
2001:470:fxxx:1::/64 dev vlan6 metric 256
2001:470:fxxx:2::/64 dev br1 metric 256
2000::/3 dev ip6tun metric 1024
fe80::/64 dev eth0 metric 256
fe80::/64 dev vlan6 metric 256
fe80::/64 dev br1 metric 256
fe80::/64 dev vlan1 metric 256
fe80::/64 dev eth1 metric 256
fe80::/64 dev eth2 metric 256
fe80::/64 dev eth3 metric 256
fe80::/64 dev vlan3 metric 256
fe80::/64 dev vlan2 metric 256
fe80::/64 dev ip6tun metric 256
fe80::/64 dev wl0.1 metric 256
fe80::/64 dev wl1.1 metric 256
fe80::/64 dev br0 metric 256
unreachable default dev lo metric -1 error -101
ff00::/8 dev eth0 metric 256
ff00::/8 dev vlan6 metric 256
ff00::/8 dev br1 metric 256
ff00::/8 dev vlan1 metric 256
ff00::/8 dev eth1 metric 256
ff00::/8 dev eth2 metric 256
ff00::/8 dev eth3 metric 256
ff00::/8 dev vlan3 metric 256
ff00::/8 dev vlan2 metric 256
ff00::/8 dev br0 metric 256
ff00::/8 dev ip6tun metric 256
ff00::/8 dev wl0.1 metric 256
ff00::/8 dev wl1.1 metric 256
unreachable default dev lo metric -1 error -101
Hopefully someone can chime in why none of my LAN clients cannot get through the tunnel, that would be great!.
Thanks!
PS: If I use the assigned /64... it works, but obviously I can't get my other VLANs any IPv6 addresses.
It's possible HE has routing wrong on their side, but that's not likely.
I admit I only skimmed through your configs and didn't look at them thoroughly. Normally, if you're using your /48, you need to create a route on your side that sends that /48 to the inside interface of your router; this is needed because your router doesn't have an address in that /48 For example, the outside interface of your router might use 2001:db8:1234:5678::1 and the inside might use 2001:db8:1234:5678::2 If your /48 is 2001:db8:abcd::/48, your router has no idea what to do with it until you tell it where to route it. (If you've already done that, I apologize for telling you something you already know)
Quote from: cholzhauer on May 02, 2019, 05:25:22 AM
For example, the outside interface of your router might use 2001:db8:1234:5678::1 and the inside might use 2001:db8:1234:5678::2 If your /48 is 2001:db8:abcd::/48, your router has no idea what to do with it until you tell it where to route it. (If you've already done that, I apologize for telling you something you already know)
Don't be sorry. Because this is something that I thought about. I have tried issuing this at the router:
ip -6 r add default via 2001:470:c:1xxx::1/64 dev ip6tun
ip: an inet address is expected rather than "2001:470:c:1xxx::1/64"
As you can see ... it gives me a syntax error.
But then again looking at the route table...I don't see a route that say "hey route all 2001:470:fxxx::/48 to 2001:470:c:1xxx::1/64 on interface ip6tun". Although there is route entry for "2001:470:c:1xxx::/64 dev ip6tun metric 256" and "2000::/3 dev ip6tun metric 1024" that why I thought "ip -6 r add default via 2001:470:c:1xxx::1/64 dev ip6tun" would do that... but... it won't accept my line.
route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
2001:470:c:1xxx::/64 :: Un 256 1 5 ip6tun
2001:470:fxxx::/64 :: U 256 2 7657 br0
2001:470:fxxx:1::/64 :: U 256 2 334 vlan6
2001:470:fxxx:2::/64 :: U 256 2 334 br1
2000::/3 :: U 1024 2 16388 ip6tun
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 vlan6
fe80::/64 :: U 256 2 7 br1
fe80::/64 :: U 256 0 0 vlan1
fe80::/64 :: U 256 0 0 eth1
fe80::/64 :: U 256 0 0 eth2
fe80::/64 :: U 256 0 0 eth3
fe80::/64 :: U 256 0 0 vlan3
fe80::/64 :: U 256 0 0 vlan2
fe80::/64 :: Un 256 0 0 ip6tun
fe80::/64 :: U 256 0 0 wl0.1
fe80::/64 :: U 256 0 0 wl1.1
fe80::/64 :: U 256 2 64 br0
::/0 :: !n -1 1 25793 lo
::1/128 :: Un 0 2 3 lo
2001:470:c:1xxx::/128 :: Un 0 1 0 lo
2001:470:c:1xxx::2/128 :: Un 0 3 612 lo
2001:470:fxxx::1/128 :: Un 0 2 7 lo
2001:470:fxxx:1::/128 :: Un 0 1 0 lo
2001:470:fxxx:1::1/128 :: Un 0 2 2 lo
2001:470:fxxx:2::/128 :: Un 0 1 0 lo
2001:470:fxxx:2::1/128 :: Un 0 2 2 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::adc4:dd63/128 :: Un 0 2 8 lo
fe80::98ea:12ff:fe04:619b/128 :: Un 0 3 71 lo
fe80::ac9e:17ff:fea9:c1f1/128 :: Un 0 1 0 lo
fe80::ac9e:17ff:fea9:c1f5/128 :: Un 0 1 0 lo
fe80::ae9e:17ff:fea9:c1f0/128 :: Un 0 1 0 lo
fe80::ae9e:17ff:fea9:c1f0/128 :: Un 0 1 0 lo
fe80::ae9e:17ff:fea9:c1f0/128 :: Un 0 1 0 lo
fe80::ae9e:17ff:fea9:c1f0/128 :: Un 0 1 0 lo
fe80::ae9e:17ff:fea9:c1f0/128 :: Un 0 1 0 lo
fe80::ae9e:17ff:fea9:c1f1/128 :: Un 0 1 0 lo
fe80::ae9e:17ff:fea9:c1f4/128 :: Un 0 2 1 lo
fe80::ae9e:17ff:fea9:c1f4/128 :: Un 0 3 3809 lo
fe80::ae9e:17ff:fea9:c1f8/128 :: Un 0 1 0 lo
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 vlan6
ff00::/8 :: U 256 2 6306 br1
ff00::/8 :: U 256 0 0 vlan1
ff00::/8 :: U 256 0 0 eth1
ff00::/8 :: U 256 0 0 eth2
ff00::/8 :: U 256 0 0 eth3
ff00::/8 :: U 256 0 0 vlan3
ff00::/8 :: U 256 1 29329 vlan2
ff00::/8 :: U 256 2 15039 br0
ff00::/8 :: U 256 0 0 ip6tun
ff00::/8 :: U 256 0 0 wl0.1
ff00::/8 :: U 256 0 0 wl1.1
::/0 :: !n -1 1 25793 lo
okay I was being dumb. I realized I used /64 in the syntax.
Anyway I DID add:
ip -6 route add default via 2001:470:c:1xxx::1 dev ip6tun metric 256
And route table now does show:
::/0 2001:470:c:1xxx::1 UG 256 0 0 ip6tun
But still not getting any LAN clients to get past WAN
C:\WINDOWS\system32>ping -6 2001:470:c:1xxx::1
Pinging 2001:470:c:1xxx::1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 2001:470:c:1xxx::1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\WINDOWS\system32>ping -6 2001:470:c:1xxx::2
Pinging 2001:470:c:103f::2 with 32 bytes of data:
Reply from 2001:470:c:1xxx::2: time<1ms
Reply from 2001:470:c:1xxx::2: time<1ms
Reply from 2001:470:c:1xxx::2: time<1ms
Reply from 2001:470:c:1xxx::2: time<1ms
Ping statistics for 2001:470:c:1xxx::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\WINDOWS\system32>ping -6 google.com
Pinging google.com [2607:f8b0:4007:80b::200e] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 2607:f8b0:4007:80b::200e:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
You could open a ticket with ipv6@he.net to make sure it's routed properly on their side.
Quote from: cholzhauer on May 02, 2019, 10:45:58 AM
You could open a ticket with ipv6@he.net to make sure it's routed properly on their side.
If I am able to ping outside WAN ip addresses on the router itself, it should be routed correctly right?
ping6 google.com
PING google.com (2607:f8b0:4007:80b::200e): 56 data bytes
64 bytes from 2607:f8b0:4007:80b::200e: seq=0 ttl=57 time=18.665 ms
64 bytes from 2607:f8b0:4007:80b::200e: seq=1 ttl=57 time=23.013 ms
64 bytes from 2607:f8b0:4007:80b::200e: seq=2 ttl=57 time=23.542 ms
64 bytes from 2607:f8b0:4007:80b::200e: seq=3 ttl=57 time=17.118 ms
64 bytes from 2607:f8b0:4007:80b::200e: seq=4 ttl=57 time=32.611 ms
64 bytes from 2607:f8b0:4007:80b::200e: seq=5 ttl=57 time=21.872 ms
^C
--- google.com ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 17.118/22.803/32.611 ms
traceroute6 google.com
traceroute to google.com (2607:f8b0:4007:80b::200e), 30 hops max, 64 byte packets
1 tunnel532048.tunnel.tserv15.lax1.ipv6.he.net (2001:470:c:1xxx::1) 27.246 ms 31.173 ms 26.476 ms
2 10ge9-12.core1.lax1.he.net (2001:470:0:9d::1) 20.766 ms 28.402 ms 18.856 ms
3 100ge14-1.core1.lax2.he.net (2001:470:0:72::2) 30.330 ms 23.406 ms 17.079 ms
4 2001:504:13::210:41 (2001:504:13::210:41) 33.400 ms 30.046 ms 23.952 ms
5 2001:4860:0:110e::1 (2001:4860:0:110e::1) 29.794 ms 2001:4860:0:110d::1 (2001:4860:0:110d::1) 28.370 ms 24.373 ms
6 2001:4860:0:1::1877 (2001:4860:0:1::1877) 39.484 ms 2001:4860:0:1::18fd (2001:4860:0:1::18fd) 16.986 ms 18.103 ms
7 lax02s23-in-x0e.1e100.net (2607:f8b0:4007:80b::200e) 21.611 ms 21.224 ms 19.362 ms
I just noticed this thread.
/48 wasn't routed correctly.
Now it is.
Please retest.
If you are having issues, please open troubletickets by emailing ipv6@he.net.
Quote from: broquea on May 02, 2019, 11:02:10 AM
I just noticed this thread.
/48 wasn't routed correctly.
Now it is.
Please retest.
If you are having issues, please open troubletickets by emailing ipv6@he.net.
YES!!! IT WORKING! ONLY BEEN ON THIS FOR LIKE 3 DAYS! lol
THANK YOU!
I know it's working, but to answer your comment
Quote
If I am able to ping outside WAN ip addresses on the router itself, it should be routed correctly right?
Nope.../64 would be in play here, not the /48
And not even the /64 you would think of, but the /64 that's only shared between tunnel endpoint (xxxx::1) and your local endpoint (xxxx::2).