How to configure static IPv6 on Asuswrt-Merlin?

[wuzan]

Hi

My ISP provides me with a permanent 48 bits IPv6 prefix (e.g.: 2001:1234:5678::/64).

I have a fully functional IPv6 connectivity when using DHCP-PD (Prefix Delegation) aka "Native" connection type in my RT-AC87U router using Asuswrt-Merlin.

However, I would like to set the prefix statically in my RT-AC87U router aka "Static IPv6" connection type. This way, in the event of an Internet outage and after a reboot of the router, I would still be able to route to my hosts using my global IPv6 addresses, which is not possible when using DHCP-PD. Long story here: https://www.reddit.com/r/ipv6/comments/gn9ln8/local_dns_entry_for_ipv6/

I would also like to use the conventional link-local IPv6 fe80::1 as the default gateway.

I cannot make sense of the interface panel for static IPv6 in Asuswrt-Merlin. Specifically, I do not get the differences between the WAN and LAN settings below. I added what I think I should put as values.

• IPv6 WAN Setting / WAN IPv6 Address: 2001:1234:5678::1
• IPv6 WAN Setting / WAN Prefix Length: 48
• IPv6 WAN Setting / WAN IPv6 Gateway: fe80::1
• IPv6 LAN Setting / LAN IPv6 Address: 2001:1234:5678::2
• IPv6 LAN Setting / LAN Prefix Length: 48
• IPv6 LAN Setting / LAN IPv6 Prefix: 2001:1234:5678:: (auto-filled with prefix used in setting "IPv6 LAN Setting / LAN IPv6 Address")

I tested with the values mentioned (after replacing 2001:1234:5678:: by my real prefix) but a test with https://test-ipv6.com/ revealed that I did not have IPv6.

Any help will be greatly appreciated.

 

[Slawek P]

Hi,

I was thinking about it, but have not tried as I had no real need to switch from DHCP-PD really..

If I were to do this I would start reading here
https://docs.opnsense.org/manual/how-tos/IPv6_ZenUK.html
Then I would try copying IPv6 values from your DHCP setup to a static setup
https://<your router>/Main_IPV6Status_Content.asp

Good luck! Let us know when you succeed.

Hi

My ISP provides me with a permanent 48 bits IPv6 prefix (e.g.: 2001:1234:5678::/64).

I have a fully functional IPv6 connectivity when using DHCP-PD (Prefix Delegation) aka "Native" connection type in my RT-AC87U router using Asuswrt-Merlin.

However, I would like to set the prefix statically in my RT-AC87U router aka "Static IPv6" connection type. This way, in the event of an Internet outage and after a reboot of the router, I would still be able to route to my hosts using my global IPv6 addresses, which is not possible when using DHCP-PD. Long story here: https://www.reddit.com/r/ipv6/comments/gn9ln8/local_dns_entry_for_ipv6/

I would also like to use the conventional link-local IPv6 fe80::1 as the default gateway.

I cannot make sense of the interface panel for static IPv6 in Asuswrt-Merlin. Specifically, I do not get the differences between the WAN and LAN settings below. I added what I think I should put as values.

• IPv6 WAN Setting / WAN IPv6 Address: 2001:1234:5678::1
• IPv6 WAN Setting / WAN Prefix Length: 48
• IPv6 WAN Setting / WAN IPv6 Gateway: fe80::1
• IPv6 LAN Setting / LAN IPv6 Address: 2001:1234:5678::2
• IPv6 LAN Setting / LAN Prefix Length: 48
• IPv6 LAN Setting / LAN IPv6 Prefix: 2001:1234:5678:: (auto-filled with prefix used in setting "IPv6 LAN Setting / LAN IPv6 Address")

I tested with the values mentioned (after replacing 2001:1234:5678:: by my real prefix) but a test with https://test-ipv6.com/ revealed that I did not have IPv6.

Any help will be greatly appreciated.

 

[heysoundude]

Have you seen https://ipv6.he.net/certification/ ? it's free and fun!

@Slawek P you may yet get your wish for a topic/thread for IPv6 here in the Merlin forum!

 

[Dabombber]

However, I would like to set the prefix statically in my RT-AC87U router aka "Static IPv6" connection type. This way, in the event of an Internet outage and after a reboot of the router, I would still be able to route to my hosts using my global IPv6 addresses, which is not possible when using DHCP-PD. Long story here: https://www.reddit.com/r/ipv6/comments/gn9ln8/local_dns_entry_for_ipv6/

Do you want to be able to connect specifically via the global IPv6 address, or just over a host name using IPv6?

I would also like to use the conventional link-local IPv6 fe80::1 as the default gateway.

No need to compromise on this, you can use both the global and link address at the same time (and the ULA address if you want too). In dnsmasq.postconf I have this line

sed -i 's/option6:23,\[::\]/&,\[fe80::\]/' "$1"

which results in "dhcp-option=lan,option6:23,[::],[fe80::]" being used in the dnsmasq config.

I cannot make sense of the interface panel for static IPv6 in Asuswrt-Merlin. Specifically, I do not get the differences between the WAN and LAN settings below.

I think the LAN side is for assigning addresses through DHCP. It might be worth looking through the dnsmasq manual and seeing what various settings produce in /etc/dnsmasq.conf.

 

[SomeWhereOverTheRainBow]

Do you want to be able to connect specifically via the global IPv6 address, or just over a host name using IPv6?


No need to compromise on this, you can use both the global and link address at the same time (and the ULA address if you want too). In dnsmasq.postconf I have this line

sed -i 's/option6:23,\[::\]/&,\[fe80::\]/' "$1"

which results in "dhcp-option=lan,option6:23,[::],[fe80::]" being used in the dnsmasq config.


I think the LAN side is for assigning addresses through DHCP. It might be worth looking through the dnsmasq manual and seeing what various settings produce in /etc/dnsmasq.conf.

sed -i 's/^\(.*ra-stateless.*\),[0-9]\+$/\1,infinite/' $CONFIG

pc_replace "dhcp-range=lan,::,constructor:br0,ra-stateless,64,infinite" "dhcp-range=lan,::2,::500,constructor:br0,slaac,ra-names,64,infinite" $CONFIG

here is my modification. I get both a static address per device as well as a stateless address.

(some android and smart devices need a stateless address for ipv6 due to lack of compatibility for dhcpv6)

 

[coldwizard]

Hi

My ISP provides me with a permanent 48 bits IPv6 prefix (e.g.: 2001:1234:5678::/64).

....

IPv6 WAN Setting / WAN IPv6 Address: 2001:1234:5678::1

• IPv6 WAN Setting / WAN Prefix Length: 48
• IPv6 WAN Setting / WAN IPv6 Gateway: fe80::1
• IPv6 LAN Setting / LAN IPv6 Address: 2001:1234:5678::2
• IPv6 LAN Setting / LAN Prefix Length: 48
• IPv6 LAN Setting / LAN IPv6 Prefix: 2001:1234:5678:: (auto-filled with prefix used in setting "IPv6 LAN Setting / LAN IPv6 Address")

I tested with the values mentioned (after replacing 2001:1234:5678:: by my real prefix) but a test with https://test-ipv6.com/ revealed that I did not have IPv6.

Any help will be greatly appreciated.

I suspect that the problem is that the Prefix length cannot be the same on the WAN and LAN or the Prefix must change slightly.
Also the gateway cannot be fe80::1. It needs to be the address given by the ISP which will contain more non-zero fields

What I would try is:
If you know how to login to the command line (ssh) of the router
configure router to use DHCP-PD (Prefix Delegation)
With that configuration, type these commands
ifconfig
ip -f inet6 route list
Look at the global address and masks for br0 and eth0 shown with ifconfig command
Look at "default via" line from the ip command
Then use the eth0 address and mask for WAN, and br0 address and mask for LAN when you reconfigure for static IPv6
Use default address for WAN Gateway it would be a full address (not fe80::1)

 

[Dabombber]

sed -i 's/^\(.*ra-stateless.*\),[0-9]\+$/\1,infinite/' $CONFIG

pc_replace "dhcp-range=lan,::,constructor:br0,ra-stateless,64,infinite" "dhcp-range=lan,::2,::500,constructor:br0,slaac,ra-names,64,infinite" $CONFIG

here is my modification. I get both a static address per device as well as a stateless address.

(some android and smart devices need a stateless address for ipv6 due to lack of compatibility for dhcpv6)

It's the "ra-names" which fixes android rather than slaac isn't it? Based off this, I think slaac is SLAAC+stateful DHCPv6, and ra-stateless is SLAAC+stateless DHCPv6. So android should work with either, and it gets its host name from the IPv4 address thanks to ra-names.

 

[SomeWhereOverTheRainBow]

It's the "ra-names" which fixes android rather than slaac isn't it? Based off this, I think slaac is SLAAC+stateful DHCPv6, and ra-stateless is SLAAC+stateless DHCPv6. So android should work with either, and it gets its host name from the IPv4 address thanks to ra-names.

Slaac allows of the mixing of statetful and stateless to each client. Incompliant devices that cannot take a stateful attach themselves to the stateless address still.I sourced mine from the dnsmasq example.conf when I added this line to my setup.
all ra-names does is attempt to attach an ipv4 hostname to an associated ipv6 address within a dualstack environment.

# Enable DHCPv6. Note that the prefix-length does not need to be specified
# and defaults to 64 if missing/
#dhcp-range=1234::2, 1234::500, 64, 12h

# Do Router Advertisements, BUT NOT DHCP for this subnet.
#dhcp-range=1234::, ra-only

# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
# hosts. Use the DHCPv4 lease to derive the name, network segment and
# MAC address and assume that the host will also have an
# IPv6 address calculated using the SLAAC algorithm.
#dhcp-range=1234::, ra-names

# Do Router Advertisements, BUT NOT DHCP for this subnet.
# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
#dhcp-range=1234::, ra-only, 48h

# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
# so that clients can use SLAAC addresses as well as DHCP ones.
#dhcp-range=1234::2, 1234::500, slaac

# Do Router Advertisements and stateless DHCP for this subnet. Clients will
# not get addresses from DHCP, but they will get other configuration information.
# They will use SLAAC for addresses.
#dhcp-range=1234::, ra-stateless

# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
# from DHCPv4 leases.
#dhcp-range=1234::, ra-stateless, ra-names

# Do router advertisements for all subnets where we're doing DHCPv6
# Unless overridden by ra-stateless, ra-names, et al, the router
# advertisements will have the M and O bits set, so that the clients
# get addresses and configuration from DHCPv6, and the A bit reset, so the
# clients don't use SLAAC addresses.

 

[wuzan]

If I were to do this I would start reading here
https://docs.opnsense.org/manual/how-tos/IPv6_ZenUK.html

This did not help since it is not about Asuswrt-Merlin

Then I would try copying IPv6 values from your DHCP setup to a static setup
https://<your router>/Main_IPV6Status_Content.asp

Thank you, I missed that part of the interface.
That helped me to get a functional IPv6 connectivity by copy pasting the value to a static setup. However, the IPv6 connectivity did not survived a reboot with WAN cable connected following a reboot with WAN cable disconnected. But here is what I learnt:

• IPv6 WAN Setting / WAN IPv6 Address: 2001:4712:8:62::9c12 Copied from the https://<myrouter>/Main_IPV6Status_Content.asp, uses a different prefix than 2001:1234:5678::/48
  
• IPv6 WAN Setting / WAN Prefix Length: 128 Taken from running ip a in the router via SSH and looking for the CIDR display of 2001:4712:8:62::9c12
  
• IPv6 WAN Setting / WAN IPv6 Gateway: fe80::65b2:43cc:a926:c326 Copied from the https://<myrouter>/Main_IPV6Status_Content.asp
  
• IPv6 LAN Setting / LAN IPv6 Address: 2001:1234:5678::1 Prefix from DHCP-PD and ::1 as host ID
  
• IPv6 LAN Setting / LAN Prefix Length: 48 the same I had with DHCP-PD
• IPv6 LAN Setting / LAN IPv6 Prefix: 2001:1234:5678:: (auto-filled with prefix used in setting "IPv6 LAN Setting / LAN IPv6 Address")

 

[wuzan]

Have you seen https://ipv6.he.net/certification/ ? it's free and fun!

I will have a look, thank you.

 

[wuzan]

Do you want to be able to connect specifically via the global IPv6 address, or just over a host name using IPv6?

Not with a IPv6 directly but with a hostname (cf: https://www.reddit.com/r/ipv6/comments/gn9ln8/local_dns_entry_for_ipv6/)

 

[wuzan]

I suspect that the problem is that the Prefix length cannot be the same on the WAN and LAN or the Prefix must change slightly.
Also the gateway cannot be fe80::1. It needs to be the address given by the ISP which will contain more non-zero fields

What I would try is:
If you know how to login to the command line (ssh) of the router
configure router to use DHCP-PD (Prefix Delegation)
With that configuration, type these commands
ifconfig
ip -f inet6 route list
Look at the global address and masks for br0 and eth0 shown with ifconfig command
Look at "default via" line from the ip command

Yes, I found the same information with the command line but more detailed than in the GUI https://<myrouter>/Main_IPV6Status_Content.asp

Then use the eth0 address and mask for WAN, and br0 address and mask for LAN when you reconfigure for static IPv6

For the record, I find my WAN IPs in the vlan2 interface, not eth0.

Use default address for WAN Gateway it would be a full address (not fe80::1)

That make sense. I wanted to use fe80::1 in the LAN side so that it makes it easier to configure a static IPv6 gateway.

From my researches so far, I have the feeling that setting "Static IPv6" connection type in the GUI in not enough for what I need. Perhaps I will need to configure some things via the command line with SSH, as some answers above seem to indicate.

 

[SomeWhereOverTheRainBow]

You would definitely want devices that cannot handle static ipv6 to also receive a stateless assignment as well.

 

[wuzan]

That helped me to get a functional IPv6 connectivity by copy pasting the value to a static setup. However, the IPv6 connectivity did not survived a reboot with WAN cable connected following a reboot with WAN cable disconnected. But here is what I learnt:

• IPv6 WAN Setting / WAN IPv6 Address: 2001:4712:8:62::9c12 Copied from the https://<myrouter>/Main_IPV6Status_Content.asp, uses a different prefix than 2001:1234:5678::/48
  
• IPv6 WAN Setting / WAN Prefix Length: 128 Taken from running ip a in the router via SSH and looking for the CIDR display of 2001:4712:8:62::9c12
  
• IPv6 WAN Setting / WAN IPv6 Gateway: fe80::65b2:43cc:a926:c326 Copied from the https://<myrouter>/Main_IPV6Status_Content.asp
  
• IPv6 LAN Setting / LAN IPv6 Address: 2001:1234:5678::1 Prefix from DHCP-PD and ::1 as host ID
  
• IPv6 LAN Setting / LAN Prefix Length: 48 the same I had with DHCP-PD
• IPv6 LAN Setting / LAN IPv6 Prefix: 2001:1234:5678:: (auto-filled with prefix used in setting "IPv6 LAN Setting / LAN IPv6 Address")

I learnt a bit more today and I was not clear enough in the description of my problem because of my lack of understanding IPv6.

What I really want is to configure the prefix (that my ISP is giving me permanently) statically in my router so that my router still knows how to route my GUAs after a reboot and a loss of Internet connection. Fortunately, there is an option just for that purpose in the GUI. I need to use the "Native" connection mode in https://<myrouter>/Advanced_IPv6_Content.asp, disable the option "DHCP-PD" and fill in the following settings:

• IPv6 LAN Setting / LAN IPv6 Address: 2001:1234:5678::1 Prefix from my ISP and ::1 as host ID
  
• IPv6 LAN Setting / LAN Prefix Length: 48 the same I had from my ISP
  
• IPv6 LAN Setting / LAN IPv6 Prefix: 2001:1234:5678:: (auto-filled with prefix used in setting "IPv6 LAN Setting / LAN IPv6 Address")

I also disabled the option "Release prefix on exit".

So that solves my main problem.

Now, I would like to add/replace the link-local LAN IPv6 address with is auto-configured by the simplest fe80::1 but that could be the subject for another dedicated topic.

Last but not the least, the whole point of the configuration is to be able to access locally-hosted web applications with HTTPS (e.g.: https://myapp.example.com) locally even when Internet is down. Now that I have successfully configured a static prefix as stated above and also added local domain name resolution in my router (https://github.com/RMerl/asuswrt-merlin.ng/wiki/Custom-domains-with-dnsmasq), I can indeed access my web apps with HTTPS locally when Internet is down, even after a reboot of the router.

But it is not enough. Why? Because when I try to access the web apps from my smartphone which is connected to the local network with Wi-Fi and a 4G mobile network, then the (smart)phone only tries to reach the app via mobile network but it obviously times out because the server is not connected to the Internet at this time. Turning off the mobile network on my phone forces the traffic to travel via the local network and therefore allows the access to the web apps. My goal is to avoid forcing users to do this extra step in this particular situation. It should work out of the box. My IPv6 has led me to discover ULA and I wonder if that would be of any help in that situation. But again, that could be the subject for another dedicated topic.

 

[SomeWhereOverTheRainBow]

I learnt a bit more today and I was not clear enough in the description of my problem because of my lack of understanding IPv6.

What I really want is to configure the prefix (that my ISP is giving me permanently) statically in my router so that my router still knows how to route my GUAs after a reboot and a loss of Internet connection. Fortunately, there is an option just for that purpose in the GUI. I need to use the "Native" connection mode in https://<myrouter>/Advanced_IPv6_Content.asp, disable the option "DHCP-PD" and fill in the following settings:

• IPv6 LAN Setting / LAN IPv6 Address: 2001:1234:5678::1 Prefix from my ISP and ::1 as host ID
  
• IPv6 LAN Setting / LAN Prefix Length: 48 the same I had from my ISP
  
• IPv6 LAN Setting / LAN IPv6 Prefix: 2001:1234:5678:: (auto-filled with prefix used in setting "IPv6 LAN Setting / LAN IPv6 Address")

I also disabled the option "Release prefix on exit".

So that solves my main problem.

Now, I would like to add/replace the link-local LAN IPv6 address with is auto-configured by the simplest fe80::1 but that could be the subject for another dedicated topic.

Last but not the least, the whole point of the configuration is to be able to access locally-hosted web applications with HTTPS (e.g.: https://myapp.example.com) locally even when Internet is down. Now that I have successfully configured a static prefix as stated above and also added local domain name resolution in my router (https://github.com/RMerl/asuswrt-merlin.ng/wiki/Custom-domains-with-dnsmasq), I can indeed access my web apps with HTTPS locally when Internet is down, even after a reboot of the router.

But it is not enough. Why? Because when I try to access the web apps from my smartphone which is connected to the local network with Wi-Fi and a 4G mobile network, then the (smart)phone only tries to reach the app via mobile network but it obviously times out because the server is not connected to the Internet at this time. Turning off the mobile network on my phone forces the traffic to travel via the local network and therefore allows the access to the web apps. My goal is to avoid forcing users to do this extra step in this particular situation. It should work out of the box. My IPv6 has led me to discover ULA and I wonder if that would be of any help in that situation. But again, that could be the subject for another dedicated topic.

Your next topic of issue to explore is the compatibility of mobile clients with dhcp-pd stateful as these clients tend to not like to be told which address to use.

 

[wuzan]

Your next topic of issue to explore is the compatibility of mobile clients with dhcp-pd stateful as these clients tend to not like to be told which address to use.

In my case, I use Auto Configuration Setting stateless.

 

[coldwizard]

... I wanted to use fe80::1 in the LAN side so that it makes it easier to configure a static IPv6 gateway....

The fe80:: syntax is processed by dnsmasq running on your router. It has no information about the interfaces of the ISP's router and therefore cannot change the fe80:: into the numbers used the the ISP, that is why you cannot use the short form for the WAN gateway.

Dnsmasq can and does manage the fe80:: syntax on the local LAN interfaces and does most of the sensible things. The "ra-only" option will advertise the default gateway to the devices on your LAN with the expanded fe80:xxxx:xxxx number specific to your router.

Glad to see you have the router working offline. As for the smart phone, look in it's settings to see if there is an option to set WiFi preferred as that will save you mobile data usage when home and may send the web apps to your network first?

 

[coldwizard]

Hi

My ISP provides me with a permanent 48 bits IPv6 prefix (e.g.: 2001:1234:5678::/64).

I have a fully functional IPv6 connectivity when using DHCP-PD (Prefix Delegation) aka "Native" connection type in my RT-AC87U router using Asuswrt-Merlin.

However, I would like to set the prefix statically in my RT-AC87U router aka "Static IPv6" connection type. This way, in the event of an Internet outage and after a reboot of the router, I would still be able to route to my hosts using my global IPv6 addresses, which is not possible when using DHCP-PD. Long story here: https://www.reddit.com/r/ipv6/comments/gn9ln8/local_dns_entry_for_ipv6/

I would also like to use the conventional link-local IPv6 fe80::1 as the default gateway.

I cannot make sense of the interface panel for static IPv6 in Asuswrt-Merlin. Specifically, I do not get the differences between the WAN and LAN settings below. I added what I think I should put as values.

• IPv6 WAN Setting / WAN IPv6 Address: 2001:1234:5678::1
• IPv6 WAN Setting / WAN Prefix Length: 48
• IPv6 WAN Setting / WAN IPv6 Gateway: fe80::1
• IPv6 LAN Setting / LAN IPv6 Address: 2001:1234:5678::2
• IPv6 LAN Setting / LAN Prefix Length: 48
• IPv6 LAN Setting / LAN IPv6 Prefix: 2001:1234:5678:: (auto-filled with prefix used in setting "IPv6 LAN Setting / LAN IPv6 Address")

I tested with the values mentioned (after replacing 2001:1234:5678:: by my real prefix) but a test with https://test-ipv6.com/ revealed that I did not have IPv6.

Any help will be greatly appreciated.

I know you already have it working, but ....

Did you try IPV6 type native with DHCP-PD off? That should handle the ISP dynamically for the WAN address and gateway, and let you manually configure the LAN side.

 

[wuzan]

I know you already have it working, but ....

Did you try IPV6 type native with DHCP-PD off? That should handle the ISP dynamically for the WAN address and gateway, and let you manually configure the LAN side.

I have it working because I did exactly that: turning off DHCP-PD, as described in my post #14.