If your ISP is doing to right IPv6 should be setup for SLAAC, in which case they would give you an entire /64. I don’t use OpenWRT, but I assume it’s showing you the IPv6 /64 from IPv6-PD used for SLAAC, and the /128 the router is using to communicate with the ISP
If it’s SLAAC your client devices should be getting two IPv6 addresses as well. One is for privacy, that’s the one websites will see when you connect but can’t be hit, and the other is the one you would use to reach your computer from another device.
Edit: Refer to @[email protected]’s child comment for a better explanation with some corrections / clarifications.
SLAAC is for stateless assignment of an address without dhcp. It’s what android uses exclusively for example. Delegated prefixes (/64) can be assigned by SLAAC or DHCPv6, and openwrt works with either. OP’s provider may not even use SLAAC, or at least make it secondary since SLAAC and DHCPv6 don’t always play nicely.
In the case of privacy extensions, this is up to the clients. Some clients might even not use them. Global temporary addresses are an attempt to stop fingerprinting. They’re largely ineffective these days however. Importantly, that temporary global address is still globally accessible (remember, there is no NAT), although most OS’s will ignore incoming connections. Otherwise, correctly, clients should have a couple of ipv6 global addresses.
Thanks for clarifying! It’s been a while since I’ve worked with IPv6 directly, fortunately it “just works” in my current home environment and since I’m no longer doing colocation for my self hosted stuff it’s on the back burner.
one my openwrt router WAN IPv6 shows 2 IPs. IPv4 does get linklocal though
If your ISP is doing to right IPv6 should be setup for SLAAC, in which case they would give you an entire /64. I don’t use OpenWRT, but I assume it’s showing you the IPv6 /64 from IPv6-PD used for SLAAC, and the /128 the router is using to communicate with the ISP If it’s SLAAC your client devices should be getting two IPv6 addresses as well. One is for privacy, that’s the one websites will see when you connect but can’t be hit, and the other is the one you would use to reach your computer from another device.
Edit: Refer to @[email protected]’s child comment for a better explanation with some corrections / clarifications.
Perhaps I can improve this a little.
SLAAC is for stateless assignment of an address without dhcp. It’s what android uses exclusively for example. Delegated prefixes (/64) can be assigned by SLAAC or DHCPv6, and openwrt works with either. OP’s provider may not even use SLAAC, or at least make it secondary since SLAAC and DHCPv6 don’t always play nicely.
In the case of privacy extensions, this is up to the clients. Some clients might even not use them. Global temporary addresses are an attempt to stop fingerprinting. They’re largely ineffective these days however. Importantly, that temporary global address is still globally accessible (remember, there is no NAT), although most OS’s will ignore incoming connections. Otherwise, correctly, clients should have a couple of ipv6 global addresses.
Thanks for clarifying! It’s been a while since I’ve worked with IPv6 directly, fortunately it “just works” in my current home environment and since I’m no longer doing colocation for my self hosted stuff it’s on the back burner.
Hope I didn’t step on toes. The gist of what you said is on the money.
I love that ipv6 is becoming more mainstream and well implemented. That said, some providers in my home country still don’t support or use ipv6.
No toes were harmed! Well, aside from that confidently incorrect user elsewhere on the post.