Title
This is fairly normal to receive 2 ipv6 addresses, depending on your provider. In my case, I receive a /128 address (single global address), and a /48 address (delegated global prefix). In addition, there is the link local address that will be fe80:… Delegated prefixes allow your internal devices to be assigned a global address within that subnet and access ipv6 resources directly. Feel free to ask more.
One is probably link local the other is global, that’s pretty normal. https://en.wikipedia.org/wiki/IPv6_address#Address_Scopes
one my openwrt router WAN IPv6 shows 2 IPs. IPv4 does get linklocal though
If your ISP is doing to right IPv6 should be setup for SLAAC, in which case they would give you an entire /64. I don’t use OpenWRT, but I assume it’s showing you the IPv6 /64 for reference, and the /128 of the router in case you need to hit the router using it? If it’s SLAAC your client devices should be getting two IPv6 addresses as well. One is for privacy, that’s the one websites will see when you connect but can’t be hit, and the other is the one you would use to reach your computer from another device.
Perhaps I can improve this a little.
SLAAC is for stateless assignment of an address without dhcp. It’s what android uses exclusively for example. Delegated prefixes (/64) can be assigned by SLAAC or DHCPv6, and openwrt works with either. OP’s provider may not even use SLAAC, or at least make it secondary since SLAAC and DHCPv6 don’t always play nicely.
In the case of privacy extensions, this is up to the clients. Some clients might even not use them. Global temporary addresses are an attempt to stop fingerprinting. They’re largely ineffective these days however. Importantly, that temporary global address is still globally accessible (remember, there is no NAT), although most OS’s will ignore incoming connections. Otherwise, correctly, clients should have a couple of ipv6 global addresses.
Thanks for clarifying! It’s been a while since I’ve worked with IPv6 directly, fortunately it “just works” in my current home environment and since I’m no longer doing colocation for my self hosted stuff it’s on the back burner.
Hope I didn’t step on toes. The gist of what you said is on the money.
I love that ipv6 is becoming more mainstream and well implemented. That said, some providers in my home country still don’t support or use ipv6.
No toes were harmed! Well, aside from that confidently incorrect user elsewhere on the post.
Are both subnets public?
one is 128 and other is 64
Ah - yeah the /128 is what the ISP used to route traffic to your router. I believe that’s IPv6 PD (prefix delegation) - the router uses DHCPv6, gets given that /128 it’ll use for the ISP, then the ISP delegates the /64 (or other sizes) to the router.
Are both of them ula addresses? (both of them starting with 2). If they are not the same then the ISP is providing an internal unique address for isp internal configurations.
If so, are they having the same network? ( The first 48 bits) if not, then is probably a miss configuration but probably in their side. But with no practical effects. You could ignore it.
If yes again, then it is a miss configuration and it shouldn’t happen, but this time it could be in your side, check that the dhcpv6 daemon doesn’t try to give an ipv6 address To your Wan port
