11.05.2024

3109

EdgeRouter Lite 3 IPv6 configuration

Hi;

I am trying to configure the EdgeRouter Lite 3 with two subnets on eth1 and eth2.

The router is behind a Cable Fritzbox. So I get IPv4 and IPv6 addresses. All my devices get both IPv4 and IPv6 addresses, when connected to Fritzbox directly, however, when I connect Edgerouter Lite to Fritzbox, it gets both IPv4 and IPv6 from Fritzbox on eth0, while, it does not relay/advertise the IPv6 prefix to any of eth1 and eth2.

The configuration of IPv6 in Fritzbox is as follows:

Router advertisement in LAn active
           ULA: Assign ULA as long as there is no IPv6 connection(recommended)

Additional IPv6 routers in the home network:
          Also allow IPv6 prefixes that other IPv6 routers announce in the home network
          This FRITZ!Box provides standard Internet access

          Set router advertisement preference (higher preferences are preferred by clients): middle

DNS server in the home network:
         Also announce DNSv6 servers via router advertisement (RFC 5006)

DHCP server in the home network:
        DHCPv6-Server in der FRITZ!Box für das Heimnetz aktivieren:

        Select which information the DHCPv6 server should provide in the home network.
                  Assign DNS servers only: FRITZ!Box is announced as a DNS server via DHCPv6.

In the EdgeRouter Lite firewall, I have rules for the firewall ipv6_name icmpv6 and ports 546-547/udp.

For the interfaces in ethernet I have:

eth0:
               dhcpdv6-pd:
                                     pd: 0
                                             prefix length: /60
                                             interface:
                                                             eth0: 
                                                                     host-address: ::1
                                                                     prefix-id: :0
                                                                     service: slaac
                                                              eth0: 
                                                                     host-address: ::1
                                                                     prefix-id: :1
                                                                     service: slaac
                                                              eth0: 
                                                                     host-address: ::1
                                                                     prefix-id: :2
                                                                     service: slaac
               firewall:
                            in: 
                                ipv6-name: wan_in (Configured in the firewall ipv6-name)
                            local:  
                                ipv6-name: wan_local (Configured in the firewall ipv6-name)

               ipv6: address autoconf
               router-advert:
                            prefix: ::/64

I still cannot get ipv6 on eth1 and eth2, but I get ipv6 on eth0.

What am I missing here for eth1 and eth2?

Thank you in advance

Bitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben

Content-ID: 43295658502

Url: https://administrator.de/contentid/43295658502

Ausgedruckt am: 23.11.2024 um 20:11 Uhr

17 Kommentare

Neuester Kommentar

Hallo,

Zitat von @Linuxero:
What am I missing here for eth1 and eth2?

Read https://community.ui.com/questions/EdgeRouter-Lite-No-IPv6-Connectivity/ ...
https://nurblieh.medium.com/ipv6-on-the-edgerouter-lite-c95e3cc8d49d
https://wejn.org/2022/01/configuring-ipv6-on-edgerouter-for-fiber7-and-p ...
Firmware?
Config is actually what exeactly?
And DHCP on in the FritzBox dows what, especiaaly since the ERL3 handels all the clients?
Clients hinter EdgeRouter-X bekommen keine IPv6-Global-Unicast-Adresse

Gruss,
Peter

Howdy.

Select which information the DHCPv6 server should provide in the home network.
Assign DNS servers only:
FRITZ!Box is announced as a DNS server via DHCPv6.

This setting is wrong, you must provide prefix Information (IA_PD) via DHCPv6 to sub routers!!

So if you want to provide prefixes for sub routers you have to choose at least the second option with IA_PD, the last if you also want to provide single addresses in this layer2 domain via DHCPv6.

And on the Edge Router use DHCPv6 instead of SLAAC to get the prefix Information from the Fritzbox. The Fritzbox provides new prefixes only on request via DHCPv6, not by using SLAAC.

I strongly recommend that you read this document beforehand to get fit using IPv6
https://danrl.com/ipv6/

Regards

Can also be seen with a Fritzbox serving Dual Stack connections with prefix delegation and firewalls in a cascade setup like above:
https://www.kuerbis.org/2023/03/ipv6-im-heimnetz-mit-pfsense-und-dynamis ...
https://blog.veloc1ty.de/2019/05/26/pfsense-opnsense-ipv6-delegation-fri ...
etc.
Here is a corresponding Cisco router example.

@Pjordorf;
The firmware is v2.0.9-hotfix.7.
I need to get IPv6 on all my clients behing the Edgerouter..
DHCP on Fritzbox should only announce the Fritzbox as a DNS server according to my understanding and the configuration I chose. But this can be changed later, when I get IPv6 working on the Edgerouter.

@13034433319;

This setting is wrong, you must provide prefix Information (IA_PD) via DHCPv6 to sub routers!!

When I choose any of the other settings as you suggest, the Edgerouter gets a correct global IPv6 address as well as a private IPv6 address starting with fd00::

Otherwise, the links provided, except for @aqui, correspond to my configuration.

@aqui; interesting links. I am going through them now.

Thank you all

Zitat von @Linuxero:

@Pjordorf;
The firmware is v2.0.9-hotfix.7.
I need to get IPv6 on all my clients behing the Edgerouter..
DHCP on Fritzbox should only announce the Fritzbox as a DNS server according to my understanding

No that's wrong thinking! The Fritzbox itself normally gets a dynamic global prefix from your provider e.g. a 56er prefix. To use a subnet of this prefix your edge router must request a prefix by issuing a DHCPv6 ND solicitation to all DHCPv6 Servers (ff02::1:2) on its WAN Interface, the Fritzbox then must answer with an offer which must include a prefix from the global pool it has on its own, if you do not enable IA_PD on the Fritzbox this offer will never include a Prefix for the edge router, and thus it will not be able to distribute a prefix to its sub interfaces ! Without this setting you won't be able to get global IPv6 routing active for your clients behind the edge router without manual intervention, that's a simple fact!

When I choose any of the other settings as you suggest, the Edgerouter gets a correct global IPv6 address as well as a private IPv6 address starting with fd00::

Then your Fritzbox settings are wrong, or your edge router does not request the correct type of address for the prefix delegation, or the Fritzbox did not get a prefix only an address, or the prefix is too smal to be distributed by the Fritzbox.

These are the correct settings you have to choose

For the Config on the edgerouter see
https://www.o-schroeder.de/sysadmin/DSLite/edgerouter.php

Also check what prefix size you get on the Fritzbox, if the size is too small the Fritzbox will not provide prefixes to sub routers. Also note that the Fritzbox normally only provides 62er Subnets via PD, not 60er, but that can depend on OEM configuration. With a 62er you can promote up to 4 different IPv6 Subnets to your interfaces on the edge router, so this suits your current setup.

Thank you for all your insights. I am attaching screenshots of my configuration. Maybe this could help show out my problem better.

I cannot arrange the screenshots otherwise

The last two screenshots of fritzbox

Edgerouter screenshots

Edgerouter - firewall screenshots group 1

Edgerouter groups

Edgerouter ipv6-name

I guess I'll send all the screen shots unordered, otherwise it's going to take a lot of time

The last group of screenshots - interfaces on edgerouter

Fritzbox is OK now but EdgeRouter not see
https://www.o-schroeder.de/sysadmin/DSLite/edgerouter.php

@13034433319;

Thank you very much for this link. It has been very helpful. At least all the edgerouter interfaces have now IPv6 addresses.

On the other hand, the clients are not getting any IPv6 address..!

I have tried to use wireshark to check the communication; apparently the client sends RS but no RA comes back to the client.

I have checked the firewall configuration on both the edgerouter and the client. So it cannot be a client firewall problem, since clients get IPv6 and RA when I connect them directly to fritzbox.

As I said, I have compared the firewall settings as per the link you kindly indicated. But I am not sure, what the problem is. The logs on the edgerouter have no indication of ipv6 packets or communication. :|

First just disable all rules for the LAN interface, then check the client afterwards, it should get an address, if not, your are missing a right setting for neighbour discovery or prefix advertising! If yes, you know it's a firewall error in your ruleset.Then enable each rule one after another, and in-between disable and enable the clients interface to check again if it gets an RA from the router or not. So you can find your firewall error.
You should post firewall rules as text from the console this would be more helpful for us, the screens are not really reflecting the order which is very important in firewalling ...

And as always, first read https://danrl.com/ipv6/ completely then you know exactly what to allow on the firewall to get it working, but the most important result of this is, you understand why and can fix it yourself!

Good luck.

Englisch Frage Firewall LAN, WAN, Wireless Router, Routing Netzwerkmanagement

Heiß diskutiert