Disable IPv6 with OpenWRT

ipv6openwrt

When I use stock Linksys firmware on my router, my networked devices properly use IPv4 only to access the Internet.

When I use OpenWRT 15.05.1, the devices try to connect to various sites using IPv6 addresses, which would be great if my ISP provided IPv6 service, which it doesn't.

I've tried a few things which haven't worked: turning off DHCPv6, disabling the DNS caching of dnsmasq, setting dnsmasq's DHCP server to provide a static DNS server address (8.8.8.8), and setting OpenWRT's internal DNS server setting to use that DNS server.

How do I get OpenWRT to stop telling devices that it's OK to use IPv6?

Results of commands on one of the networked devices

The results of ip addr are:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:1a:80:7a:4e:47 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.107/24 brd 192.168.1.255 scope global dynamic enp6s0
       valid_lft 42521sec preferred_lft 42521sec
    inet6 fd7f:77c6:629f::9e8/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fd7f:77c6:629f::4e3/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fd7f:77c6:629f:0:21a:80ff:fe7a:4e47/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::21a:80ff:fe7a:4e47/64 scope link 
       valid_lft forever preferred_lft forever
3: wlp2s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:1d:e0:44:04:57 brd ff:ff:ff:ff:ff:ff

The results of route -6 are:

Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
fd7f:77c6:629f::4e3/128        ::                         U    256 0     0 enp6s0
fd7f:77c6:629f::9e8/128        ::                         U    256 0     0 enp6s0
fd7f:77c6:629f::/64            ::                         U    100 1     3 enp6s0
fd7f:77c6:629f::/48            fe80::c256:27ff:fe77:37a7  UG   100 0     0 enp6s0
fe80::/64                      ::                         U    256 2    10 enp6s0
::/0                           ::                         !n   -1  1   729 lo
::1/128                        ::                         Un   0   3     6 lo
fd7f:77c6:629f::4e3/128        ::                         Un   0   1     0 lo
fd7f:77c6:629f::9e8/128        ::                         Un   0   1     0 lo
fd7f:77c6:629f:0:21a:80ff:fe7a:4e47/128 ::                         Un   0   2     3 lo
fe80::21a:80ff:fe7a:4e47/128   ::                         Un   0   2    30 lo
ff00::/8                       ::                         U    256 2    67 enp6s0
::/0                           ::                         !n   -1  1   729 lo

The results of both ping6 google.com and ping6 2607:f8b0:4008:808::200e are:

connect: Network is unreachable

Best Answer

On initial installation (or settings reset) OpenWrt generates a Unique Local Address prefix and assigns ULAs to all the devices in the network, allowing them to communicate internally via IPv6 even without global IPv6 connectivity.

This generally works fine, except in two scenarios:

An end device attempts to route global IPv6 traffic anyway, despite this address range not being usable for that purpose. Your routing table doesn't indicate that this is what is happening, and no commonly used operating system from the last decade or so would be doing this.
An application misbehaves, and attempts to make global IPv6 connections when the computer does not have global IPv6 connectivity (or more specifically, a default route). From your description, this seems to be what is going on.

To be explicit: By advertising a ULA prefix, OpenWrt is not telling your devices that it's OK to access the Internet via IPv6. It is only telling them that it's OK to access your home network via IPv6.

The long-term solution is to fix the misbehaving applications. If you have run into this behavior in a particular application, you should report it as a bug to its developers.

The short-term workaround is to have OpenWrt not advertise a ULA prefix. You can go to Network > Interfaces, blank out the IPv6 ULA-Prefix box, and click Save & Apply. This will prevent OpenWrt from advertising a ULA prefix. If you ever reset your router's settings to defaults, you may need to do this again.

Related Solutions

Native IPv6 on openwrt

Sounds like you have got the connectivity part working, but you're actually not acting as a router.

You must find out the following from your ISP:

Whether the subnet assigned to your ppp0 interface is the same one you use for your LAN
How the subnet is delegated to you (static, DHCPv6, etc.)

These WRT54G builds include DHCPv6-PD support, which works with Internode, an Australian ISP, but you have said you are from Norway, and your ISP does not necessarily do it the same way.

You have mentioned radvd, but that is pretty much irrelevant — you need to figure out what the subnets are before you go anywhere near something like radvd. sysctl net.ipv6.conf.all.forwarding=1 is a good start, but you still need more.

If you go to the ADSL FAQ from Internode, they provide this information:

The IPv6 Broadband Trial allows Internode customers to test and gain experience with IPv6 using their existing Internode ADSL service.

What will this give me?

Your existing IPv4 address (if static) and route(s)

A dual-stack IPv4/IPv6

A dynamic /64 IPv6 prefix for your PPP session

A stable /60 IPv6 prefix for your LAN (if you are using a router with Prefix Delegation)

How do hosts on my LAN obtain globally routed IPv6 addresses?

Your IPv6 Access Device/router should assign /64 subnets to it's interfaces after it obtains a DHCPv6 PD lease. It should then offer the prefix to your hosts via IPv6 Stateless Address Autoconfiguration. In more complicated setups you may choose to use DHCPv6 as well.

You must find out the equivalent information from your ISP. I'd hazard a guess that you need something like a DHCPv6-PD–enabled setup, but we can't know for sure until we get more information. Heck, we don't even know what your ISP is.

IPv6 routing problem

To be completely honest, I don't know why or how this fixes it...

My new route table


andrew@route:~$ ip -6 route
2001:470:XXXX:XXXX::1 dev 6in4  metric 1024  mtu 1480 advmss 1420 hoplimit 0
2001:470:XXXX:XXXX::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev tap0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 via :: dev 6in4  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 0
default via 2001:470:XXXX:XXXX::1 dev 6in4  metric 1024  mtu 1480 advmss 1420 hoplimit 0

The rule that I ended up removing:


2001:470:XXXX:XXXX::/64 via :: dev 6in4  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 0

After removing that rule(randomly of course) the "other computers" could ping out with no problem at all.

I've prevented my router from generating that rule in the future by removing the address from the 6in4 interface in /etc/network/interfaces.

Anyway, thank you for those of you who took the time to read my post.

Results of commands on one of the networked devices

Best Answer

Related Solutions

Native IPv6 on openwrt

IPv6 routing problem

Related Question