Configuring IPv6 NAT6 for Guest WiFi Network in OpenWRT

Configuring IPv6 NAT6 for Guest WiFi Network in OpenWRT

by

First, add the WiFi guest network through the web interface or by modifying the configuration. The wireless interface added through the MTK management interface must be added to the bridge:

12345678910111213141516171819 
config globals 'globals'
        option ula_prefix 'xxxx:xxxx:xxxx::/48'
config interface 'guest'
        option proto 'static'
        option ipaddr '10.0.100.1'
        option netmask '255.255.255.0'
        option device 'br-guest'
        option ip6assign '64'
        # The assigned prefix, i.e., xxxx:xxxx:xxxx:10::/64
        option ip6hint 10
        # Only assign the private network defined by ula_prefix. If pppoe can allocate 60 or more, this option can be omitted to allocate private network and wan_6 public network
        list ip6class local
config device
        option type 'bridge'
        option name 'br-guest'
        list ports 'ra1'
        list ports 'rax1'

If the interface is added through the native wireless management of OpenWRT, it must be added to the specified network without additional steps to add to the bridge:

1234567 
config wifi-iface 'wifinet3'
        option device 'MT7986_1_1'
        option mode 'ap'
        option ssid '2.4G-guest'
        option encryption 'psk-mixed'
        option key 'www.haiyun.me'
        option network 'guest'

DHCP configuration:

123456789101112131415 
config dhcp 'guest'
                option interface 'guest'
                option start '150'
                option limit '100'
                option leasetime '12h'
                option dhcpv4 'server'
                list ra_flags 'none'
                option dns_service '0'
                option ra_default '2' # Force announce IPv6 route to clients
                option ra 'server'
                option ra_maxinterval '120'
                option ra_ra_mininterval '60'
                option ra_lifetime '1200'
                option ra_useleasetime '1'
                option preferred_lifetime '10m'

iptables configuration:

123 
ip6tables -A INPUT -i br-guest -p icmpv6 -j ACCEPT
ip6tables -A FORWARD -i br-guest -o pppoe-wan -j ACCEPT
ip6tables -t nat -A POSTROUTING -s xxxx:xxxx:xxxx:10::/64 -o pppoe-wan -j MASQUERADE

When PPPoE successfully obtains IPv6, add the default IPv6 route:

1 
echo 'ip -6 rou add default via $LLREMOTE dev $IFNAME' >> /lib/netifd/ppp6-up

If it is obtained via DHCP, add hotplug settings for the default IPv6 route:

1234 
#!/bin/bash
if [ $ACTION = "ifup" -a "$INTERFACE" = "wan6" ]; then
   ip -6 rou add default via fe80::1 dev eth1
fi

Related posts:

  1. Setting Up and Using Bypass Routers in OpenWrt
  2. Introducing LEDE: A New Era for Embedded Linux Development
  3. The Split Between LEDE and OpenWrt: A Technical Overview

Leave a Comment

×