What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Option to add IPv6 addresses to bridge interface

M

meliodas

Occasional Visitor
Hi, the current state of Merlin only allows you to set an IPv4 address on the bridge/LAN interface. Would be useful to also have the option to set IPv6 local addresses on the same interface. If there are other solutions, do inform thanks.
 
I tested manually adding a ULA address to br0 a few months ago. dnsmasq.conf had to be adjusted to properly serve the prefix to clients. There was an oddity with dnsmasq’s default tag system that was different for this scenario, such as the lan tag did not apply, but a br0 tag had to be added for the ULA range. Specific details (and my memory) are sketchy, but I ultimately dropped the idea.
 
What is the use case here? If you enable IPv6 on the WAN then the bridge interface already gets a link local IPv6 address (IIRC).
 
ColinTaylor said:
What is the use case here? If you enable IPv6 on the WAN then the bridge interface already gets a link local IPv6 address (IIRC).
Click to expand...
And if you set DHCP-PD to Disabled you get to put in your own ip for br0, which could be a ULA If so wishes. It wouldn't work for internet (unless firewall rules for ipv6 nat is added) but that's another story.
Unless we know the use case as @ColinTaylor says, it's hard to give proper answer.
 
ZebMcKayhan said:
And if you set DHCP-PD to Disabled you get to put in your own ip for br0, which could be a ULA If so wishes. It wouldn't work for internet (unless firewall rules for ipv6 nat is added) but that's another story.
Unless we know the use case as @ColinTaylor says, it's hard to give proper answer.
Click to expand...

The use case is that my network is IPv6-only and when the router reboots, it's only accessable by it's IPv4 LAN address. So having a ULA address there makes the router accessable over IPv6 as well, even when the net is down..
 
meliodas said:
The use case is that my network is IPv6-only and when the router reboots, it's only accessable by it's IPv4 LAN address. So having a ULA address there makes the router accessable over IPv6 as well, even when the net is down..
Click to expand...
I have a vague memory of router already giving out ula alongside your public ip... or maybe that was just my setup, I don't use ipv6 on my lan anymore, last time was on 386 fw so things could have changed.

But if it don't, I agree that it should be something you set in the gui, you wouldn't want to use your ever-changing public ip internally.
 
Last edited:
Crimliar said:
Now we know the use case, with the right (ipv6) DDNS you can always use the host.domain.tld such so that could be something like https://c3po.thesearentthesitesyourelookingfor.com:8443
Click to expand...
I think you're missing the point.

meliodas said:
The use case is that my network is IPv6-only and when the router reboots, it's only accessable by it's IPv4 LAN address. So having a ULA address there makes the router accessable over IPv6 as well, even when the net is down..
Click to expand...
Are you sure you don't already have an IPv6 address? I've just looked at my old RT-AC68U and with IPv6 enabled but the WAN down it has a link local address (EUI-64).
 
Last edited:
meliodas said:
The use case is that my network is IPv6-only and when the router reboots, it's only accessable by it's IPv4 LAN address. So having a ULA address there makes the router accessable over IPv6 as well, even when the net is down..
Click to expand...
I really hate reading man pages of dnsmasq. Somehow I always have more questions after reading then before. But
--dhcp-range=::1,::400,constructor:eth0
will look for addresses on eth0 and then create a range from <network>::1 to <network>::400. If the interface is assigned more than one network, then the corresponding ranges will be automatically created,
Click to expand...
To me sounds like dnsmasq directive would announce all available addresses on the interface.

So perhaps a simple:
Code: 
ip -6 address add dev br0 your:e:uniq:e:ula::1/64

Would be sufficient. I could not find a way to force a new ra, so perhaps a
Code: 
service restart_dnsmasq
Would be needed.


ColinTaylor said:
I've just looked at my old RT-AC68U and with IPv6 enabled but the WAN down it has a link local address (EUI-64).
Click to expand...
Me to... but I somehow cannot use this to access the router gui, neither can I connect via ssh, can you?
But I can ping it...
 
ColinTaylor said:
I think you're missing the point.


Are you sure you don't already have an IPv6 address? I've just looked at my old RT-AC68U and with IPv6 enabled but the WAN down it has a link local address (EUI-64).
Click to expand...
Thanks guys for all the replies. LLA is indeed there when IPv6 is enabled. But that's not something you can use for accessing the GUI. ULA's, the RFC1918 equivalent is recommended so that's the common setup most people go with + the address doesn't change just like it's private IPv4 counterpart.

So having the option to set it in the GUI would benefit alot of people that want to use it, me included. Heck, maybe also have an option to auto-generate/auto-populate a ULA address block when ULA is enabled.
 
meliodas said:
Thanks guys for all the replies. LLA is indeed there when IPv6 is enabled. But that's not something you can use for accessing the GUI. ULA's, the RFC1918 equivalent is recommended so that's the common setup most people go with + the address doesn't change just like it's private IPv4 counterpart.

So having the option to set it in the GUI would benefit alot of people that want to use it, me included. Heck, maybe also have an option to auto-generate/auto-populate a ULA address block when ULA is enabled.
Click to expand...
I do this exact thing.

/jffs/scripts/ula contains:
#!/bin/sh
ip -6 addr add MyULA::1/64 dev br0

Which gets called by /jffs/scripts/services-start so it'll kick in upon reboot:
/jffs/scripts/ula # Assign ULA on boot

And since for some reason the GT-BE98 Pro removes the ULA randomly even when the WAN hasn't dropped, I also have this cron job added in services-start to keep it persistent:
cru a ula '*/1 * * * * /jffs/scripts/ula' # Ensure ULA cronjob runs every minute persistently after boot

Works perfectly. ifconfig br0 confirms all the addressing is there and properly kept assigned.

Also, unrelated to this exactly but I do a similar thing to blackhole all of Google's DNS, /jffs/scripts/blackholes contains:
#!/bin/sh
# Add blackhole routes for Google's DNS servers

# IPv4
ip route add blackhole 8.8.4.4
ip route add blackhole 8.8.8.8

# IPv6
ip -6 route add blackhole 2001:4860:4860::8844
ip -6 route add blackhole 2001:4860:4860::8888

I run two pi-holes locally with unbound as well so don't want hard-coded devices sneaking past. This forces them to behave.
 
prp2 said:
I do this exact thing.

/jffs/scripts/ula contains:
#!/bin/sh
ip -6 addr add MyULA::1/64 dev br0

Which gets called by /jffs/scripts/services-start so it'll kick in upon reboot:
/jffs/scripts/ula # Assign ULA on boot

And since for some reason the GT-BE98 Pro removes the ULA randomly even when the WAN hasn't dropped, I also have this cron job added in services-start to keep it persistent:
cru a ula '*/1 * * * * /jffs/scripts/ula' # Ensure ULA cronjob runs every minute persistently after boot

Works perfectly. ifconfig br0 confirms all the addressing is there and properly kept assigned.

Also, unrelated to this exactly but I do a similar thing to blackhole all of Google's DNS, /jffs/scripts/blackholes contains:
#!/bin/sh
# Add blackhole routes for Google's DNS servers

# IPv4
ip route add blackhole 8.8.4.4
ip route add blackhole 8.8.8.8

# IPv6
ip -6 route add blackhole 2001:4860:4860::8844
ip -6 route add blackhole 2001:4860:4860::8888

I run two pi-holes locally with unbound as well so don't want hard-coded devices sneaking past. This forces them to behave.
Click to expand...
Thanks. This does help temporarily. If I recall, when restarting the wan from the GUI, it removes any additional IPv6 addresses on br0, which I have 2 of them and will have to wait till the WAN re-establishes itself so it executes the wan0-connected script and adds back the addresses. A little tedious but a temporary workaround.

Would be great if the devs could add the option to add IPv6 addresses under the LAN section of the GUI.
 
ZebMcKayhan said:
Me to... but I somehow cannot use this to access the router gui, neither can I connect via ssh, can you?
But I can ping it...
Click to expand...

I agree, the router's web server only responds to ipv4 addresses (at least my old RT-AC68U, might have changed on new routers).
 
meliodas said:
Thanks. This does help temporarily. If I recall, when restarting the wan from the GUI, it removes any additional IPv6 addresses on br0, which I have 2 of them and will have to wait till the WAN re-establishes itself so it executes the wan0-connected script and adds back the addresses. A little tedious but a temporary workaround.

Would be great if the devs could add the option to add IPv6 addresses under the LAN section of the GUI.
Click to expand...
Well like I said that's why I add the cronjob to constantly add back the ULA every minute. If it already exists, it doesn't add it again, and if it's missing it puts it back. Works like a charm.
 
Accessing the WEBUI using IPv6 does work on the GT-AX6000 and I would assume on most newer routers. As does, having just tested this, using IPv6 only DDNS with my own domain, which is the much easier option IMHO!
 
Crimliar said:
Accessing the WEBUI using IPv6 does work on the GT-AX6000 and I would assume on most newer routers. As does, having just tested this, using IPv6 only DDNS with my own domain, which is the much easier option IMHO!
Click to expand...
The issue is how to access the webUI using a local IPv6 address when there is no WAN connection. DDNS won't help there.
 
prp2 said:
# Add blackhole routes for Google's DNS servers

# IPv4
ip route add blackhole 8.8.4.4
ip route add blackhole 8.8.8.8

# IPv6
ip -6 route add blackhole 2001:4860:4860::8844
ip -6 route add blackhole 2001:4860:4860::8888
Click to expand...

Crazy thing with Google Public DNS - the addresses you mention for IPv4/IPv6 are not the only ones - those go to a load-balancer and then go from there out to their cloud...

Your DNS resolvers are:
Google
 
You must log in or register to reply here.

Similar threads

i0ntempest
VLAN and SDN index/bridge index number questions - how are they decided?
Replies
2
Views
226
i0ntempest
i0ntempest
W
asus rt-ax88u ipv6 through wireguard client dhcp problem
Replies
1
Views
275
ZebMcKayhan
Z
N
IPv6 Not Allowing Manual DNS Server
Replies
12
Views
891
ZebMcKayhan
Z
i0ntempest
IPv6 traffic forwarding problem: connection hangs
Replies
9
Views
669
i0ntempest
i0ntempest
L
Authentication fails on guest SSID connected to a bridge other than br0
Replies
1
Views
212
lalley2ka
L
Similar threads
Thread starter Title Forum Replies Date
Xruptor Confused on Adapative QoS Bandwidth Setting, option for Automatic Setting? Asuswrt-Merlin 6
Gen10 Solved Best practices for sorting various add-on data on, USB or JFFS? Asuswrt-Merlin 7
K Add/Remove Port Forwards on a schedule Asuswrt-Merlin 3
dragon31337 Can't add AC88U as wired AI Mesh to AC5300 Asuswrt-Merlin 13
kaotic2499 Please add Asuswrt-merlin to GT-BE98 (Non-pro) version Asuswrt-Merlin 22
E Unable to add GT-AX11000 as an AiMesh node to GT-BE98 PRO router Asuswrt-Merlin 0
I Unable to add DSL-68U to aimesh network as node Asuswrt-Merlin 11
D L2TP client on ax88U pro running latest merlin firmware how to add device Asuswrt-Merlin 0
L Suggestion: DNS Director, add optional compatibility with DOT Asuswrt-Merlin 2
V Import lease list to dnsmasq.conf.add Asuswrt-Merlin 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 503 (members: 22, guests: 481)
Back
Top