Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

OpenWRT routers: Difference between revisions

← Older editNewer edit →
Content deleted Content added
Adsb (talk | contribs)
editor
520 edits
Reorder sections
Tags: Mobile edit Mobile web edit
Adsb (talk | contribs)
editor
520 edits
Be clearer
Tags: Mobile edit Mobile web edit
Line 97: Line 97:
There's a gotcha for users who have multiple /64 blocks routed to them by AAISP. Current versions of OpenWrt use Policy-Based Routing (PBR) which allows routing to be configured according to multiple rules, not just by destination address.
There's a gotcha for users who have multiple /64 blocks routed to them by AAISP. Current versions of OpenWrt use Policy-Based Routing (PBR) which allows routing to be configured according to multiple rules, not just by destination address.


If DHCPv6 is used to request Prefix Delegation (PD), AAISP will reply with one block. OpenWrt uses this to set the LAN address and netmask, and then enables routing from '''just this block''' from LAN to WAN. If you have multiple /64 blocks, any other /64 blocks routed to you won't be able to send packets to the Internet.
If DHCPv6 is used to request Prefix Delegation (PD) with the virtual wan_6 interface, AAISP will reply with one block which will normally be a /64. OpenWrt uses this to set the LAN address and netmask, and then enables routing from '''just this block''' from LAN to WAN. If you have multiple /64 blocks, any other /64 blocks routed to you by AAISP won't be able to send packets to the Internet.


To quote from [https://openwrt.org/docs/guide-user/network/routing/basics OpenWrt Wiki - Routing basics] ''Note that by default OpenWrt announces IPv6 default route only for GUA and applies source filter for IPv6 that allows routing only for prefixes delegated from the upstream router.''
To quote from [https://openwrt.org/docs/guide-user/network/routing/basics OpenWrt Wiki - Routing basics] ''Note that by default OpenWrt announces IPv6 default route only for GUA and applies source filter for IPv6 that allows routing only for prefixes delegated from the upstream router.''


In my case, I have 2001:8b0:xxxx:4534::/64, ...:4535/64, ...:4536::/64 and ...:4537::/64 routed to me, but only 4534:: is routed back.
In my case, I had 2001:8b0:xxxx:4534::/64, ...:4535/64, ...:4536::/64 and ...:4537::/64 routed to me by AAISP, but only the lowest numbered block - 4534::/64 was routed back.


# ip -f inet6 route
# ip -f inet6 route
Line 112: Line 112:
=== odhcp6c ===
=== odhcp6c ===


Key to understanding the delegation of IPv6 blocks is the DHCPv6 client, which is odhcp6c on OpenWrt.
Key to understanding the delegation of IPv6 blocks is the DHCPv6 client, which is called odhcp6c on OpenWrt.


Looking back at the ''wan'' interface config there is an ''option ipv6'' line. The default value is ''auto'', which has the effect of automatically creating a virtual interface named ''wan_6'' and running odhcp6c on it BUT ignoring any config you may wish to supply. An alternative if multiple /64 blocks are to be used is ''1'' which allows you to configure ipv6 the way you want (static, dhcpv6, ...)
Looking back at the ''wan'' interface config there is an ''option ipv6'' line. The default value is ''auto'', which has the effect of automatically creating a virtual interface named ''wan_6'' and running odhcp6c on it BUT ignoring any extra config you may wish to supply. A possible alternative if multiple /64 blocks are to be used is ''1'' which allows you to configure ipv6 the way you want (static, dhcpv6, ...), but there is a simpler solution.


=== Solutions ===
=== Solution ===


We need a way for the WAN to tell the LAN about the wider routing block, whilst letting the LAN only use for itself the first /64 block.
We need a way for the WAN to tell the LAN about the wider routing block, whilst letting the LAN only use for itself the first /64 block.


This turns out to be remarkably easy. On the AAISP control panel, add a /60 block of IPv6 addresses. When DHCPv6 requests prefix delegation, AAISP returns the lowest number address block - if this is the new /60 then that's what you'll get, otherwise you might have to unroute some or more of the /64 blocks.
This turns out to be remarkably easy. On the AAISP control panel, add a /60 block of IPv6 addresses, and ensure that this is the lowest number address block (in fact, you can probably unroute some or all of your /64 blocks). When DHCPv6 requests prefix delegation, AAISP returns the lowest number address block - if this is the new /60 then that's what you'll be delegated, and you can then split this into up to 16 /64 blocks.


In my case I see for ''wan_6'':
In my case I see for ''wan_6'':
Line 129: Line 129:


And for ''lan'':
And for ''lan'':
IPv6: 2001:8b0:xyz:4520:xxxx:xxxx:xxxx:xxxx/64
IPv6: 2001:8b0:xyz:4520::1/64


It's the ''ip6assign'' option in the config for the lan which determines that the lan uses a /64.
It's the ''ip6assign'' option in the config for the lan which determines that the lan receives a /64.


Now I see:
Now I see:
Line 138: Line 138:
default from 2001:8b0:xyz:4520::/60 via fe80::9e89:1eff:fe2e:0 dev pppoe-wan metric 512
default from 2001:8b0:xyz:4520::/60 via fe80::9e89:1eff:fe2e:0 dev pppoe-wan metric 512
...
...



= Advanced configuration of the local network =
= Advanced configuration of the local network =
Retrieved from "http://support.aa.net.uk/OpenWRT_routers"