Esta página aún no está completamente traducida. Ayude a completar la traducción.
(elimine este párrafo una vez que la traducción haya finalizado)
IPv6
El firmware predeterminado proporciona soporte completo de IPv6 con un cliente DHCPv6 ( odhcp6c ), un servidor RA y DHCPv6 ( odhcpd ) y un firewall IPv6 ( ip6tables ).
Además, la instalación predeterminada de la interfaz web incluye el paquete luci-proto-ipv6 , requerido para configurar IPv6 desde la interfaz web luci .
Si está realizando una compilación personalizada, tenga en cuenta que los paquetes mencionados anteriormente deben instalarse para proporcionar la funcionalidad IPv6 correspondiente.
Compliance
Nuestro objetivo es seguir RFC 7084 en lo posible.
Notifíquenos si encuentra alguna infracción estándar.
Actualmente se sabe que no se cumplen los siguientes requisitos de RFC 7084:
- RFC 7084 WAA-5 (DEBE ser un requisito): el servidor NTP se solicita y recibe, pero actualmente no se procesa ni utiliza.
Características generales
- Manejo de prefijos
- Gestión de prefijos, direcciones y rutas desde conexiones ascendentes y prefijos ULA locales
- Gestión de prefijos de rutas inalcanzables, desaprobación de prefijos (RFC 7084) y clases de prefijos
- Distribución de prefijos en interfaces descendentes (incluyendo tamaño, ID y sugerencias de clase)
- Enrutamiento de políticas basado en la fuente para manejar correctamente múltiples interfaces de enlace ascendente, filtrado de políticas de ingreso (RFC 7084)
Configuración ascendente para interfaces WAN
Las siguientes secciones describen la configuración de las conexiones IPv6 a su ISP o un enrutador ascendente. Tenga en cuenta que la mayoría de los mecanismos de túnel como 6in4, 6rd y 6to4 pueden no funcionar detrás de un enrutador NAT.
Conexión IPv6 nativa
- Bootstrap automático de SLAAC, DHCPv6 sin estado, DHCPv6 con estado, DHCPv6-PD y cualquier combinación
- Manejo de direcciones preferidas y válidas y prefix lifetimes
- Dirección duplicada (DAD) y detección de Link-MTU
- Extensiones DHCPv6: reconfigurar, actualizar información, SOL_MAX_RT = 3600
- Extensiones DHCPv6: RDNSS, DNS Search Domain, NTP, SIP, ds-lite, exclusión de prefijo (experimental)
Para un enlace ascendente con conectividad IPv6 nativa, puede usar la siguiente configuración de ejemplo. Funcionará tanto para enlaces ascendentes que admiten DHCPv6 con Delegación de prefijo como para aquellos que no admiten DHCPv6-PD o DHCPv6 (solo SLAAC).
# cat /etc/config/network config interface wan option ipv6 1 # solo es necesaria para los protocolos basados en PPP ... config interface wan6 option ifname eth1 # usa el mismo ifname que en wan-section o "@wan" option proto dhcpv6 config interface lan option proto static option ip6assign 60 ...
Consulte a continuación las opciones de configuración avanzada del protocolo dhcpv6 .
Protocolos basados en PPP y opción ipv6
Los protocolos basados en PPP, por ejemplo pppoe y pppoa, requieren que la opción ipv6 se especifique en la sección principal config interface wan .
Consulte protocolos de interfaz WAN. la opción ipv6 puede tomar el valor:
- 0 : deshabilita IPv6 en la interfaz
- 1 : habilita la negociación de IPCP6 en la interfaz, pero nada más. Si tiene éxito, a la interfaz principal se le asignará una link-local address (prefijo fe80 :: / 10). La interfaz se debe configurar manualmente, como se describe a continuación.
- auto : (predeterminado) habilita IPv6 en la interfaz. Genere una interfaz virtual wan_6 (tenga en cuenta el guión bajo) e inicie el cliente DHCPv6 odhcp6c para administrar la asignación de prefijos. Asegúrese de que la interfaz lan tenga la opción “ip6assign 64” (o un tamaño de prefijo más grande) configurada para redistribuir el prefijo recibido en sentido descendente.
Se pueden dar más opciones de configuración, si es necesario, en la sección config interface wan6 .
Nota: Para enviar y recibir con éxito mensajes de solicitud y publicidad de DHCPv6 entre wan6 y el adaptador basado en PPP, deberá habilitar las reglas de firewall para la zona WAN que contiene estas dos interfaces:
# cat /etc/config/firewall .... config rule option target 'ACCEPT' option src 'wan' option proto 'udp' option dest_port '547' option name 'Allow DHCPv6 (546-to-547)' option family 'ipv6' option src_port '546' config rule option target 'ACCEPT' option src 'wan' option proto 'udp' option dest_port '546' option name 'Allow DHCPv6 (547-to-546)' option family 'ipv6' option src_port '547'
Protocol "dhcpv6"
These are available options in uci configuration of client ipv6 interface (using the “dhcpv6” protocol).
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
reqaddress | [try,force,none] | no | try | Behaviour for requesting addresses |
reqprefix | [auto,no,0-64] | no | auto | Behaviour for requesting prefixes (numbers denote hinted prefix length). Use 'no' if you only want a single IPv6 address for the AP itself without a subnet for routing |
clientid | hexstring | no | system default | Override client identifier in DHCP requests |
ifaceid | ipv6 addr | no | link-local identifier | Override the interface identifier for adresses received via RA |
dns | list of ip addresses | no | (none) | Supplement DHCP-assigned DNS server(s), or use only these if peerdns is 0 |
peerdns | boolean | no | 1 | Use DHCP-provided DNS server(s) |
defaultroute | boolean | no | 1 | Whether to create an IPv6 default route via the received gateway |
reqopts | list of numbers | no | (none) | Specifies a list of additional DHCP options to request |
noslaaconly | boolean | no | 0 | Don't allow configuration via SLAAC (RAs) only (implied by reqprefix != no) |
forceprefix | boolean | no | 0 | Require presence of IPv6 Prefix in received DHCP message |
norelease | boolean | no | 0 | Don't send a RELEASE when the interface is brought down |
ip6prefix | ipv6 prefix | no | (none) | Use an (additional) user-provided IPv6 prefix for distribution to clients |
iface_dslite | logical interface | no | (none) | Logical interface template for auto-configuration of DS-Lite (0 means disable DS-Lite autoconfiguration; every other value will autoconfigure DS-Lite when the AFTR-Name option is received) |
zone_dslite | string | no | (none) | Firewall zone of the logical DS-Lite interface |
iface_map | string | no | (none) | Logical interface template for auto-configuration of either map-e/map-t/lw6o4 autoconfiguration (0 means disable map-e/map-t/lw406 autoconfiguration; every other value will autoconfigure map-e/map-t/lw4o6 when the corresponding Softwire46 options are received) |
zone_map | string | no | (none) | Firewall zone of the logical map-e/map-t/lw6o4 interface |
iface_464xlat | string | no | (none) | Logical interface template for the 464xlat interface (0 means disable 464xlat autoconfiguration; every other value will try to autoconfigure 464xlat) |
zone_464xlat | string | no | (none) | Firewall zone of the logical 464xlat interface |
zone | string | no | (none) | Firewall zone to which the interface will be added |
sourcefilter | boolean | no | 1 | Whether to enable source based IPv6 routing |
vendorclass | string | no | (none) | Vendor class to be included in the DHCP messages |
userclass | string | no | (none) | User class to be be included in the DHCP messages |
delegate | boolean | no | 1 | Whether to enable prefix delegation in case of DS-Lite/map/464xlat |
soltimeout | integer | no | 120 | The maximum solicit timeout |
fakeroute | boolean | no | 1 | Fake default route when no route info via RA is received |
ra_holdoff | integer | no | 3 | Minimum time in seconds between accepting RA updates |
Note: To automatically configure ds-lite from dhcpv6 you need to create an interface with option auto 0 and put its name as the 'iface_dslite' parameter. In addition you also need to add its name to a suitable firewall zone in /etc/config/firewall.
Static IPv6 connection
Static configuration of the IPv6 uplink is supported as well. The following example demonstrates this.
# cat /etc/config/network config interface wan option ifname eth1 option proto static option ip6addr 2001:db80::2/64 # Own address option ip6gw 2001:db80::1 # Gateway address option ip6prefix 2001:db80:1::/48 # Prefix addresses for distribution to downstream interfaces option dns 2001:db80::1 # DNS server config interface lan option proto static option ip6assign 60 ...
For advanced configuration options see below for the usable options in a IPv6 “static” protocol:
Protocol "static" with IPv6
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
ip6addr | ipv6 address | yes, if no ipaddr is set | (none) | Assign given IPv6 address to this interface (CIDR notation) |
ip6ifaceid | ipv6 suffix | no | ::1 | Allowed values: 'eui64', 'random', fixed value like '::1:2'. When IPv6 prefix (like 'a:b:c:d::') is received from a delegating server, use the suffix (like '::1') to form the IPv6 address ('a:b:c:d::1') for this interface. Useful with several routers in LAN. The option was introduced by this commit to netifd in Jan 2015. |
ip6gw | ipv6 address | no | (none) | Assign given IPv6 default gateway to this interface |
ip6assign | prefix length | no | (none) | Delegate a prefix of given length to this interface (see Downstream configuration below) |
ip6hint | prefix hint (hex) | no | (none) | Hint the subprefix-ID that should be delegated as hexadecimal number (see Downstream configuration below) |
ip6prefix | ipv6 prefix | no | (none) | IPv6 prefix routed here for use on other interfaces (Barrier Breaker and later only) |
ip6class | list of strings | no | (none) | Define the IPv6 prefix-classes this interface will accept |
dns | list of ip addresses | no | (none) | DNS server(s) |
dns_search | list of domain names | no | (none) | Search list for host-name lookup |
metric | integer | no | 0 | Specifies the default route metric to use |
Downstream configuration for LAN-Interfaces
- Server support for Router Advertisement, DHCPv6 (stateless and stateful) and DHCPv6-PD
- Automatic detection of announced prefixes, delegated prefixes, default routes and MTU
- Change detection for prefixes and routes triggering resending of RAs and DHCPv6-Reconfigure
- Detection of client hostnames and export as augmented hosts-file
- Support for RA & DHCPv6-relaying and NDP-proxying to e.g. support uplinks without prefix delegation
OpenWrt provides a flexible local prefix delegation mechanism.
It can be tuned for each downstream-interface individually with 3 parameters which are all optional:
ip6assign: Prefix size used for assigned prefix to the interface (e.g. 64 will assign /64-prefixes)ip6hint: Subprefix ID to be used if available (e.g. 1234 with an ip6assign of 64 will assign prefixes of the form ...:1234::/64 or given LAN ports, LAN & LAN2, and a prefix delegation of /56, use ip6hint of 00 and 80 which would give prefixes of LAN ...:xx00::/64 and LAN2 ...:xx80::/64)ip6class: Filter for prefix classes to accept on this interface (e.g. wan6 will only assign prefixes with class “wan6” but not e.g. “local”)
ip6assign and / or ip6hint-settings might be ignored if the desired subprefix cannot be assigned. In this case the system will first try to assign a prefix with the same length but different subprefix-ID. If this fails as well the prefix length is reduced until the assignment can be satisfied. If ip6hint is not set an arbitrary ID will be chosen. Setting the ip6assign-parameter to a value < 64 will allow the DHCPv6-server to hand out all but the first /64 via DHCPv6-Prefix Delegation to downstream routers on the interface. If the ip6hint is not suitable for the given ip6assign it will be rounded down to the nearest possible value.
If ip6class is not set then all prefix classes are accepted on this interface. The default class for a prefix is the interface-name (e.g. “wan6”) or “local” for the ULA-prefix. This can be used to select upstream interfaces from which subprefixes are assigned. For prefixes received from dynamic-configuration methods like DHCPv6 it is possible that the prefix-class is not equal to the source-interface but e.g. augmented with an ISP-provided numeric prefix class-value.
# cat /etc/config/network config globals globals option ula_prefix fd00:db80::/48 config interface wan6 option proto static option ip6prefix 2001:db80::/56 ... config interface lan option proto static option ip6assign 60 option ip6hint 10 ... config interface guest option proto static option ip6assign 64 option ip6hint abcd list ip6class wan6 ...
The results of that configuration would be:
- The
laninterface will be assigned the prefixes 2001:db80:0:10::/60 and fd00:db80:0:10::/60. - The DHCPv6-server can offer both prefixes except 2001:db80:0:10::/64 and fd00:db80:0:10::/64 to downstream routers on
lanvia DHCPv6-PD. - The
guestinterface will only get assinged the prefix 2001:db80:0:abcd::/64 due to the class filter.
For multiple interfaces, the prefixes are assigned based on firstly the assignment length (smallest first) then on weight and finally alphabetical order of interface names. e.g. if wlan0 and eth1 have ip6assign 61 and eth2 has ip6assign 62, the prefixes are assigned to eth1 then wlan0 (alphabetic) and then eth2 (longest prefix). Note that if there are not enough prefixes, the last interfaces get no prefix - which would happen to eth2 if the overall prefix length was 60 in this example.
If the router can ping6 the internet, but lan machines get “Destination unreachable: Unknown code 5” or “Source address failed ingress/egress policy” then the ip6assign option is missing on your lan interface.
Router Advertisement & DHCPv6
OpenWrt features a versatile RA & DHCPv6 server and relay. Per default SLAAC, stateless and stateful DHCPv6 are enabled on an interface. If there are prefix of size /64 or greater present then addresses will be handed out from each prefix. If all prefixes on an interface have a size greater /64 then DHCPv6-Prefix Delegation is enabled for downstream-routers. If a default route is present the router advertises itself as default router on the interface.
The system is also able to detect when there is no prefix available from an upstream interface and can switch into relaying mode automatically to extend the upstream interface configuration onto its downstream interfaces. This is useful for putting the target router behind another IPv6-router which doesn't offer prefixes via DHCPv6-PD.
Example configuration section for SLAAC + DHCPv6 server mode. This is suitable also for a typical 6in4 tunnel configuration, where you specify the fixed LAN prefix in the tunnel interface config.
# cat /etc/config/dhcp
config dhcp lan
option dhcpv6 server
option ra server
Example configuration section for SLAAC alone
# cat /etc/config/dhcp
config dhcp lan
option dhcpv6 disabled
option ra server
Example configuration section for relaying
# cat /etc/config/dhcp config dhcp wan option dhcpv6 relay option ra relay option ndp relay option master 1 config dhcp lan option dhcpv6 relay option ra relay option ndp relay
Routing Mangement
OpenWrt uses a source-address and source-interface based policy-routing system. This is required to correctly handle different uplink interfaces. Each delegated prefix is added with an unreachable route to avoid IPv6-routing loops.
To determine the current status of routes you can consult the information provided by ifstatus.
Example (ifstatus wan6):
...
"ipv6-address": [
{
"address": "2001:db80::a00:27ff:fe67:cd9c",
"mask": 64,
"preferred": 1681,
"valid": 7081
}
],
"ipv6-prefix": [
{
"address": "2001:db80:0:100::",
"mask": 56,
"preferred": 86282,
"valid": 86282,
"class": "wan6",
"assigned": {
"lan": {
"address": "2001:db80:0:110::",
"mask": 60
}
}
}
],
"route": [
{
"target": "2001:db80::",
"mask": 48,
"nexthop": "fe80::800:27ff:fe00:0",
"metric": 1024,
"valid": 7081
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::800:27ff:fe00:0",
"metric": 1024,
"valid": 7081
}
],
...
Interpretation:
- On the interface 2 routes are provided: 2001:db80::/48 and a default-route via the router fe80::800:27ff:fe00:0.
- These routes can only be used by locally generated traffic and traffic with a suitable source-address, that is either one of the local addresses or an address out of the delegated prefix.
OpenWrt adds IPv6-routes (like default routes) to specific routing-tables and not the main-table thus they may not be seen by default. You can use the command ip -6 rule to list all current routing policies.
Multiple IP addresses
Assigning multiple ip addresses to the same interface:
config interface foo option ifname eth1 list ipaddr 10.8.0.1/24 list ipaddr 10.9.0.1/24 list ip6addr fdca:abcd::1/64 list ip6addr fdca:cdef::1/64
Specifying multiple interfaces sharing the same device:
config interface foo option ifname eth1 option ipaddr 10.8.0.1 option netmask 255.255.255.0 option ip6addr fdca:abcd::1/64 config interface foo2 option ifname eth1 option ipaddr 10.9.0.1 option netmask 255.255.255.0 option ip6addr fdca:cdef::1/64
Originally posted at https://dev.openwrt.org/ticket/2829#comment:7.