ZebMcKayhan
Very Senior Member
Hello,
When attempting ipv6 policy routing I've currently failing seemingly due to "ip rule ... suppress_prefixlength 0" does not seem to supress anything for ipv6 on some router models. It is meant to be able to consult a route table for routes more specific than prefix length 0, meaning use any routes but not default route. This comes very handy for policy routes.
To replicate we could setup a simple policy route table using some unknown internet destination. Let's choose 2600:: since it's easy to write:
We can check where router would normally route this by:
It would output to your wan ipv6.
Now, lets just tell the router that this destination is found on our lan for convenience, just for the sake of testing, I.e:
And we can try again:
Now the router wants to send this destination to br0 because we told it so. It's not going to work, but that's not the point.
Now we ask router to consult main table for all routes except the default route before going to our policy table, which should not find a route so it should not affect us:
And we test again:
Now, unless there is a more specific route to 2600:: in main routing table the result we should get is br0. But on some routers it's wan meaning suppress_prefixlength have not suppressed anything. The same Commands works as expected on all routers I've tested on for ipv4.
Finally, to restore system after the test:
Routers tested that fails for ipv6:
RT-AX86U (388.8_?) https://www.snbforums.com/threads/wireguard-client-with-ipv6-enabled.92922/post-934311
RT-AX88U (388.8_4) many thanks to @archiel for testing this.
Routers tested that it works for ipv6:
RT-AX86U PRO - 388.8_2 & 388.8_4
I was hoping some more people could confirm this, so it's not just me. Or maybe I'm just doing something wrong or missing something?
I don't think Asus or @RMerlin uses this function in fw and I don't know if @RMerlin can do anything about this, altough I'm hoping.
When attempting ipv6 policy routing I've currently failing seemingly due to "ip rule ... suppress_prefixlength 0" does not seem to supress anything for ipv6 on some router models. It is meant to be able to consult a route table for routes more specific than prefix length 0, meaning use any routes but not default route. This comes very handy for policy routes.
To replicate we could setup a simple policy route table using some unknown internet destination. Let's choose 2600:: since it's easy to write:
We can check where router would normally route this by:
Code:
ip -6 route get 2600::Now, lets just tell the router that this destination is found on our lan for convenience, just for the sake of testing, I.e:
Code:
ip -6 route add 2600:: dev br0 table 10
ip -6 rule add from all to 2600:: lookup 10 prio 11And we can try again:
Code:
ip -6 route get 2600::Now we ask router to consult main table for all routes except the default route before going to our policy table, which should not find a route so it should not affect us:
Code:
ip -6 rule add from all to 2600:: lookup main suppress_prefixlength 0 prio 10And we test again:
Code:
ip -6 route get 2600::Finally, to restore system after the test:
Code:
ip -6 rule del prio 10
ip -6 rule del prio 11Routers tested that fails for ipv6:
RT-AX86U (388.8_?) https://www.snbforums.com/threads/wireguard-client-with-ipv6-enabled.92922/post-934311
RT-AX88U (388.8_4) many thanks to @archiel for testing this.
Routers tested that it works for ipv6:
RT-AX86U PRO - 388.8_2 & 388.8_4
I was hoping some more people could confirm this, so it's not just me. Or maybe I'm just doing something wrong or missing something?
I don't think Asus or @RMerlin uses this function in fw and I don't know if @RMerlin can do anything about this, altough I'm hoping.
