| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| docs:guide-user:network:ipv6:configuration [2023/07/28 08:27] – Update noclientfqdn description charles_harris | docs:guide-user:network:ipv6:configuration [2024/08/06 22:16] – [Table] fblaese |
|---|
| ====== IPv6 configuration ====== | ====== IPv6 configuration ====== |
| See also: | See also: |
| [[docs:guide-user:network:routing:examples:routing_with_ipv6|Routing example: IPv6]], | [[docs:guide-user:network:routing:routes_configuration#ipv6_routes|Static IPv6 routes]], |
| | [[docs:guide-user:network:routing:examples:routing_with_ipv6|IPv6 routing example]], |
| [[docs:guide-user:network:ipv6_ipv4_transitioning|IPv4/IPv6 transitioning]], | [[docs:guide-user:network:ipv6_ipv4_transitioning|IPv4/IPv6 transitioning]], |
| [[docs:guide-user:network:ipv6:ipv6_extras|IPv6 extras]] | [[docs:guide-user:network:ipv6:ipv6_extras|IPv6 extras]] |
| |
| ==== General features ==== | ==== General features ==== |
| * Prefix Handling | * Prefix handling: |
| * Management of prefixes, addresses and routes from upstream connections and local ULA-prefixes | * Management of prefixes, addresses and routes from upstream connections and local ULA-prefixes |
| * Management of prefix unreachable-routes, prefix deprecation ([[https://datatracker.ietf.org/doc/html/rfc7084|RFC 7084]]) and prefix classes | * Management of prefix unreachable-routes, prefix deprecation ([[https://datatracker.ietf.org/doc/html/rfc7084|RFC 7084]]) and prefix classes |
| See [[docs:guide-user:network:wan:WAN interface protocols]]. **option ipv6** can take the value: | See [[docs:guide-user:network:wan:WAN interface protocols]]. **option ipv6** can take the value: |
| * **0**: disable IPv6 on the interface | * **0**: disable IPv6 on the interface |
| * **1**: enable IPCP6 negotiation on the interface, but nothing else. If successful, the parent interface will be assigned a [[https://en.wikipedia.org/wiki/Link-local_address|link-local address]] (prefix fe80::/10). All other IPv6 configuration is made in the ''wan6'' interface which must be configured manually, as described below. | * **1**: enable IPCP6 negotiation on the interface, but nothing else. If successful, the parent interface will be assigned a [[wp>Link-local_address|link-local address]] (prefix fe80::/10). All other IPv6 configuration is made in the ''wan6'' interface which must be configured manually, as described below. |
| * **auto**: (default) enable IPv6 on the interface. Spawn a virtual interface wan_6 (note the underscore) and start DHCPv6 client odhcp6c to manage prefix assignment. Ensure the lan interface has ''option ip6assign 64'' (or a larger prefix size) set to redistribute the received prefix downstream. | * **auto**: (default) enable IPv6 on the interface. Spawn a virtual interface wan_6 (note the underscore) and start DHCPv6 client odhcp6c to manage prefix assignment. Ensure the lan interface has ''option ip6assign 64'' (or a larger prefix size) set to redistribute the received prefix downstream. |
| |
| | ''dns'' | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 | | | ''dns'' | list of ip addresses | no | //(none)// | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 | |
| | ''peerdns'' | boolean | no | ''1'' | Use DHCP-provided DNS server(s) | | | ''peerdns'' | boolean | no | ''1'' | Use DHCP-provided DNS server(s) | |
| | | ''keep_ra_dnslifetime'' | boolean | no | ''0'' | Ignore default lifetime for RDNSS records [[https://github.com/openwrt/odhcp6c/commit/d420f49396c627ce1072b83170889baf0720bc8b|More info]] | |
| | ''defaultroute'' | boolean | no | ''1'' | Whether to create an IPv6 default route via the received gateway | | | ''defaultroute'' | boolean | no | ''1'' | Whether to create an IPv6 default route via the received gateway | |
| | ''reqopts'' | list of numbers | no | //(none)// | Specifies a list of additional DHCP options to request | | | ''reqopts'' | list of numbers | no | //(none)// | Specifies a list of additional DHCP options to request | |
| | ''norelease'' | boolean | no | ''0'' | Don't send a RELEASE when the interface is brought down | | | ''norelease'' | boolean | no | ''0'' | Don't send a RELEASE when the interface is brought down | |
| | ''ip6prefix'' | ipv6 prefix | no | //(none)// | Use an (additional) user-provided IPv6 prefix for distribution to clients | | | ''ip6prefix'' | ipv6 prefix | no | //(none)// | Use an (additional) user-provided IPv6 prefix for distribution to clients | |
| | | ''extendprefix'' | boolean | no | ''0'' | On a 3GPP Mobile WAN link, accept a /64 prefix via SLAAC and extend it on one downstream interface - see [[https://datatracker.ietf.org/doc/html/rfc7278|RFC 7278]] | |
| | ''iface_dslite'' | logical interface | no | //(none)// | Logical interface template for auto-configuration of DS-Lite (0 means disable DS-Lite autoconfiguration; every other value will autoconfigure DS-Lite when the AFTR-Name option is received) | | | ''iface_dslite'' | logical interface | no | //(none)// | Logical interface template for auto-configuration of DS-Lite (0 means disable DS-Lite autoconfiguration; every other value will autoconfigure DS-Lite when the AFTR-Name option is received) | |
| | ''zone_dslite'' | string | no | //(none)// | Firewall zone of the logical DS-Lite interface | | | ''zone_dslite'' | string | no | //(none)// | Firewall zone of the logical DS-Lite interface | |
| | ''ra_holdoff'' | integer | no | ''3'' | Minimum time in seconds between accepting RA updates | | | ''ra_holdoff'' | integer | no | ''3'' | Minimum time in seconds between accepting RA updates | |
| | ''noclientfqdn'' | boolean | no | ''0'' | Don't send Client FQDN option (Option 39). The unset default uses the system hostname e.g. ''OpenWrt'' | | | ''noclientfqdn'' | boolean | no | ''0'' | Don't send Client FQDN option (Option 39). The unset default uses the system hostname e.g. ''OpenWrt'' | |
| | | ''noacceptreconfig'' | boolean | no | ''0'' | Don't send Accept Reconfigure option [[https://github.com/openwrt/odhcp6c/commit/dc30922e418be6271ad177f3f9d4ecf0c1eb3f01|More info]] | |
| | | ''noserverunicast'' | boolean | no | ''0'' | Ignore Server Unicast option [[https://github.com/openwrt/odhcp6c/commit/67ae6a71b5762292e114b281d0e329cc24209ae6|More info]] | |
| | | ''skpriority'' | integer | no | ''0'' | Set packet kernel priority [[https://github.com/openwrt/odhcp6c/commit/bcd283632ac13391aac3ebdd074d1fd832d76fa3|More info]] | |
| | | ''verbose'' | boolean | no | ''0'' | Increase logging verbosity | |
| |
| **Note:** To automatically configure ds-lite from dhcpv6, you need to create an interface with ''option auto 0'' and put its name as the 'iface_dslite' parameter. In addition, you also need to add its name to a suitable firewall zone in /etc/config/firewall. | **Note:** To automatically configure ds-lite from dhcpv6, you need to create an interface with ''option auto 0'' and put its name as the 'iface_dslite' parameter. In addition, you also need to add its name to a suitable firewall zone in /etc/config/firewall. |
| |
| ==== Protocol "static", IPv6 ==== | ==== Protocol "static", IPv6 ==== |
| ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ^ Name ^ Type ^ Required ^ Default ^ Description ^ |
| | ''ip6addr'' | ipv6 address | yes, if no ''ipaddr'' is set | //(none)// | Assign given IPv6 address to this interface (CIDR notation) | | | ''ip6addr'' | ipv6 address | yes, if no ''ipaddr'' is set | //(none)// | Assign given IPv6 address to this interface (CIDR notation) | |
| | ''ip6ifaceid'' | ipv6 suffix | no | ::1 | Allowed values: 'eui64', 'random', fixed value like '::1:2'. \\ When IPv6 prefix (like 'a:b:c:d::') is received from a delegating server, use the suffix (like '::1') to form the IPv6 address ('a:b:c:d::1') for this interface. Useful with several routers in LAN. The option was introduced by [[http://git.openwrt.org/?p=project/netifd.git;a=commitdiff;h=0b0e5e2fc5b065092644a5c4717c0a03a9098dcf;hp=e9d2014a478807c7fac0581bb4a145901a3f23b4|this commit]] to netifd in Jan 2015. | | | ''ip6ifaceid'' | ipv6 suffix | no | ::1 | Allowed values: 'eui64', 'random', fixed value like '::1:2'. \\ When IPv6 prefix (like 'a:b:c:d::') is received from a delegating server, use the suffix (like '::1') to form the IPv6 address ('a:b:c:d::1') for this interface. Useful with several routers in LAN. The option was introduced by [[http://git.openwrt.org/?p=project/netifd.git;a=commitdiff;h=0b0e5e2fc5b065092644a5c4717c0a03a9098dcf;hp=e9d2014a478807c7fac0581bb4a145901a3f23b4|this commit]] to netifd in Jan 2015. | |
| | ''ip6gw'' | ipv6 address | no | //(none)// | Assign given IPv6 default gateway to this interface | | | ''ip6gw'' | ipv6 address | no | //(none)// | Assign given IPv6 default gateway to this interface | |
| | ''ip6assign'' | prefix length | no | //(none)// | Delegate a prefix of given length to this interface (see Downstream configuration below) | | | ''ip6assign'' | prefix length | no | //(none)// | Delegate a prefix of given length to this interface (see Downstream configuration below) | |
| | ''ip6hint'' | prefix hint (hex) | no | //(none)// | Hint the subprefix-ID that should be delegated as hexadecimal number (see Downstream configuration below) | | | ''ip6hint'' | prefix hint (hex) | no | //(none)// | Hint the subprefix-ID that should be delegated as hexadecimal number (see Downstream configuration below) | |
| | ''ip6prefix'' | ipv6 prefix | no | //(none)// | IPv6 prefix routed here for use on other interfaces (Barrier Breaker and later only) | | | ''ip6prefix'' | ipv6 prefix | no | //(none)// | IPv6 prefix routed here for use on other interfaces (Barrier Breaker and later only) | |
| | ''ip6class'' | list of strings | no | //(none)// | Define the IPv6 prefix-classes this interface will accept | | | ''ip6class'' | list of strings | no | //(none)// | Define the IPv6 prefix-classes this interface will accept | |
| | ''dns'' | list of ip addresses | no | //(none)// | DNS server(s) | | | ''ip6deprecated'' | boolean | no | ''0'' | Set preferred lifetime of IPv6 addresses to zero | |
| | ''dns_metric'' | integer | no | ''0'' | [[commit>?p=project/netifd.git;a=commitdiff;h=7f6be657e2dabc185417520de4d0d0de2580c27d|DNS metric]] | | | ''dns'' | list of ip addresses | no | //(none)// | DNS server(s) | |
| | ''dns_search'' | list of domain names | no | //(none)// | Search list for host-name lookup | | | ''dns_metric'' | integer | no | ''0'' | [[commit>?p=project/netifd.git;a=commitdiff;h=7f6be657e2dabc185417520de4d0d0de2580c27d|DNS metric]] | |
| | ''metric'' | integer | no | ''0'' | Specifies the default route metric to use | | | ''dns_search'' | list of domain names | no | //(none)// | Search list for host-name lookup, relevant only for the router | |
| | | ''metric'' | integer | no | ''0'' | Specifies the default route metric to use | |
| |
| ===== Downstream configuration for LAN interfaces ===== | ===== Downstream configuration for LAN interfaces ===== |
| * Support for RA & DHCPv6-relaying and NDP-proxying to e.g. support uplinks without prefix delegation | * Support for RA & DHCPv6-relaying and NDP-proxying to e.g. support uplinks without prefix delegation |
| |
| OpenWrt provides a flexible local prefix delegation mechanism.\\ | OpenWrt provides a flexible local prefix delegation mechanism. |
| It can be tuned for each downstream-interface individually with 3 parameters which are all optional: | It can be tuned for each downstream-interface individually with 3 parameters which are all optional: |
| * ''ip6assign'': Prefix size used for assigned prefix to the interface (e.g. 64 will assign /64-prefixes) | * ''ip6assign'': Prefix size used for assigned prefix to the interface (e.g. 64 will assign /64-prefixes) |
| * ''ip6hint'': Subprefix ID to be used if available (e.g. 1234 with an ip6assign of 64 will assign prefixes of the form ...:1234::/64 or given LAN ports, LAN & LAN2, and a prefix delegation of /56, use ip6hint of 00 and 80 which would give prefixes of LAN ...:xx00::/64 and LAN2 ...:xx80::/64) | * ''ip6hint'': Subprefix ID to be used if available (e.g. 1234 with an ip6assign of 64 will assign prefixes of the form ...:1234::/64 or given LAN ports, LAN & LAN2, and a prefix delegation of /56, use ip6hint of 00 and 80 which would give prefixes of LAN ...:xx00::/64 and LAN2 ...:xx80::/64) |
| * ''ip6class'': Filter for prefix classes to accept on this interface (e.g. wan6 will only assign prefixes with class "wan6" but not e.g. "local") | * ''ip6class'': Filter for prefix classes to accept on this interface (e.g. ''wan6'' - only assign prefix from the respective interface, ''local'' - only assign the ULA-prefix) |
| | |
| ip6assign and / or ip6hint-settings might be ignored if the desired subprefix cannot be assigned. In this case, the system will first try to assign a prefix with the same length but different subprefix-ID. | |
| If this fails as well, the prefix length is reduced until the assignment can be satisfied. If ip6hint is not set, an arbitrary ID will be chosen. Setting the ip6assign-parameter to a value < 64 will allow the DHCPv6-server to hand out all but the first /64 via DHCPv6-Prefix Delegation to downstream routers on the interface. If the ip6hint is not suitable for the given ip6assign, it will be rounded down to the nearest possible value. | |
| |
| If ip6class is not set, then all prefix classes are accepted on this interface. The default class for a prefix is the interface-name (e.g. "wan6") or "local" for the ULA-prefix. | ''ip6assign'' and / or ''ip6hint'' settings might be ignored if the desired subprefix cannot be assigned. |
| This can be used to select upstream interfaces from which subprefixes are assigned. For prefixes received from dynamic-configuration methods like DHCPv6, it is possible that the prefix-class | In this case, the system will first try to assign a prefix with the same length but different subprefix-ID. |
| is not equal to the source-interface but e.g. augmented with an ISP-provided numeric prefix class-value. | If this fails as well, the prefix length is reduced until the assignment can be satisfied. |
| | If ''ip6hint'' is not set, an arbitrary ID will be chosen. |
| | Setting the ''ip6assign'' parameter to a value < 64 will allow the DHCPv6-server to hand out all but the first /64 via DHCPv6-Prefix Delegation to downstream routers on the interface. |
| | If ''ip6hint'' is not suitable for the given ''ip6assign'', it will be rounded down to the nearest possible value. |
| |
| If [[docs:guide-user:network:ipv6:ipv6.nat6|NAT66]] is in use, you can set ip6class to ''local'' to disable leasing GUA addresses and only lease ULA. | If ''ip6class'' is not set, then all prefix classes are accepted on this interface. |
| | Specify one or multiple interface names such as ''wan6'' to accept only prefix from the respective interface, or specify ''local'' accept only the ULA-prefix when using IPv6 NAT or NPT. |
| | This can be used to select upstream interfaces from which subprefixes are assigned. |
| | For prefixes received from dynamic-configuration methods like DHCPv6, it is possible that the prefix-class is not equal to the source-interface but e.g. augmented with an ISP-provided numeric prefix class-value. |
| |
| <code bash> | <code bash> |
| |
| For multiple interfaces, the prefixes are assigned based on firstly the assignment length (smallest first) then on weight and finally alphabetical order of interface names. | For multiple interfaces, the prefixes are assigned based on firstly the assignment length (smallest first) then on weight and finally alphabetical order of interface names. |
| e.g. if wlan0 and eth1 have ip6assign 61 and eth2 has ip6assign 62, the prefixes are assigned to eth1 then wlan0 (alphabetic) and then eth2 (longest prefix). Note that if there are not enough | e.g. if wlan0 and eth1 have ip6assign 61 and eth2 has ip6assign 62, the prefixes are assigned to eth1 then wlan0 (alphabetic) and then eth2 (longest prefix). |
| prefixes, the last interfaces get no prefix - which would happen to eth2 if the overall prefix length was 60 in this example. | Note that if there are not enough prefixes, the last interfaces get no prefix - which would happen to eth2 if the overall prefix length was 60 in this example. |
| |
| :!: If the router can ''ping6'' the internet, but lan machines get "Destination unreachable: Unknown code 5" or "Source address failed ingress/egress policy" then the **ip6assign** option is missing on your lan interface. | :!: If the router can ''ping6'' the internet, but lan machines get "Destination unreachable: Unknown code 5" or "Source address failed ingress/egress policy" then the **ip6assign** option is missing on your lan interface. |
| |
| ===== ULA prefix ===== | ===== ULA prefix ===== |
| IPv6 [[docs:guide-user:base-system:basic-networking?s=ula_prefix#global_section|ULA prefix]] can serve the following purposes: | IPv6 [[docs:guide-user:network:network_configuration?s=ula_prefix#section_globals|ULA prefix]] can serve the following purposes: |
| * Predictable [[docs:guide-user:base-system:dhcp_configuration#static_leases|static IPv6]] suffix allocation with DHCPv6. | * Predictable [[docs:guide-user:base-system:dhcp_configuration#static_leases|static IPv6]] suffix allocation with DHCPv6. |
| * Predictable site-to-site connectivity with dynamic or missing GUA prefix. | * Predictable site-to-site connectivity with dynamic or missing GUA prefix. |