Static IPv6 on RUTX09

Hi,

I’ve got 2 RUTX09 setup. Both receive a static IPv6 /64 lease. However, due to privacy extensions the router’s actual public IPv6 changes every time the interface reconnects.
My goal is to keep an actual static IPv6 to be able to reliably reach the device from the internet.

I tried setting net.ipv6.conf.qmimux0.stable_secret and net.ipv6.conf.qmimux0.addr_gen_mode=0 via sysctl; however, this doesn’t trigger changes after the device is brought up. If set before the device is brought up, it’s overwritten. I’m guessing those settings are done by pppd?

I would appreciate a pointer in the right direction.

With kind regards,
Mark

Hello,

Your IPv6 address is public but not static. The /64 prefix is assigned by the mobile provider and will change each time the connection is established, as is there is nothing you can do about that. With the default configuration second part (the remaining 64 bits) should be fixed.

You can ask your provider for a truly static prefix, however I won’t be surprised if they decline.
You can also register your address in a dyndns, could be tricky with IPv6. Before trying that, check that the provider forwards incoming frames to the router (a simple ping6 from an outside device should be sufficient to determine the result).
IMO, your best option is to setup a VPN (zerotier, tailscale …) in order to achieve your objective.

What are the “privacy extensions” you have mentioned above ?

Regards,

Hi,

The prefix is static. We booked a specific option with our provider to receive that on the SIM.

IPv6 per default provides various methods of determining the addresses. One would be EUI-64, the other ones provide anonymity per default, as it’s done on mobiles with MACs for WLAN-connections. That’s been dubbed “privacy extensions” so the devices can’t be tracked just by connecting.

I just found out that the bridge gets assigned xxxx::1 when the IPv6 device comes up. But if someone would be able to tell me how to influence the IPv6 association behaviour I’d be grateful.

With kind regards,
Mark

Ok, missed it.

If in use, the eth1 interface (wan) is assigned an IPv6 address according to EUI-64 so the logic works at least in this case.
Could you check with ifconfig qmimux0 and ifconfig wwan0 that you have a defined HW address on the interfaces ?
Which firmware version are you using ?

Neither wwan0 nor qmimux0 are shown with a MAC-address.

qmimux0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2a01::xxxx/128 Scope:Global
inet6 addr: fe80::xxxx/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:2502 errors:0 dropped:0 overruns:0 frame:0
TX packets:2760 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:293712 (286.8 KiB) TX bytes:512829 (500.8 KiB)

wwan0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::xxxx/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:16384 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2653 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:512253 (500.2 KiB)

And Firmware:
Firmware version
RUTX_R_00.07.10.2
Firmware build date
2024-10-30 11:59:57
Internal modem firmware version
EG06ELAR04A20M4G
Kernel version
5.10.224

I have the same nul HW address on a RUTX50 running an old version, and a valid eth one on a RUTX11 running the latest version (7.11.1).

This is strange, the 2a01 inet6 address has a /128 prefix not /64 is the value under full control of the provider ?
Are the last 64 bits of both addresses identical ?

Qmimux0 interface has /128 prefix due to RFC7278, /64 prefix gets automatically assigned to LAN interface.

Yes, as described in section 4.3 of the RFC. Then there is some chance that the lan address might be EUI-64 compliant and stable.