If your ISP is doing to right IPv6 should be setup for SLAAC, in which case they would give you an entire /64. I don’t use OpenWRT, but I assume it’s showing you the IPv6 /64 for reference, and the /128 of the router in case you need to hit the router using it? If it’s SLAAC your client devices should be getting two IPv6 addresses as well. One is for privacy, that’s the one websites will see when you connect but can’t be hit, and the other is the one you would use to reach your computer from another device.
SLAAC is for stateless assignment of an address without dhcp. It’s what android uses exclusively for example. Delegated prefixes (/64) can be assigned by SLAAC or DHCPv6, and openwrt works with either. OP’s provider may not even use SLAAC, or at least make it secondary since SLAAC and DHCPv6 don’t always play nicely.
In the case of privacy extensions, this is up to the clients. Some clients might even not use them. Global temporary addresses are an attempt to stop fingerprinting. They’re largely ineffective these days however. Importantly, that temporary global address is still globally accessible (remember, there is no NAT), although most OS’s will ignore incoming connections. Otherwise, correctly, clients should have a couple of ipv6 global addresses.
Thanks for clarifying! It’s been a while since I’ve worked with IPv6 directly, fortunately it “just works” in my current home environment and since I’m no longer doing colocation for my self hosted stuff it’s on the back burner.
one my openwrt router WAN IPv6 shows 2 IPs. IPv4 does get linklocal though
If your ISP is doing to right IPv6 should be setup for SLAAC, in which case they would give you an entire /64. I don’t use OpenWRT, but I assume it’s showing you the IPv6 /64 for reference, and the /128 of the router in case you need to hit the router using it? If it’s SLAAC your client devices should be getting two IPv6 addresses as well. One is for privacy, that’s the one websites will see when you connect but can’t be hit, and the other is the one you would use to reach your computer from another device.
Perhaps I can improve this a little.
SLAAC is for stateless assignment of an address without dhcp. It’s what android uses exclusively for example. Delegated prefixes (/64) can be assigned by SLAAC or DHCPv6, and openwrt works with either. OP’s provider may not even use SLAAC, or at least make it secondary since SLAAC and DHCPv6 don’t always play nicely.
In the case of privacy extensions, this is up to the clients. Some clients might even not use them. Global temporary addresses are an attempt to stop fingerprinting. They’re largely ineffective these days however. Importantly, that temporary global address is still globally accessible (remember, there is no NAT), although most OS’s will ignore incoming connections. Otherwise, correctly, clients should have a couple of ipv6 global addresses.
Thanks for clarifying! It’s been a while since I’ve worked with IPv6 directly, fortunately it “just works” in my current home environment and since I’m no longer doing colocation for my self hosted stuff it’s on the back burner.
Hope I didn’t step on toes. The gist of what you said is on the money.
I love that ipv6 is becoming more mainstream and well implemented. That said, some providers in my home country still don’t support or use ipv6.
No toes were harmed! Well, aside from that confidently incorrect user elsewhere on the post.