Uncategorized

IPv6, OpenWRT and miscomprehensions

by [email protected]

So I was fighting things for a while regarding IPv6 on this very website’s setup. It’s quite simple, this site runs on a Raspberry pi4 with 2GB of ram, with nginx, PHP, Mariadb and an external USB drive for storing the data. The pi has an IPv6 address that I feed to Cloudflare, for protection and caching. It also enables folks who are on an IPv4 connection only to be able to reach this page. But I was struggling to make things work consistently for a while. My router is OpenWRT based, my ISP has allocated me a full /64 prefix… So all should’ve been easy. Except it wasn’t trivial.

What was happening was, my pi would give me an IPv6 address that was globally accessible, and the site would run when I put in the right holes in my firewall for CloudFlare… But every time the router rebooted, the pi’s IPv6 address changed. This shouldn’t have happened, since there’s a consistent DUID value that’s normally passed on to the DHCPv6 server and you can then get the same IP again.

So what was happening? Turns out, I had incorrectly setup my DHCPv6 router. OpenWRT has a multitude of settings, and one of the more confusing ones on the IPv6 parts was for the LAN interface’s DHCP IPv6 setting, it had Relay, Server or Hybrid modes available. Now, me not knowing any better, I thought the hybrid (where it would do either relay or server as needed) would be the simplest and best way to go.

It took a lot of deep-diving for me to realize that with my relatively simple network architecture, I was much better off with the Server mode. Relay and Hybrid are for cases where you’re trying to allocate IPv6 addresses to devices that are offsite or coming in through guest networks where topology isn’t straightforward. And I’m sure I’m getting more than half of the details wrong.

The short of it was that it was adding complexity and controls that were giving me just enough rope to hang myself with. So. Back to standard server mode. Now, *all* of my IPv6 capable network devices show up as receiving a DHCPv6 address in the router. This makes it so much easier for me to manage, since the OpenWRT overview now shows me what my IPv6 devices on the network are. And the pi? Its IP will survive reboots. So I won’t need to login repeatedly to Cloudflare or my router and copy paste the new IPv6 address to let you reach this website.