IPv6 Misbehavior on Guest Network with VLAN-Based VPN Policy

rares · August 2, 2024, 8:20am

Hi everyone,

I'm facing an IPv6 issue on my Beryl AX router running firmware 4.6.2. I'm using MullvadVPN directly on the router with IPv6 NAT6 enabled. I've set up a VPN policy based on VLANs: Main network with VPN ON and Guest network with VPN OFF.

The problem is:

Main Network: Works as expected with both IPv4 and IPv6.
Guest Network: Gets the correct IPv4 from the ISP but acquires an IPv6 from the VPN instead of the ISP. If I disable the VPN, the Guest network gets the correct IPv6 from the ISP.

Has anyone encountered a similar issue? Any suggestions on how to resolve this?

Thanks in advance for your help!

bruce · August 2, 2024, 9:34am

Noted. Please give us a some times to check it in our side.

hansome · August 7, 2024, 7:50am

Route policy for ipv6 is under development.
Temporary workaround: mark ipv6 guest network traffic 0x8000 will make it not use VPN:

ip6tables -w -t mangle -I PREROUTING -i br-guest  -j MARK --set-mark 0x8000/0xc000
ip6tables -w -t filter -I FORWARD -i br-guest -m mark --mark 0x8000/0x8000  -j ACCEPT