Ok if have a hex S on 7.1 default config sat behind isp router and it has the typical hidden public IPv6 address after changing “Accept Router Advertisements” from “yes if forwarding disable” to “yes”.
I am now able to ping Cloudflare IPv6 dns servers and can see the results and in the log with log enabled on “defconf: accept established,related,untracked” this show the hidden IPv6 address.
What do I have to do for clients of the hexs to be able to get IPv6 addresses, Slaac passthrough ??? not really sure I get a no route on a linux box and it just has a fe80 address, Or should i open a port on te firewall for RA to get through.
SLAAC works on layer 2, and does not cross routed interfaces. I am not aware of any helper or relay to bypass this limitation, but one may exist. usually people get prefix’s delegated for their internal subnet’s through a dhcpv6-server.
This worked for me (I’ve pasted my config as commands, but all the below is accessible within the IPv6 menu of webfig) where ether1 is connected to my ISP and my LAN WAN bridge is called “bridge”
Enable DHCP client. My ISP gives me a /56 delegation so use that in the prefix length field. I don’t use my ISPs DNS, but if you do, change use-peer-dns to yes:
Setup Neighbor Discovery (ND on the webfig menu) on the bridge, with advertise-mac-address=yes advertise-dns=yes managed-address-configuration=yes other-configuration=yes dns=(Whatever IPv6 DNS servers you use, comma separated, could include your router’s new IPv6 address from above IF you have allowed remote requests, confusingly under IP->DNS not IPv6…)
So I have done quite a bit of playing about with this. Not sure if this will help you but here goes.
First there is a bug in ROS7 where if your WAN IP is assigned by SLAAC and you enable IP Forwarding, then IPv6 breaks.
There is some discussion here that "you should not use SLAAC for getting your WAN Address, but if that's the way your provider does it..... too bad so sad....
On v6 with SLAAC......
My ISP assigns a WAN IP via SLAAC and then routes a /56 for personal use to that IP.
You can then split up that /56 into multiple /64 for use by clients on the other side (LAN Side) of the router.
IPv6 Address 2404:9404:4:0:216:3eff:fee1:7681
IPv6 Routed 2404:9404:4176:8100::/56
LAN Addresses are also being issued through Neighbor Discovery not actually IPv6DHCP-Server. But the ipv6 DNS Server is being issued by DHCPv6, hence that configuration in there.
ether1 is WAN and ether2 is LAN
This is my config in v6. as per above the same comfig in v7 does not work, no matter what I try.
#Enable ND on the wan to get my WAN IP and on ether2 for my LAN
/ipv6 nd
set [ find default=yes ] interface=ether1 mtu=1500 ra-lifetime=none reachable-time=5m
add interface=ether2 other-configuration=yes reachable-time=5m
/ipv6 nd prefix default
set preferred-lifetime=4h valid-lifetime=4h
#Set IPV6 settings to accept advertisements
/ipv6 settings
set accept-router-advertisements=yes
Thanks for this will play around our isp gives a /56 and the first /64 is the isp router meh.. to add insult to injury you can’t add routes on the isp router.
The only bizarre way to get around all of this is to have a openwrt based router in tandem with ros with ipv4 disabled and ipv6 ra relay enabled.
But in all honesty not being able to see what ipv6 address is assigned without pinging something and logging the traffic is odd.
I really hope one of the 7 updates brings some decent ipv6 features to ros.
If your ISP router runs at lest half-decent DHCPv6, then you could configure DHCPv6 client on hEX S, but only request prefix (not address) and store the prefix into a IPv6 address pool. If hEX S will receive a prefix, then next step is to assign one address from same pool to its “LAN” interface, and enable ND / router advertisements on “LAN” interface … which will allow “LAN” clients to use SLAAC …