Foris guest mode is IPv4-only
Using a guest network set up by Foris interface renders guest network with no IPv6 connectivity at all, even though the router has big enough IPv6 range to satisfy both LAN and guest network.
To fix this issue, only few parts of generated config have to be tackled:
- add
option ip6assign '64'
to network configuration - add
option dhcpv6 'server'
andoption ra 'server'
to DHCP configuration - add a few IPv6 rules to the firewall configuration:
config rule
option name 'guest_turris_Allow-DHCPv6'
option src 'guest_turris'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '546-547'
option dest_ip 'fe80::/10'
option dest_port '546-547'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'guest_turris_Allow-MLD'
option src 'guest_turris'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'guest_turris_Allow-ICMPv6-Input'
option src 'guest_turris'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
Also, the logical network interface name guest_turris
is not very good choice as the interfaces are sorted alphabetically and this makes guest network appear before the lan
network. In the cases where upstream doesn't have large enough IPv6 assignment to support two subnets (for instance, single /64 assigned by O2 CZ xDSL), only the first interface gets IPv6 connectivity. Therefore, I would recommend renaming guest network interface to something like turris_guest
or zz_guest
.