OpenWrt IPv6 Setup Guide: Complete Configuration for LuCI and UCI

OpenWrt is one of the most powerful open-source router firmware platforms, offering extensive IPv6 support with granular control over configuration. Whether you're using the LuCI web interface or prefer command-line configuration via UCI, this comprehensive guide will walk you through setting up IPv6 on your OpenWrt router, from basic connectivity to advanced multi-VLAN scenarios.

Table of Contents

• Prerequisites and Requirements
• Understanding OpenWrt IPv6 Architecture
• Basic IPv6 Setup via LuCI Web Interface
• UCI Command-Line Configuration
• DHCPv6-PD and Prefix Delegation
• SLAAC Configuration
• Firewall Configuration for IPv6
• Advanced Configuration: Multiple VLANs
• IPv6 Tunnels (Hurricane Electric 6in4)
• Troubleshooting Common Issues
• Testing Your IPv6 Configuration

---

Prerequisites and Requirements

Verify ISP Support

Before configuring IPv6 on OpenWrt, confirm that your ISP supports IPv6. Contact your ISP or check their documentation to verify:

• IPv6 is available in your service area
• The type of IPv6 provisioning they use (DHCPv6-PD, SLAAC, static)
• The prefix size they delegate (typically /56 or /60 for residential, sometimes /64)

Hardware and Firmware Requirements

OpenWrt Version: IPv6 support has been mature since OpenWrt 15.05, but for the best experience, use OpenWrt 21.02 or newer. OpenWrt 22.03 and later include firewall4 (nftables-based), which handles IPv6 more efficiently.

Memory: IPv6 functionality requires minimal additional resources. Most routers with 8MB+ flash and 64MB+ RAM can handle IPv6 without issues.

Required Packages: Most packages are pre-installed in default builds:

• odhcpd-ipv6only or odhcpd - DHCPv6 and Router Advertisement server
• ip6tables - IPv6 firewall (firewall3 versions)
• firewall4 - Unified firewall with nftables (OpenWrt 22.03+)

Access to Router

Ensure you have:

• Web browser access to LuCI (typically http://192.168.1.1 or http://openwrt.lan)
• SSH access for command-line configuration (optional but recommended)
• Administrator credentials

---

Understanding OpenWrt IPv6 Architecture

OpenWrt's IPv6 implementation centers around several key components:

odhcpd - DHCP and Router Advertisement Daemon

odhcpd is the core daemon that handles:

• Router Advertisements (RA): Announces IPv6 prefix information to clients
• DHCPv6 server: Provides stateful IPv6 address assignment
• Prefix delegation: Redistributes ISP-delegated prefixes to LAN interfaces
• NDP proxy: Bridges IPv6 connectivity across interfaces

Connection Modes

OpenWrt supports several IPv6 WAN connection types:

• DHCPv6 Client: Requests both an IPv6 address and delegated prefix from ISP
• SLAAC: Stateless autoconfiguration using Router Advertisements
• Static IPv6: Manual configuration with fixed addresses
• PPPoEv6: PPPoE with IPv6 support
• 6in4 (IPv6-in-IPv4): Tunnel for ISPs without native IPv6
• 6to4: Automatic tunneling (deprecated, avoid)

Service Modes for LAN

For LAN-side IPv6 distribution, OpenWrt uses these modes:

• Server mode: Full DHCPv6 and RA service, assigns addresses
• Relay mode: Forwards DHCPv6 requests to upstream server
• Hybrid mode: Combines SLAAC (via RA) with DHCPv6 for additional configuration

---

Basic IPv6 Setup via LuCI Web Interface

Step 1: Configure WAN6 Interface

The WAN6 interface handles IPv6 connectivity to your ISP.

1. Access LuCI: Navigate to http://192.168.1.1 (or your router's IP)

2. Login: Enter your root credentials

3. Navigate to Interfaces: Go to Network > Interfaces

4. Edit WAN6: If WAN6 doesn't exist, click Add new interface

   • Name: wan6
   • Protocol: DHCPv6 client
   • Device: Same as your WAN interface (e.g., eth0.2 or wan)

5. Configure General Settings:

   • Request IPv6-address: try (attempts to get both prefix and address)
   • Request IPv6-prefix of length: auto (or specify 56 or 60 if your ISP requires)

6. Firewall Settings:

   • Assign to firewall zone: wan

7. Save and Apply

Step 2: Configure LAN IPv6 Settings

Configure how your router distributes IPv6 to local devices.

1. Navigate to LAN Interface: Network > Interfaces > LAN > Edit

2. Go to DHCP Server Tab

3. Scroll to IPv6 Settings:

   • Router Advertisement Service: server mode
   • DHCPv6 Service: server mode (or hybrid for SLAAC + DHCPv6)
   • NDP-Proxy: disabled (unless bridging networks)
   • RA Flags: Leave default (managed flag, other flag)

4. Advanced Settings (optional):

   • ULA-Prefix: Leave default or customize (generates unique local addresses)
   • IPv6 Suffix: Leave default (automatically derives from delegated prefix)

5. IPv6 RA Settings:

   • Announced IPv6 DNS servers: Leave empty to use router, or specify (e.g., 2001:4860:4860::8888 for Google DNS)
   • RA Hop Limit: Leave default (64)

6. Save and Apply

Step 3: Verify Connection

1. Check Status: Network > Interfaces

2. WAN6 Status: Should show:

   • An IPv6 address (global unicast, starts with 2xxx: or 3xxx:)
   • Uptime indicating connected status
   • Delegated prefix (e.g., 2001:db8:1234::/56)

3. LAN Status: Should show IPv6 addresses derived from delegated prefix

---

UCI Command-Line Configuration

For advanced users or automation, UCI provides powerful command-line configuration.

Viewing Current Configuration

# View all network configuration
uci show network

# View specific interface
uci show network.wan6

# View DHCP/odhcpd settings
uci show dhcp

Configuring WAN6 via UCI

Create or modify the WAN6 interface for DHCPv6-PD:

# Set WAN6 interface protocol
uci set network.wan6=interface
uci set network.wan6.proto='dhcpv6'
uci set network.wan6.device='eth0.2'  # Match your WAN device
uci set network.wan6.reqaddress='try'
uci set network.wan6.reqprefix='auto'

# Commit changes
uci commit network

# Restart network
/etc/init.d/network restart

Configuring LAN IPv6 Distribution

# Configure LAN DHCP settings for IPv6
uci set dhcp.lan.dhcpv6='server'
uci set dhcp.lan.ra='server'
uci set dhcp.lan.ra_management='1'

# Optional: Set specific DNS servers
uci add_list dhcp.lan.dns='2001:4860:4860::8888'
uci add_list dhcp.lan.dns='2001:4860:4860::8844'

# Commit changes
uci commit dhcp

# Restart odhcpd
/etc/init.d/odhcpd restart

Firewall Zone Assignment

# Assign WAN6 to WAN firewall zone
uci set network.wan6.firewall='wan'
uci commit network
/etc/init.d/network restart

---

DHCPv6-PD and Prefix Delegation

Prefix delegation is critical for distributing IPv6 addresses across your network.

Understanding Prefix Delegation

When your ISP delegates a prefix (e.g., /56 or /60), your router receives a block of IPv6 addresses to distribute to your LAN. This prefix is further subdivided for each interface.

Common prefix sizes:

• /64: Single network segment (65,536 /64 subnets unavailable for sub-delegation)
• /60: 16 /64 subnets (common residential)
• /56: 256 /64 subnets (better for multiple VLANs/networks)
• /48: 65,536 /64 subnets (enterprise or enthusiast)

Learn more about IPv6 prefix sizes and allocation.

Requesting Prefix Delegation

LuCI Method:

1. Network > Interfaces > WAN6 > Edit
2. Request IPv6-prefix of length: Select desired size or auto
3. Some ISPs honor requests for larger prefixes (try 48 or 56 if you need multiple networks)

UCI Method:

# Request specific prefix size
uci set network.wan6.reqprefix='56'
uci commit network
/etc/init.d/network restart

Viewing Delegated Prefix

Command line:

# View WAN6 interface status (includes delegated prefix)
ifstatus wan6

# Or use ubus directly
ubus call network.interface.wan6 status | grep -A5 ipv6-prefix

# JSON parsing with jq (if installed)
ubus call network.interface.wan6 status | jq '.["ipv6-prefix"]'

Configuring Prefix Distribution

By default, OpenWrt automatically assigns /64 subnets from the delegated prefix to each interface. You can customize this:

UCI Method:

# LAN gets first /64 from delegated prefix
uci set dhcp.lan.dhcpv6='server'
uci set dhcp.lan.ra='server'

# Optional: Specify subnet ID (0-255 for /56 delegation)
# This assigns 2001:db8:1234:5::/64 if delegated prefix is 2001:db8:1234::/56
uci set network.lan.ip6assign='64'
uci set network.lan.ip6ifaceid='::1'  # Router's IP suffix

uci commit
/etc/init.d/network restart

---

SLAAC Configuration

Stateless Address Autoconfiguration (SLAAC) allows clients to self-configure IPv6 addresses using Router Advertisements.

Pure SLAAC (No DHCPv6)

For networks where clients only need addresses and DNS via RA:

LuCI Method:

1. Network > Interfaces > LAN > DHCP Server > IPv6 Settings
2. Router Advertisement Service: server mode
3. DHCPv6 Service: disabled
4. RA Flags: Uncheck "Managed" and "Other config"

UCI Method:

uci set dhcp.lan.dhcpv6='disabled'
uci set dhcp.lan.ra='server'
uci set dhcp.lan.ra_management='0'
uci set dhcp.lan.ra_default='1'

# Announce DNS servers via RA
uci add_list dhcp.lan.dns='2001:4860:4860::8888'

uci commit dhcp
/etc/init.d/odhcpd restart

Hybrid Mode (SLAAC + DHCPv6)

Combines SLAAC for addresses with DHCPv6 for additional configuration:

LuCI Method:

1. DHCPv6 Service: hybrid mode
2. RA Flags: Check "Other config" but not "Managed"

UCI Method:

uci set dhcp.lan.dhcpv6='hybrid'
uci set dhcp.lan.ra='server'
uci set dhcp.lan.ra_management='0'  # SLAAC for addresses
uci set dhcp.lan.ra_flags='other-config'  # DHCPv6 for other settings

uci commit dhcp
/etc/init.d/odhcpd restart

---

Firewall Configuration for IPv6

OpenWrt's firewall configuration differs between firewall3 (ip6tables) and firewall4 (nftables). Both versions are configured via UCI and handle IPv4/IPv6 simultaneously. Learn more about configuring IPv6 firewalls.

Understanding OpenWrt Firewall Zones

OpenWrt uses zone-based firewalls with three default zones:

• LAN: Trusted local network
• WAN: Untrusted external network
• Guest: Isolated guest network (if configured)

Basic IPv6 Firewall Rules

By default, OpenWrt's firewall allows:

• All outbound traffic from LAN to WAN
• Established/related return traffic
• Essential ICMPv6 messages

No additional IPv6-specific configuration is typically needed for basic operation, as OpenWrt handles both protocols in the same ruleset.

Viewing Firewall Configuration

# View firewall zones
uci show firewall | grep zone

# View firewall rules
uci show firewall | grep rule

# View active IPv6 firewall rules (firewall3)
ip6tables -L -v -n

# View active firewall rules (firewall4)
nft list ruleset

Allowing Inbound IPv6 Services

To expose services (web server, SSH, etc.) on IPv6:

LuCI Method:

1. Network > Firewall > Port Forwards (or Traffic Rules)
2. Add new rule:
   • Name: Allow HTTPS IPv6
   • Protocol: TCP
   • Source zone: wan
   • Destination zone: Device (this router) or specific LAN IP
   • Destination port: 443
   • Family: IPv6 only (or IPv4 and IPv6)

UCI Method:

# Add firewall rule to allow HTTPS on router
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-HTTPS-IPv6'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest_port='443'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].family='ipv6'
uci set firewall.@rule[-1].target='ACCEPT'

uci commit firewall
/etc/init.d/firewall restart

Port Forwarding to LAN Device

Forward incoming connections to a specific LAN device:

# Forward port 80 to LAN device at 2001:db8:1234:1::100
uci add firewall redirect
uci set firewall.@redirect[-1].name='Web Server IPv6'
uci set firewall.@redirect[-1].src='wan'
uci set firewall.@redirect[-1].dest='lan'
uci set firewall.@redirect[-1].proto='tcp'
uci set firewall.@redirect[-1].src_dport='80'
uci set firewall.@redirect[-1].dest_ip='2001:db8:1234:1::100'
uci set firewall.@redirect[-1].dest_port='80'
uci set firewall.@redirect[-1].family='ipv6'

uci commit firewall
/etc/init.d/firewall restart

Essential ICMPv6 Rules

OpenWrt includes essential ICMPv6 rules by default. Verify they're present:

# Check for ICMPv6 rules
uci show firewall | grep icmp

# Should include rules for:
# - echo-request/echo-reply (ping)
# - destination-unreachable
# - packet-too-big
# - time-exceeded
# - neighbour-solicitation/advertisement
# - router-solicitation/advertisement

If missing, add manually:

uci add firewall rule
uci set firewall.@rule[-1].name='Allow-ICMPv6-Input'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].proto='icmp'
uci set firewall.@rule[-1].family='ipv6'
uci set firewall.@rule[-1].target='ACCEPT'

uci commit firewall
/etc/init.d/firewall restart

Dynamic Prefix Forwarding

OpenWrt supports dynamic prefix notation for IPv6 addresses that change when your delegated prefix changes:

# Forward to device with suffix ::123 within your delegated /64
uci set firewall.@redirect[-1].dest_ip='::123/-64'

# This automatically adjusts when your prefix changes

---

Advanced Configuration: Multiple VLANs

For segmented networks (Guest WiFi, IoT, etc.), you'll need to distribute IPv6 across multiple VLANs.

Requirements

• Delegated prefix of /60 or larger (provides multiple /64 subnets)
• VLAN-capable switch or multiple physical interfaces

Creating Additional Interfaces

Example: Guest Network on VLAN 10

LuCI Method:

1. Network > Interfaces > Add new interface

   • Name: guest
   • Protocol: Static address
   • Device: Create or select VLAN device (e.g., eth0.10)

2. IPv6 Settings:

   • IPv6 assignment length: 64
   • IPv6 assignment hint: 10 (uses subnet 10 from delegated prefix)
   • IPv6 suffix: ::1

3. DHCP Settings (after saving):

   • Router Advertisement Service: server mode
   • DHCPv6 Service: server mode or hybrid

UCI Method:

# Create guest interface
uci set network.guest=interface
uci set network.guest.proto='static'
uci set network.guest.device='eth0.10'
uci set network.guest.ip6assign='64'
uci set network.guest.ip6hint='10'  # Use 10th /64 from delegated prefix

# Configure DHCP for guest network
uci set dhcp.guest=dhcp
uci set dhcp.guest.interface='guest'
uci set dhcp.guest.dhcpv6='server'
uci set dhcp.guest.ra='server'
uci set dhcp.guest.ra_management='1'

# Firewall zone for guest (restrict LAN access)
uci add firewall zone
uci set firewall.@zone[-1].name='guest'
uci set firewall.@zone[-1].network='guest'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'

# Allow guest to WAN
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='guest'
uci set firewall.@forwarding[-1].dest='wan'

uci commit
/etc/init.d/network restart
/etc/init.d/firewall restart

Verifying Multi-VLAN IPv6

# Check assigned prefixes per interface
ip -6 addr show

# Verify delegation status
ubus call network.interface.wan6 status | jq '.["ipv6-prefix-assignment"]'

# Test connectivity from each VLAN
ping6 -c 4 2001:4860:4860::8888

---

IPv6 Tunnels (Hurricane Electric 6in4)

If your ISP doesn't provide native IPv6, Hurricane Electric's free tunnel broker offers reliable IPv6 connectivity via 6in4 tunneling.

Prerequisites

• Public IPv4 address (CGNAT users cannot use 6in4)
• OpenWrt with 6in4 package installed (usually pre-installed)
• Hurricane Electric tunnel broker account (https://tunnelbroker.net)

Creating HE Tunnel

1. Register at https://tunnelbroker.net
2. Create Regular Tunnel:
   • Enter your public IPv4 address
   • Select tunnel endpoint close to you
3. Note Configuration Details:
   • Server IPv4 Address
   • Client IPv6 Address
   • Routed /64 or /48 prefix

Configure 6in4 Tunnel via LuCI

1. Network > Interfaces > Add new interface

   • Name: HE_6in4 (or wan6)
   • Protocol: IPv6-in-IPv4 (RFC4213)

2. General Settings:

   • Local IPv4 address: Leave empty (auto-detected)
   • Remote IPv4 address: Enter HE Server IPv4 Address
   • Local IPv6 address: Enter HE Client IPv6 Address (e.g., 2001:470:xxxx:xxxx::2/64)
   • IPv6 routed prefix: Enter HE Routed /64 or /48 prefix

3. Advanced Settings (optional):

   • MTU: 1480 (recommended for tunnels)
   • Tunnel ID: Your HE tunnel ID
   • Username/Password: For dynamic IP updates

4. Firewall Settings:

   • Create firewall zone or assign to wan

UCI Method:

# Install 6in4 package if missing
opkg update
opkg install 6in4

# Configure tunnel
uci set network.henet=interface
uci set network.henet.proto='6in4'
uci set network.henet.peeraddr='216.66.80.26'  # HE server IPv4
uci set network.henet.ip6addr='2001:470:1234:5678::2/64'  # Your client IPv6
uci set network.henet.ip6prefix='2001:470:1234:5679::/64'  # Your routed prefix
uci set network.henet.mtu='1480'

# Optional: Dynamic IP update
uci set network.henet.tunnelid='123456'
uci set network.henet.username='your-he-username'
uci set network.henet.password='your-update-key'

# Firewall
uci set network.henet.firewall='wan'

uci commit network
/etc/init.d/network restart

Firewall Configuration for 6in4

# Allow protocol 41 (IPv6-in-IPv4) from HE endpoint
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-HE-Tunnel'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].proto='41'
uci set firewall.@rule[-1].src_ip='216.66.80.26'  # HE endpoint
uci set firewall.@rule[-1].target='ACCEPT'

uci commit firewall
/etc/init.d/firewall restart

Testing HE Tunnel

# Ping HE tunnel endpoint
ping6 -c 4 2001:470:1234:5678::1

# Ping external IPv6 address
ping6 -c 4 2001:4860:4860::8888

# Verify routing
traceroute6 ipv6.google.com

---

Troubleshooting Common Issues

Router Shows No IPv6 Address

Symptoms: WAN6 interface shows no global IPv6 address

Common Causes:

• ISP doesn't support IPv6
• Wrong protocol selected (try DHCPv6 vs SLAAC)
• Modem doesn't support IPv6
• Firewall blocking DHCPv6

Solutions:

# Check WAN6 status
ifstatus wan6

# Monitor DHCPv6 client logs
logread | grep dhcpv6

# Try different protocol
uci set network.wan6.proto='dhcpv6'  # or 'static' or '6in4'
uci commit network
/etc/init.d/network restart

# Check if ISP assigns via SLAAC instead
ip -6 addr show dev eth0.2  # Check for global address

No Prefix Delegation Received

Symptoms: Router has IPv6 address but LAN devices don't get IPv6

Common Causes:

• ISP doesn't support prefix delegation
• reqprefix not configured
• odhcpd not running

Solutions:

# Verify prefix delegation request
uci get network.wan6.reqprefix  # Should be 'auto', '56', '60', etc.

# Check odhcpd status
/etc/init.d/odhcpd status

# View logs for delegation
logread | grep -i prefix

# Manually set reqprefix
uci set network.wan6.reqprefix='56'
uci commit network
/etc/init.d/network restart

# Check received delegation
ubus call network.interface.wan6 status | grep -A5 ipv6-prefix

LAN Clients Don't Get IPv6 Addresses

Symptoms: Clients only have link-local (fe80::) addresses

Common Causes:

• RA or DHCPv6 disabled on LAN
• Prefix not assigned to LAN interface
• Firewall blocking ICMPv6

Solutions:

# Verify LAN IPv6 configuration
uci show dhcp.lan | grep -E 'dhcpv6|ra'

# Enable if missing
uci set dhcp.lan.dhcpv6='server'
uci set dhcp.lan.ra='server'
uci commit dhcp
/etc/init.d/odhcpd restart

# Check LAN has IPv6 prefix
ip -6 addr show dev br-lan

# Monitor RA broadcasts
tcpdump -i br-lan icmp6 and 'icmp6[0] == 134'  # Router Advertisements

# Test from client
# Windows: ipconfig /renew6
# Linux: dhclient -6 -r && dhclient -6

Can Ping IPv6 from Router but Not Clients

Symptoms: Router ping6 works, client devices cannot reach IPv6 internet

Common Causes:

• Firewall blocking IPv6 forwarding
• Missing default route on clients
• RA not announcing default gateway

Solutions:

# Check firewall forwarding
uci show firewall | grep -A3 lan

# Ensure forwarding allowed LAN -> WAN
uci set firewall.@forwarding[0].src='lan'
uci set firewall.@forwarding[0].dest='wan'
uci commit firewall
/etc/init.d/firewall restart

# Verify RA includes default route
uci get dhcp.lan.ra_default  # Should be '1'
uci set dhcp.lan.ra_default='1'
uci commit dhcp
/etc/init.d/odhcpd restart

# Check IPv6 forwarding enabled
sysctl net.ipv6.conf.all.forwarding  # Should be 1

IPv6 Connection Slow or Timing Out

Symptoms: IPv6 connectivity works but performance is poor

Common Causes:

• MTU issues (Path MTU Discovery failing)
• Firewall blocking ICMPv6 "Packet Too Big" messages
• Poor routing from ISP

Solutions:

# Test MTU
ping6 -c 4 -s 1452 2001:4860:4860::8888  # Should work
ping6 -c 4 -s 1500 2001:4860:4860::8888  # May fail

# Set lower MTU on WAN6 if needed
uci set network.wan6.mtu='1480'
uci commit network
/etc/init.d/network restart

# Ensure ICMPv6 type 2 (Packet Too Big) is allowed
ip6tables -L INPUT -v -n | grep icmpv6-type

# Check latency comparison
ping -c 10 8.8.8.8  # IPv4
ping6 -c 10 2001:4860:4860::8888  # IPv6

Firewall Blocking ICMPv6

Symptoms: No IPv6 connectivity or intermittent failures

Solutions:

# Check if ICMPv6 rules exist
uci show firewall | grep icmp

# Add ICMPv6 rule if missing
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-ICMPv6'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].proto='icmp'
uci set firewall.@rule[-1].family='ipv6'
uci set firewall.@rule[-1].target='ACCEPT'

uci commit firewall
/etc/init.d/firewall restart

Debugging Commands

# View all IPv6 addresses
ip -6 addr show

# View IPv6 routing table
ip -6 route show

# Monitor DHCPv6 activity
logread -f | grep dhcpv6

# Monitor odhcpd (RA, DHCPv6)
logread -f | grep odhcpd

# Check firewall6 status (firewall3)
ip6tables -L -v -n

# Check firewall status (firewall4)
nft list ruleset | grep ipv6

# Capture ICMPv6 traffic
tcpdump -i any -n icmp6

# Test DNS resolution over IPv6
nslookup -type=AAAA google.com 2001:4860:4860::8888

---

Testing Your IPv6 Configuration

After configuring IPv6, comprehensive testing ensures everything works correctly.

Command-Line Tests

Verify Router IPv6 Connectivity:

# Ping Google's IPv6 DNS
ping6 -c 4 2001:4860:4860::8888

# Ping Cloudflare
ping6 -c 4 2606:4700:4700::1111

# Traceroute to verify routing
traceroute6 ipv6.google.com

# DNS resolution test
nslookup -type=AAAA google.com

Check Interface Status:

# View all IPv6 addresses
ip -6 addr show

# Check WAN6 delegated prefix
ifstatus wan6 | grep -A5 ipv6-prefix

# View routing table
ip -6 route show

# Check LAN clients (from router)
ip -6 neigh show

Test from LAN Client

Windows:

# Show IPv6 configuration
ipconfig /all

# Test connectivity
ping -6 2001:4860:4860::8888

# Renew IPv6 address
ipconfig /renew6

macOS/Linux:

# Show IPv6 addresses
ifconfig  # macOS
ip -6 addr show  # Linux

# Test ping
ping6 2001:4860:4860::8888

# Traceroute
traceroute6 ipv6.google.com

Online Testing: test-ipv6.run

The most comprehensive test is using an online IPv6 testing tool.

Recommended: test-ipv6.run

1. From a LAN client, navigate to https://test-ipv6.run

2. The tool will automatically test:

   • IPv4-only connectivity
   • IPv6-only connectivity
   • Dual-stack connectivity
   • Protocol preference
   • IPv4 and IPv6 latency
   • DNS resolution over both protocols

3. Expected Results:

   • Score: 10/10 - Perfect dual-stack configuration
   • IPv6 Address: Displays your global IPv6 address from delegated prefix
   • Dual Stack Test: Should pass (green)
   • IPv6 Latency: Should be comparable to IPv4

4. Troubleshooting Results:

   • Score 0 (Red) with "Broken IPv6": IPv6 configured but timing out - check firewall
   • Score 0 "IPv4 Only": No IPv6 connectivity - verify WAN6 and prefix delegation
   • Partial failures: Review firewall rules and ICMPv6 configuration

Alternative Testing Sites

• test-ipv6.com: Comprehensive tests with detailed explanations
• ipv6-test.com: Speed tests comparing IPv4 vs IPv6
• whatismyipaddress.com: Simple address display

Verify Specific Services

If running servers, test IPv6 accessibility:

# Test SSH over IPv6 (from external host)
ssh -6 user@[2001:db8:1234:1::1]

# Test web server
curl -6 http://[2001:db8:1234:1::100]/

# Verify DNS AAAA records (if published)
dig AAAA yourdomain.com @8.8.8.8

---

Best Practices and Tips

Security Considerations

1. Enable IPv6 firewall explicitly: Don't assume IPv4 firewall rules cover IPv6
2. Never completely block ICMPv6: Your network won't function correctly
3. Use ULA alongside global addresses: Provides stable local addressing
4. Enable Privacy Extensions on clients: Rotates addresses for better privacy
5. Monitor logs: Watch for unusual IPv6 traffic patterns

Performance Optimization

1. Set appropriate MTU: 1480 for tunnels, 1500 for native
2. Use Google/Cloudflare IPv6 DNS: Often faster than ISP DNS
   • Google: 2001:4860:4860::8888, 2001:4860:4860::8844
   • Cloudflare: 2606:4700:4700::1111, 2606:4700:4700::1001
3. Request largest prefix available: More flexibility for VLANs
4. Enable hardware offloading: If supported by your device

Maintenance

1. Keep firmware updated: OpenWrt regularly improves IPv6 support
2. Monitor prefix changes: Some ISPs rotate prefixes
3. Test after ISP maintenance: Verify IPv6 remains functional
4. Document configuration: Note custom settings for future reference
5. Regular testing: Periodically verify with https://test-ipv6.run

---

Conclusion

OpenWrt provides exceptional IPv6 support with fine-grained control over every aspect of configuration. Whether you're setting up basic dual-stack connectivity via LuCI or deploying advanced multi-VLAN networks via UCI, OpenWrt's flexible architecture accommodates all scenarios.

Key takeaways:

• Native IPv6 is preferred over tunnels when available
• Prefix delegation is critical for distributing IPv6 to LAN devices
• Firewall configuration requires explicit IPv6 rules
• ICMPv6 must not be completely blocked for proper IPv6 operation
• Testing is essential - use https://test-ipv6.run for comprehensive validation

With proper configuration, your OpenWrt router will provide robust dual-stack connectivity, future-proofing your network while maintaining compatibility with legacy IPv4 services. The combination of LuCI's user-friendly interface and UCI's powerful command-line control makes OpenWrt an ideal platform for both beginners and advanced users deploying IPv6.

For ongoing validation of your IPv6 configuration, regularly test your connectivity at https://test-ipv6.run to ensure optimal performance and catch any issues early.