Foris guest mode is IPv4-only
Using a guest network set up by Foris interface renders guest network with no IPv6 connectivity at all, even though the router has big enough IPv6 range to satisfy both LAN and guest network.
To fix this issue, only few parts of generated config have to be tackled:
option ip6assign '64'to network configuration
option dhcpv6 'server'and
option ra 'server'to DHCP configuration
- add a few IPv6 rules to the firewall configuration:
config rule option name 'guest_turris_Allow-DHCPv6' option src 'guest_turris' option proto 'udp' option src_ip 'fe80::/10' option src_port '546-547' option dest_ip 'fe80::/10' option dest_port '546-547' option family 'ipv6' option target 'ACCEPT' config rule option name 'guest_turris_Allow-MLD' option src 'guest_turris' option proto 'icmp' option src_ip 'fe80::/10' list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family 'ipv6' option target 'ACCEPT' config rule option name 'guest_turris_Allow-ICMPv6-Input' option src 'guest_turris' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT'
Also, the logical network interface name
guest_turris is not very good choice as the interfaces are sorted alphabetically and this makes guest network appear before the
lan network. In the cases where upstream doesn't have large enough IPv6 assignment to support two subnets (for instance, single /64 assigned by O2 CZ xDSL), only the first interface gets IPv6 connectivity. Therefore, I would recommend renaming guest network interface to something like