The first problem was a pre-release kernel. I used LuCI, the web interface, to flash openwrt-ar71xx-generic-wndr3800-squashfs-sysupgrade.bin, and needed to be patient with 15 minutes of twirly. The flash lost my ssl package, so I also had to
opkg install uhttpd-mod-tls
Thanks for Chris Adams for all clue, and John Brzozowski for diagnostics and support, I loaded the necessary packages
opkg install ip6tables radvd wide-dhcpv6-client ip
Then I hacked /etc/config/dhcp6c
config 'dhcp6c' 'basic'
option 'enabled' '1' # 1 = enabled; 0 = disabled
option 'interface' 'wan' # This is the interface the DHCPv6 client will run on
option 'dns' 'dnsmasq' # Which DNS server you run (only dnsmasq currently supported)
option 'debug' '0' # 1 = enable debugging; 0 = disable debugging
# Send options (1 = send; 0 = do not send)
option 'pd' '1' # Prefix Delegation
option 'na' '1' # Non-Temporary Address
option 'rapid_commit' '1' # Rapid Commit
# Request options (1 = request; 0 = do not request)
option 'domain_name_servers' '1'
option 'domain_name' '0'
option 'ntp_servers' '0'
option 'sip_server_address' '0'
option 'sip_server_domain_name' '0'
option 'nis_server_address' '0'
option 'nis_domain_name' '0'
option 'nisp_server_address' '0'
option 'nisp_domain_name' '0'
option 'bcmcs_server_address' '0'
option 'bcmcs_server_domain_name' '0'
# Override the used DUID, by default it is derived from the interface MAC
# The given value must be uppercase and globally unique!
#option 'duid' '00:03:00:06:D8:5D:4C:A5:03:F2'
# Script to run when a reply is received
option 'script' '/usr/bin/dhcp6c-state'
# Define one or more interfaces on which prefixes should be assigned
config 'interface' 'loopback'
option 'enabled' '0' # 1 = enabled; 0 = disabled
option 'sla_id' '1' # Site level aggregator identifier specified in decimal (subnet)
option 'sla_len' '0' # Site level aggregator length (64 - size of prefix being delegated)
# e.g. /60 from ISP -> 64 - 60 = 4
config 'interface' 'lan'
option 'enabled' '1'
option 'sla_id' '1'
option 'sla_len' '0'
Then /etc/init.d/dhcp6c start and see what you get. You should have an RA-assigned IP on your wan interface and a PD-assigned /64 on the LAN. If you configure radvd (just set it with no prefix listed), dhcp6c will automatically re-configure it to give out addresses from the /64.
Now get Router Advertisement working, hack /etc/config/radvd to
config interface
option interface lan
option AdvSendAdvert 1
option AdvManagedFlag 0
option AdvOtherConfigFlag 0
option ignore 0
config prefix
option interface lan
# If not specified, a non-link-local prefix of the interface is used
list prefix ''
option AdvOnLink 1
option AdvAutonomous 1
option AdvRouterAddr 0
option ignore 0
config rdnss
option interface lan
# If not specified, the link-local address of the interface is used
list addr ''
option ignore 0
config dnssl
option interface lan
list suffix rg.net
option ignore 0
Then
/etc/init.d/radvd start
/etc/init.d/dhcp6c start
At this point, we had the /128 on our WAN interface, and the /64 on the LAN interface. But, from the OpenWRT, we could not ping an external IPv6 address. Hours were spent chasing various ghosts, when we found the fix,
sysctl -w net.ipv6.conf.eth1.accept_ra=2
From a hint in New Zealand, accept_ra=1 means “only accept RAs if forwarding is disabled”. Turns out to be documented in the 3.12.4 kernel source clue pages. Once you have forwarding enabled, you have to have accept_ra=2 to override that.
:~# ping6 psg.com
PING psg.com (2001:418:1::62): 56 data bytes
64 bytes from 2001:418:1::62: seq=2 ttl=52 time=70.286 ms
64 bytes from 2001:418:1::62: seq=3 ttl=52 time=70.090 ms
64 bytes from 2001:418:1::62: seq=4 ttl=52 time=71.169 ms
64 bytes from 2001:418:1::62: seq=5 ttl=52 time=77.020 ms