Currently, I’m successfully getting an IPv6 subnet from Comcast using DHCPv6:
[code]ethernet eth0 {
address dhcp
address dhcpv6
description “Red Interface”
duplex auto
hw-id 00:50:56:3f:ff:01
smp_affinity auto
speed auto
}
$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
br0 172.16.123.1/24 u/u Green Bridge from eth1 to vtun0
eth0 68...131/23 u/u Red Interface
2001:558:6016:19::::*/64
eth1 - u/u Green Interface
eth2 192.168.123.254/24 u/u DMZ 1 Interface
lo 127.0.0.1/8 u/u
::1/128
vtun0 - u/u Green VPN[/code]
This appears to be working great, and I can ping other public IPv6 address from my VyOS box.
Next I need to distribute addresses from this 2001:558:6016:19::/64 address space to clients on one of my subnets (these clients currently already get private IPv4 addresses via DHCP). I set up a static address in the 2001:558:6016:19::/64 space on br0 and then enabled router-advert on br0.
At first it appeared to be working. My eth1/br0 clients are getting IP addresses in the 2001:558:6016:19::/64 space. They can ping their own addresses, and they can ping the IPv6 address assigned to br0.
However, they can’t ping the IPv6 address assigned to eth0, and they can’t ping any other public IPv6 addresses. Remember: When I’m logged in to the VyOS machine, I can ping the IPv6 address assigned to eth0, and I can ping other public IPv6 addresses. But from a client machine with an IPv6 address, I can ping br0/eth1, but I can’t ping eth0 or other public IPv6 addresses.
I used tcpdump to monitor IP6 traffic on eth1 and eth0. For pings going to eth0 and to other public IP addresses, I can see the ICMPv6 echo requests reaching eth1 and I can see them leaving eth0, but an echo reply is never returned to eth0 (and, thus, nor eth1). When I ping the exact same IPv6 addresses while logged into VyOS, eth0 receives echo replies as expected.
The firewall isn’t an issue—for testing purposes, I’ve got it wide open for IPv6 traffic.
Routing shouldn’t be an issue—since the echo requests are going through eth1 and then eth0, they’ve obviously been routed properly.