Can VyOS and clients communicate over IPv6 at the same time?

Blackcat24 · May 19, 2024, 4:16pm

Hello everyone.

I am new to VyOS and IPv6, so sorry if I am off the mark.
I would like to use the following configuration for communication from a VyOS router to the Internet.

Physical Connection Configurations

It is configured like a double router, but never mind.
This configuration is made for mere technical curiosity!
We do not believe that this physical configuration is the problem, because when we replace the router (NEC UNIVERGE IX2105) with VyOS with a similar configuration, we can connect to the Internet with IPv6 from both the Mac and the router.

For IPv4, all I had to do was set up PPPoE, and I was able to connect to the Internet easily.

However, a puzzling event has occurred regarding IPv6…

In both of the following settings, the movement was different from what I expected.
I want to connect to the Internet from both VyOS and Mac using IPv6 without NAT.

** For testing purposes, the firewall is not configured in any way.

Configuration 1

With this setting, an IPv6 address is assigned to the Mac, allowing IPv6 connections from the Mac to the Internet.
However, I cannot connect to the Internet from my VyOS router via IPv6.

$ show configuration | strip-private
interfaces {
    bridge br0 {
        address xxx.xxx.0.1/24
        description LAN
        ipv6 {
            address {
                eui64 xxxx:xxxx:42c0:3000::/64
            }
            dup-addr-detect-transmits 1
        }
        member {
            interface eth1 {
            }
            interface eth2 {
            }
            interface eth3 {
            }
            interface eth4 {
            }
            interface eth5 {
            }
        }
    }
    ethernet eth0 {
        hw-id xx:xx:xx:xx:xx:93
    }
    ethernet eth1 {
        hw-id xx:xx:xx:xx:xx:92
    }
    ethernet eth2 {
        hw-id xx:xx:xx:xx:xx:91
    }
    ethernet eth3 {
        hw-id xx:xx:xx:xx:xx:90
    }
    ethernet eth4 {
        hw-id xx:xx:xx:xx:xx:8f
    }
    ethernet eth5 {
        hw-id xx:xx:xx:xx:xx:8e
    }
    loopback lo {
    }
    pppoe pppoe0 {
        authentication {
            password xxxxxx
            username xxxxxx
        }
        ip {
            adjust-mss 1414
        }
        mtu 1454
        no-peer-dns
        source-interface eth0
    }
}
nat {
    source {
        rule 1 {
            description NAT_PPPoE
            outbound-interface {
                name pppoe0
            }
            source {
                address xxx.xxx.0.0/24
            }
            translation {
                address masquerade
            }
        }
    }
}
protocols {
    static {
        route6 ::/0 {
            next-hop fe80::72:10cd:9200:0 {
                interface eth0
            }
        }
    }
}
service {
    dhcp-server {
        shared-network-name xxxxxx {
            subnet xxx.xxx.0.0/24 {
                lease 86400
                option {
                    default-router xxx.xxx.0.1
                    name-server xxx.xxx.0.1
                }
                range 0 {
                    start xxx.xxx.0.100
                    stop xxx.xxx.0.199
                }
                static-mapping xxxxxx {
                    ip-address xxx.xxx.0.2
                    mac xx:xx:xx:xx:xx:d3
                }
                subnet-id 1
            }
        }
    }
    dns {
        forwarding {
            allow-from xxx.xxx.0.0/24
            allow-from fe80::/10
            allow-from ::1/128
            allow-from fc00::/7
            listen-address xxx.xxx.0.1
            listen-address xxx.xxx.0.1
            listen-address ::1
            name-server xxx.xxx.0.1 {
            }
            name-server xxx.xxx.1.1 {
            }
            name-server xxxx:xxxx:4700::1001 {
            }
            name-server xxxx:xxxx:4700::1111 {
            }
        }
    }
    ndp-proxy {
        interface br0 {
            prefix xxxx:xxxx:42c0:3000::/64 {
                interface eth0
                mode interface
            }
        }
        interface eth0 {
            prefix ::/0 {
                interface br0
                mode interface
            }
        }
    }
    ntp {
        allow-client xxxxxx
            address xxx.xxx.0.0/8
            address ::1/128
            address fe80::/10
            address fc00::/7
            address xxx.xxx.0.0/24
        }
        server xxxxx.tld {
            pool
        }
        server xxxxx.tld {
            pool
        }
    }
    router-advert {
        interface br0 {
            other-config-flag
            prefix xxxx:xxxx:42c0:3000::/64 {
            }
        }
    }
    ssh {
        listen-address xxx.xxx.0.1
    }
}
system {
    config-management {
        commit-revisions 100
    }
    conntrack {
        hash-size 655360
        table-size 5242880
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name xxxxxx
    login {
        banner {
            post-login ""
            pre-login ""
        }
        user xxxxxx {
            authentication {
                encrypted-password xxxxxx
            }
        }
    }
    name-server xxx.xxx.1.1
    name-server xxx.xxx.0.1
    option {
        kernel {
            disable-power-saving
        }
        performance latency
        time-format 24-hour
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility local7 {
                level debug
            }
        }
    }
    time-zone Asia/Tokyo
}

$ show interfaces | strip-private 
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address                               MAC                VRF        MTU  S/L    Description
-----------  ---------------------------------------  -----------------  -------  -----  -----  -------------
br0          xxx.xxx.0.1/24                           xx:xx:xx:xx:xx:be  default   1500  u/u    LAN
             xxxx:xxxx:42c0:3000:d005:ff:fe3d:e5be/64
eth0         -                                        xx:xx:xx:xx:xx:93  default   1500  u/u
eth1         -                                        xx:xx:xx:xx:xx:92  default   1500  u/D
eth2         -                                        xx:xx:xx:xx:xx:91  default   1500  u/D
eth3         -                                        xx:xx:xx:xx:xx:90  default   1500  u/u
eth4         -                                        xx:xx:xx:xx:xx:8f  default   1500  u/u
eth5         -                                        xx:xx:xx:xx:xx:8e  default   1500  u/D
lo           xxx.xxx.0.1/8                            xx:xx:xx:xx:xx:00  default  65536  u/u
             ::1/128
pppoe0       xxx.xxx.46.115/32                        n/a                default   1454  u/u

$ show ipv6 route | strip-private 
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
       v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

S>* ::/0 [1/0] via fe80::72:10cd:9200:0, eth0, weight 1, 00:00:17
C>* xxxx:xxxx:42c0:3000::/64 is directly connected, br0, 00:00:21
C * fe80::/64 is directly connected, pppoe0, 00:00:19
C * fe80::/64 is directly connected, eth0, 00:00:20
C * fe80::/64 is directly connected, br0, 00:00:20
C>* fe80::/64 is directly connected, lo, 00:00:26

Configuration 2

With this configuration, I can connect to the Internet over IPv6 from your VyOS router.
However, I have an IPv6 address assigned to my Mac, but I cannot connect to the Internet from my Mac with IPv6.

I just added the following line.

set interfaces ethernet eth0 ipv6 address autoconf
set interfaces ethernet eth0 ipv6 dup-addr-detect-transmits 1

$ show configuration | strip-private
interfaces {
    bridge br0 {
        address xxx.xxx.0.1/24
        description LAN
        ipv6 {
            address {
                eui64 xxxx:xxxx:42c0:3000::/64
            }
            dup-addr-detect-transmits 1
        }
        member {
            interface eth1 {
            }
            interface eth2 {
            }
            interface eth3 {
            }
            interface eth4 {
            }
            interface eth5 {
            }
        }
    }
    ethernet eth0 {
        hw-id xx:xx:xx:xx:xx:93
        ipv6 {
            address {
                autoconf
            }
            dup-addr-detect-transmits 1
        }
    }
    ethernet eth1 {
        hw-id xx:xx:xx:xx:xx:92
    }
    ethernet eth2 {
        hw-id xx:xx:xx:xx:xx:91
    }
    ethernet eth3 {
        hw-id xx:xx:xx:xx:xx:90
    }
    ethernet eth4 {
        hw-id xx:xx:xx:xx:xx:8f
    }
    ethernet eth5 {
        hw-id xx:xx:xx:xx:xx:8e
    }
    loopback lo {
    }
    pppoe pppoe0 {
        authentication {
            password xxxxxx
            username xxxxxx
        }
        ip {
            adjust-mss 1414
        }
        mtu 1454
        no-peer-dns
        source-interface eth0
    }
}
nat {
    source {
        rule 1 {
            description NAT_PPPoE
            outbound-interface {
                name pppoe0
            }
            source {
                address xxx.xxx.0.0/24
            }
            translation {
                address masquerade
            }
        }
    }
}
protocols {
    static {
        route6 ::/0 {
            next-hop fe80::72:10cd:9200:0 {
                interface eth0
            }
        }
    }
}
service {
    dhcp-server {
        shared-network-name xxxxxx {
            subnet xxx.xxx.0.0/24 {
                lease 86400
                option {
                    default-router xxx.xxx.0.1
                    name-server xxx.xxx.0.1
                }
                range 0 {
                    start xxx.xxx.0.100
                    stop xxx.xxx.0.199
                }
                static-mapping xxxxxx {
                    ip-address xxx.xxx.0.2
                    mac xx:xx:xx:xx:xx:d3
                }
                subnet-id 1
            }
        }
    }
    dns {
        forwarding {
            allow-from xxx.xxx.0.0/24
            allow-from fe80::/10
            allow-from ::1/128
            allow-from fc00::/7
            listen-address xxx.xxx.0.1
            listen-address xxx.xxx.0.1
            listen-address ::1
            name-server xxx.xxx.0.1 {
            }
            name-server xxx.xxx.1.1 {
            }
            name-server xxxx:xxxx:4700::1001 {
            }
            name-server xxxx:xxxx:4700::1111 {
            }
        }
    }
    ndp-proxy {
        interface br0 {
            prefix xxxx:xxxx:42c0:3000::/64 {
                interface eth0
                mode interface
            }
        }
        interface eth0 {
            prefix ::/0 {
                interface br0
                mode interface
            }
        }
    }
    ntp {
        allow-client xxxxxx
            address xxx.xxx.0.0/8
            address ::1/128
            address fe80::/10
            address fc00::/7
            address xxx.xxx.0.0/24
        }
        server xxxxx.tld {
            pool
        }
        server xxxxx.tld {
            pool
        }
    }
    router-advert {
        interface br0 {
            other-config-flag
            prefix xxxx:xxxx:42c0:3000::/64 {
            }
        }
    }
    ssh {
        listen-address xxx.xxx.0.1
    }
}
system {
    config-management {
        commit-revisions 100
    }
    conntrack {
        hash-size 655360
        table-size 5242880
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name xxxxxx
    login {
        banner {
            post-login ""
            pre-login ""
        }
        user xxxxxx {
            authentication {
                encrypted-password xxxxxx
            }
        }
    }
    name-server xxx.xxx.1.1
    name-server xxx.xxx.0.1
    option {
        kernel {
            disable-power-saving
        }
        performance latency
        time-format 24-hour
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility local7 {
                level debug
            }
        }
    }
    time-zone Asia/Tokyo
}

$ show interfaces | strip-private 
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address                                MAC                VRF        MTU  S/L    Description
-----------  ----------------------------------------  -----------------  -------  -----  -----  -------------
br0          xxx.xxx.0.1/24                            xx:xx:xx:xx:xx:be  default   1500  u/u    LAN
             xxxx:xxxx:42c0:3000:d005:ff:fe3d:e5be/64
eth0         xxxx:xxxx:42c0:3000:1201:2ff:fe44:5693/64 xx:xx:xx:xx:xx:93  default   1500  u/u
eth1         -                                         xx:xx:xx:xx:xx:92  default   1500  u/D
eth2         -                                         xx:xx:xx:xx:xx:91  default   1500  u/D
eth3         -                                         xx:xx:xx:xx:xx:90  default   1500  u/u
eth4         -                                         xx:xx:xx:xx:xx:8f  default   1500  u/u
eth5         -                                         xx:xx:xx:xx:xx:8e  default   1500  u/D
lo           xxx.xxx.0.1/8                             xx:xx:xx:xx:xx:00  default  65536  u/u
             ::1/128
pppoe0       xxx.xxx.5.171/32                          n/a                default   1454  u/u

$ show ipv6 route | strip-private 
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
       v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

S   ::/0 [1/0] via fe80::72:10cd:9200:0, eth0, weight 1, 00:08:07
K>* ::/0 [0/1024] via fe80::72:10cd:9200:0, eth0, 00:08:09
C * xxxx:xxxx:42c0:3000::/64 is directly connected, eth0, 00:08:07
C>* xxxx:xxxx:42c0:3000::/64 is directly connected, br0, 00:08:10
C * fe80::/64 is directly connected, pppoe0, 00:08:09
C * fe80::/64 is directly connected, br0, 00:08:09
C * fe80::/64 is directly connected, eth0, 00:08:09
C>* fe80::/64 is directly connected, lo, 00:08:16

My apologies if I have missed something in the documentation.
Any advice is welcome!
And please don’t hesitate to tell me if I’m missing any information.

Best regards.

Blackcat24 · May 19, 2024, 4:25pm

I forgot to post the version information.

$ show version 
Version:          VyOS 1.5-rolling-202405181212
Release train:    current
Release flavor:   iso

The same was true for the rolling release on 2024-05-10 (1.5-rolling-202405101513).

Apachez · May 19, 2024, 6:05pm

Sorry for not answering your question but when pasting configs using show config commands | strip-private makes the dumps so much easier to read for others.

Since your ISP seems to be using PPPoE (which is a bit odd around here) - are you sure they are properly providing IPv6 and is that too through PPPoE?

Also do your ISP do static, SLAAC or DHCPv6 for IPv6 assignment?

Blackcat24 · May 20, 2024, 1:06am

Thanks for the reply.

My apologies.
I am sorry for the confusion due to my lack of description.

IPv6 is connected via IPoE, not PPPoE.
IPv6 addresses are set by RA and SLAAC.

*This is a Japan-specific situation, but this line is NTT’s FLET’S Hikari, and we are not using Hikari Denwa.

Also, thanks for the info on how to display the commands.
I will post the information again when I get home.

Blackcat24 · May 21, 2024, 2:54pm

Sorry for the delay.

Here are the configurations.

I have tried everything, but it doesn’t work.
I look forward to any further information you may have.

*Stateless DHCPv6 server information was missing and has been added.

Configuration 1

show configuration commands | strip-private

$ show configuration commands | strip-private
set interfaces bridge br0 address 'xxx.xxx.0.1/24'
set interfaces bridge br0 description 'LAN'
set interfaces bridge br0 ipv6 address eui64 'xxxx:xxxx:42c0:3000::/64'
set interfaces bridge br0 ipv6 dup-addr-detect-transmits '1'
set interfaces bridge br0 member interface eth1
set interfaces bridge br0 member interface eth2
set interfaces bridge br0 member interface eth3
set interfaces bridge br0 member interface eth4
set interfaces bridge br0 member interface eth5
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:93'
set interfaces ethernet eth1 hw-id 'xx:xx:xx:xx:xx:92'
set interfaces ethernet eth2 hw-id 'xx:xx:xx:xx:xx:91'
set interfaces ethernet eth3 hw-id 'xx:xx:xx:xx:xx:90'
set interfaces ethernet eth4 hw-id 'xx:xx:xx:xx:xx:8f'
set interfaces ethernet eth5 hw-id 'xx:xx:xx:xx:xx:8e'
set interfaces loopback lo
set interfaces pppoe pppoe0 authentication password xxxxxx
set interfaces pppoe pppoe0 authentication username xxxxxx
set interfaces pppoe pppoe0 ip adjust-mss '1414'
set interfaces pppoe pppoe0 mtu '1454'
set interfaces pppoe pppoe0 no-peer-dns
set interfaces pppoe pppoe0 source-interface 'eth0'
set nat source rule 1 description 'NAT_PPPoE'
set nat source rule 1 outbound-interface name 'pppoe0'
set nat source rule 1 source address 'xxx.xxx.0.0/24'
set nat source rule 1 translation address 'masquerade'
set protocols static route6 ::/0 next-hop fe80::72:10cd:9200:0 interface 'eth0'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 option default-router 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 option name-server 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 range 0 start 'xxx.xxx.0.100'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 range 0 stop 'xxx.xxx.0.199'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.0.2'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:d3'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 subnet-id '1'
set service dhcpv6-server shared-network-name xxxxxx subnet xxxx:xxxx:42c0:3000::/64 interface 'br0'
set service dhcpv6-server shared-network-name xxxxxx subnet xxxx:xxxx:42c0:3000::/64 option name-server 'xxxx:xxxx:42c0:3000:d005:ff:fe3d:e5be'
set service dhcpv6-server shared-network-name xxxxxx subnet xxxx:xxxx:42c0:3000::/64 subnet-id '1'
set service dns forwarding allow-from 'xxx.xxx.0.0/24'
set service dns forwarding allow-from 'fe80::/10'
set service dns forwarding allow-from '::1/128'
set service dns forwarding allow-from 'fc00::/7'
set service dns forwarding listen-address 'xxx.xxx.0.1'
set service dns forwarding listen-address 'xxx.xxx.0.1'
set service dns forwarding listen-address '::1'
set service dns forwarding name-server xxx.xxx.0.1
set service dns forwarding name-server xxx.xxx.1.1
set service dns forwarding name-server xxxx:xxxx:4700::1001
set service dns forwarding name-server xxxx:xxxx:4700::1111
set service ndp-proxy interface br0 prefix xxxx:xxxx:42c0:3000::/64 interface 'eth0'
set service ndp-proxy interface br0 prefix xxxx:xxxx:42c0:3000::/64 mode 'interface'
set service ndp-proxy interface eth0 prefix ::/0 interface 'br0'
set service ndp-proxy interface eth0 prefix ::/0 mode 'interface'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/8'
set service ntp allow-client xxxxxx '::1/128'
set service ntp allow-client xxxxxx 'fe80::/10'
set service ntp allow-client xxxxxx 'fc00::/7'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/24'
set service ntp server xxxxx.tld pool
set service ntp server xxxxx.tld pool
set service router-advert interface br0 other-config-flag
set service router-advert interface br0 prefix xxxx:xxxx:42c0:3000::/64
set service ssh listen-address 'xxx.xxx.0.1'
set system config-management commit-revisions '100'
set system conntrack hash-size '655360'
set system conntrack table-size '5242880'
set system console device ttyS0 speed '115200'
set system host-name xxxxxx
set system login banner post-login ''
set system login banner pre-login ''
set system login user xxxxxx authentication encrypted-password xxxxxx
set system name-server 'xxx.xxx.1.1'
set system name-server 'xxx.xxx.0.1'
set system option kernel disable-power-saving
set system option performance 'latency'
set system option time-format '24-hour'
set system syslog global facility all level 'info'
set system syslog global facility local7 level 'debug'
set system time-zone 'Asia/Tokyo'

Configuration 2

show configuration commands | strip-private

$ show configuration commands | strip-private
set interfaces bridge br0 address 'xxx.xxx.0.1/24'
set interfaces bridge br0 description 'LAN'
set interfaces bridge br0 ipv6 address eui64 'xxxx:xxxx:42c0:3000::/64'
set interfaces bridge br0 ipv6 dup-addr-detect-transmits '1'
set interfaces bridge br0 member interface eth1
set interfaces bridge br0 member interface eth2
set interfaces bridge br0 member interface eth3
set interfaces bridge br0 member interface eth4
set interfaces bridge br0 member interface eth5
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:93'
set interfaces ethernet eth0 ipv6 address autoconf
set interfaces ethernet eth0 ipv6 dup-addr-detect-transmits '1'
set interfaces ethernet eth1 hw-id 'xx:xx:xx:xx:xx:92'
set interfaces ethernet eth2 hw-id 'xx:xx:xx:xx:xx:91'
set interfaces ethernet eth3 hw-id 'xx:xx:xx:xx:xx:90'
set interfaces ethernet eth4 hw-id 'xx:xx:xx:xx:xx:8f'
set interfaces ethernet eth5 hw-id 'xx:xx:xx:xx:xx:8e'
set interfaces loopback lo
set interfaces pppoe pppoe0 authentication password xxxxxx
set interfaces pppoe pppoe0 authentication username xxxxxx
set interfaces pppoe pppoe0 ip adjust-mss '1414'
set interfaces pppoe pppoe0 mtu '1454'
set interfaces pppoe pppoe0 no-peer-dns
set interfaces pppoe pppoe0 source-interface 'eth0'
set nat source rule 1 description 'NAT_PPPoE'
set nat source rule 1 outbound-interface name 'pppoe0'
set nat source rule 1 source address 'xxx.xxx.0.0/24'
set nat source rule 1 translation address 'masquerade'
set protocols static route6 ::/0 next-hop fe80::72:10cd:9200:0 interface 'eth0'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 option default-router 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 option name-server 'xxx.xxx.0.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 range 0 start 'xxx.xxx.0.100'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 range 0 stop 'xxx.xxx.0.199'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.0.2'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:d3'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 subnet-id '1'
set service dhcpv6-server shared-network-name xxxxxx subnet xxxx:xxxx:42c0:3000::/64 interface 'br0'
set service dhcpv6-server shared-network-name xxxxxx subnet xxxx:xxxx:42c0:3000::/64 option name-server 'xxxx:xxxx:42c0:3000:d005:ff:fe3d:e5be'
set service dhcpv6-server shared-network-name xxxxxx subnet xxxx:xxxx:42c0:3000::/64 subnet-id '1'
set service dns forwarding allow-from 'xxx.xxx.0.0/24'
set service dns forwarding allow-from 'fe80::/10'
set service dns forwarding allow-from '::1/128'
set service dns forwarding allow-from 'fc00::/7'
set service dns forwarding listen-address 'xxx.xxx.0.1'
set service dns forwarding listen-address 'xxx.xxx.0.1'
set service dns forwarding listen-address '::1'
set service dns forwarding name-server xxx.xxx.0.1
set service dns forwarding name-server xxx.xxx.1.1
set service dns forwarding name-server xxxx:xxxx:4700::1001
set service dns forwarding name-server xxxx:xxxx:4700::1111
set service ndp-proxy interface br0 prefix xxxx:xxxx:42c0:3000::/64 interface 'eth0'
set service ndp-proxy interface br0 prefix xxxx:xxxx:42c0:3000::/64 mode 'interface'
set service ndp-proxy interface eth0 prefix ::/0 interface 'br0'
set service ndp-proxy interface eth0 prefix ::/0 mode 'interface'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/8'
set service ntp allow-client xxxxxx '::1/128'
set service ntp allow-client xxxxxx 'fe80::/10'
set service ntp allow-client xxxxxx 'fc00::/7'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/24'
set service ntp server xxxxx.tld pool
set service ntp server xxxxx.tld pool
set service router-advert interface br0 other-config-flag
set service router-advert interface br0 prefix xxxx:xxxx:42c0:3000::/64
set service ssh listen-address 'xxx.xxx.0.1'
set system config-management commit-revisions '100'
set system conntrack hash-size '655360'
set system conntrack table-size '5242880'
set system console device ttyS0 speed '115200'
set system host-name xxxxxx
set system login banner post-login ''
set system login banner pre-login ''
set system login user xxxxxx authentication encrypted-password xxxxxx
set system name-server 'xxx.xxx.1.1'
set system name-server 'xxx.xxx.0.1'
set system option kernel disable-power-saving
set system option performance 'latency'
set system option time-format '24-hour'
set system syslog global facility all level 'info'
set system syslog global facility local7 level 'debug'
set system time-zone 'Asia/Tokyo'

Blackcat24 · May 26, 2024, 4:50pm

Hello.

After doing some research, I found that the same route is configured on the WAN side interface and the LAN side interface for IPv6, and I thought this might be the cause.

In the show ipv6 route command is difficult to understand the metric value, so I include the results of sudo ip -6 route.

$ sudo ip -6 route | strip-private
xxxx:xxxx:42c0:3000::/64 dev br0 proto kernel metric 256 pref medium
xxxx:xxxx:42c0:3000::/64 dev eth0 proto kernel metric 256 expires 2591683sec pref medium
fe80::/64 dev lo proto kernel metric 256 pref medium
fe80::/64 dev br0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev pppoe0 proto kernel metric 256 pref medium
default via fe80::72:10cd:9200:0 dev eth0 proto ra metric 1024 expires 1483sec hoplimit 64 pref medium

I couldn’t figure out how to set the metric value for the “Connected” route in the VyOS configuration, so I added the following command to /config/scripts/vyos-postconfig-bootup.script, which is not a smart way.

sudo ip route delete xxxx:xxxx:42c0:3000::/64 dev br0
sudo ip route add xxxx:xxxx:42c0:3000::/64 dev br0 proto kernel metric 128 pref medium

Then I was able to access it from a terminal connected to the LAN side interface!

I don’t think this is a very good method, so if you have any suggestions on how to do it this way, I’d like to know.

16again · May 31, 2024, 6:14am

Why do you need same /64 subnet both on WAN and LAN side?
Doesn’t ISP give you more addresses, so you can use something like xxxx:xxxx:42c0:3001:: on inside ?

Blackcat24 · June 2, 2024, 5:22pm

@16again

Thanks for the comment.

I thought the /64 prefix was generally the minimum for IPv6, is it not?
(I suppose I could ignore it and assign a smaller prefix than this, though.)

I believe that prefix delegation is not available since the ISP assigns addresses via RA and not via DHCPv6.

I would like to use a global IP address for clients under VyOS.

If I am missing something, please let me know.

Blackcat24 · December 10, 2025, 2:12pm

Sorry it’s taken me so long to reply.

Since my environment has changed, I don’t remember the details very well, but according to my notes, adding the following command to /config/scripts/vyos-postconfig-bootup.script was the solution.

sudo ip route delete xxxx:xxxx:42c0:3000::/64 dev br0
sudo ip route add xxxx:xxxx:42c0:3000::/64 dev br0 proto kernel metric 128 pref medium

system · December 12, 2025, 2:12pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.