I recently bought a UniFi Dream Machine Pro to replace the Cisco router used for my home internet (and inter-VLAN routing) function. I’ve really enjoyed using the UniFi wireless and switching gear, so I thought I’d try their router/firewall as well. On the whole the device is pretty cool, but they’ve clearly rushed it into production given the range of bugs found already (and seen in the community). In my case, the one causing me grief was their IPv6 support. It seems they’re using a BusyBox operating system with DNSMasq performing the IPv6 router advertisements and DHCPv6 functions. The configuration more or less forces you to use DHCPv6, which is completely unnecessary for an autoconfigured IPv6 network (which was more or less a key point of IPv6).
The problem encountered was that I was not receiving IPv6 router advertisements from the router, and therefore the clients were not autoconfiguring an IPv6 address. If I enabled DHCPv6, I could then see router advertisements being sent, but with incorrect flags set in the packet.
After a bit of research, I was able to determine that they were using DNSMasq for this function, and that the UniFi application was managing the configuration files for DNSMasq – and incorrectly I might add.
Whilst my ISP supports prefix delegation and I have a static /56 prefix, the prefix delegation function was also misbehaving in the UDM Pro.
I was able to correct the functionality from the UDM Pro with a couple of scripts, and a package created by BoostChicken. The high level steps involved:
- I assigned static IPv6 addresses to each LAN interface, and disabled Router Advertisements (they weren’t working anyway), and disabled DHCPv6.
- I created a custom DNSMasq configuration file configured to provide stateless router advertisements for the prefixes assigned to my LAN interfaces (/mnt/data/on_boot.d/customipv6.conf).
- I created a shell script to copy that DNSMasq configuration file from the persistent storage on the device to the DNSMasq config directory and then restart DNSMasq (/mnt/data/on_boot.d/customipv6.sh).
- I used the BoostChicken on boot script package. This was needed to ensure the UDM Pro would execute a script for me on each boot (as it wipes out most other changes you’d make to the OS).
Here’s my /mnt/data/on_boot.d/customipv6.conf file (I’ve replaced my addresses with fake ones for the purpose of the blog). I also assigned the IPv6 DNS servers to internal DNS servers of mine – could have used Google’s or the ISP’s DNS instead.
dhcp-range=240Y:ABCD:XXXX:a900::,ra-stateless
dhcp-range=240Y:ABCD:XXXX:a901::,ra-stateless
dhcp-range=240Y:ABCD:XXXX:a902::,ra-stateless
dhcp-option=option6:dns-server,[240Y:ABCD:XXXX:a900::3],[240Y:ABCD:XXXX:a900::4]Here’s my /mnt/data/on_boot.d/customipv6.sh script.
#!/bin/sh
cp /mnt/data/on_boot.d/customipv6.conf /run/dnsmasq.conf.d/
start-stop-daemon -K -q -x /usr/sbin/dnsmasqThe installation procedure for the package is defined on the package owner’s GitHub page, but here is a copy of what I used (it may change in future versions of the package however). These commands were executed through SSH into the UDM Pro.
unifi-os shell
curl -L https://raw.githubusercontent.com/boostchicken/udm-utilities/master/on-boot-script/packages/udm-boot_1.0.5_all.deb -o udm-boot_1.0.5_all.deb
dpkg -i udm-boot_1.0.5_all.deb
exitOnce the package was installed, I copied my .conf and .sh files to the /mnt/data/on_boot.d directory on the UDM Pro, and rebooted. Sure enough, I was now receiving the correct stateless router advertisements on all LAN interfaces, my clients then autoconfigured, and everything is working.
I’ll need to keep an eye on this as I do firmware updates on the UDM Pro. Hopefully they’ll offer a stateless (and working) router advertisement configuration in a later release.
~ Mike
Hopefully Helpful Hints // Mike J McGuire 
This is a fantastic find. Have been annoyed with the broken ipv6 support on the UDM pro since I “upgraded” from the USG.
Thanks Alex – appreciate the feedback. Yes – I was equally frustrated and annoyed given its such a basic bit of functionality.
Thanks for pointing me in the right direction. I needed a slightly different set-up than you: I run my own DHCPv6 on the Management LAN and was getting confused, that the UDM Pro would not advertise the router even though the RA tick was set. This config does it for me:
enable-ra
ra-param=br0,high,0
domain=
dhcp-range=set:,,ra-only
Clients get DHCPv6 offer from my DHCP SErver and RA from UDM Pro. Not sure if the “domain” entry does anything, but seems to do no harm either.
Brilliant!
Could you please tell me how did you configure it for UDM?
Many thanks for your time
@Kobe
Could you please tell me how did you configure it for UDM?
Many thanks for your time
I’m currently having this issue on a UDM SE. I also have an external DHCPv6 server and I tried your configuration example but I’m only getting autoconf IPv6 addresses. Here’s what I have in my customipv6.conf file:
enable-ra
ra-param=*,high,0
domain=my.domain
dhcp-range=2001:470:xxxx::,ra-only
dhcp-range=2001:470:xxxx:10::,ra-only
dhcp-range=2001:470:xxxx:20::,ra-only
dhcp-range=2001:470:xxxx:40::,ra-only
I’ve also tried ra-names,slaac instead of ra-only but that didn’t make a difference.
Howdy, drop the ra-only from the subnets. enable-ra by ittself should set the appropriate bits in the RA so that the client then looks for a DHCPv6 server for the additional config (e.g. DNS).
After help from Simon Kelley I’d got everything working correctly with the UDM SE and my external DNS and DHCP/DHCPv6 servers.
This is my /mnt/data/on_boot.d/customipv6.conf file:
#!/bin/sh
cp /mnt/data/on_boot.d/customipv6.conf /run/dnsmasq.conf.d/
cp /mnt/data/on_boot.d/resolv.conf /etc/
start-stop-daemon -K -q -x /usr/sbin/dnsmasq
Since this requires disabling DNS in dnsmasq /etc/resolv.conf has to be replaced with a new file pointing to the external DNS servers.
This is my /mnt/data/on_boot.d/customipv6.conf file:
# Disable DNS, required to avoid having dnsmasq return
# the router IP as a DNS server
port=0
# Enable RAs
enable-ra
# Enable RA on all interfaces with high priority
ra-param=*,high,0
# Set the domain
domain=mydomain
# Configure each VLAN for RAs but turn off the DHCPv6
# server and make sure the M and O flags are set and the
# A flag is reset. If SLAAC IPv6 addresses are desired
# append “,slaac”
dhcp-range=2001:470:xxxx::,static
dhcp-range=2001:470:xxxx:10::,static
dhcp-range=2001:470:xxxx:20::,static
dhcp-range=2001:470:xxxx:40::,static
Thank you! I was able to configure and fix IPv6 on my UDM-Base. My ISP assigns me a Static IPv6 LAN and RA was NOT working with the stock UniFi settings, only DHCP. Following you’re guide I just plopped my static IPv6 LAN into the config example you provided and everything works with stateless now. Thanks!!
Awesome!
Tested recently on v1.9.2.
Thanks so much for this!
Worked perfect.
Brilliant.
Looks like it broke in 1.10
When the script run it make a filenamed ? in /run/dnsmasq.conf.d/
It still works with the current versions of the platform. I’ve been continuing to upgrade the OS without any issues. If you’re having issues, check if there’s a later version of the on boot component.
Hi Mike,
I want to use this and i already installed boostchicken.
That was the easy part 😉
I’m stuck with the /mnt/data/on_boot.d/customipv6.conf part.
How do i make the IPv6 dhcp ranges?
dhcp-range=240Y:ABCD:XXXX:a900::,ra-stateless
dhcp-range=240Y:ABCD:XXXX:a901::,ra-stateless
dhcp-range=240Y:ABCD:XXXX:a902::,ra-stateless
dhcp-option=option6:dns-server,[240Y:ABCD:XXXX:a900::3],[240Y:ABCD:XXXX:a900::4]
Has this been patched yet?
Not to my knowledge, I’m still using the fix.
Thank you so much for sharing, i was going out of ideas why on earth the RA is not functioning. Great stuff!
Thanks for Mike / Eric using the external DHCPv6 server and using the exact config (with a different address) as Eric pasted above. The UDM is now sending RA and DHCPv6 works! But for some reason, none of my devices can route any IPv6 traffic. traceroute/ping6 all fail and I’m having a heck of a time trying to figure out what I missed.
nevermind figured it out.
Oh man what was the problem?
UniFi OS 2.4.23 for the UDM-Base and UDM-Pro was just released. ( https://community.ui.com/releases/UniFi-OS-Dream-Machines-2-4-23/aebbba64-9e7e-4151-bcca-34ed08761f08 )
As expected, this update to 2.x, with it’s complete OS and storage re-do of the UDM’s wiped the BoostChicken’s script. The package itself was removed, and the config files and such were wiped, as expected.
UniFi’s release still has broken native IPv6 RA via the config. Only DHCPv6 works. Which works for Windows clients, but not Android or other OS’s. When attempting to reinstall the script, it seems 2.x lacks PodMon and the installer fails for udm-boot. Until udm-boot works on 2.x releases it seems we’re stuck.
I got it working until next reboot by just dropping customipv6.conf in to /run/dnsmasq.config.d/ and running start-stop-daemon -K -q -x /usr/sbin/dnsmasq
However this is just a temporary solution that will not persist.
A view remarks to your solution from what I did on my Dream Machine SE:
* a symlink is sufficient for the custom config file (copying not necessary and avoids confusion where to edit)
* actually it is not necessary to disable RA or DHCPv6 on the UDM. RAs are working on the UDM, *but* the RAs are sent out with the managed flag set which leads to the clients not doing stateless autoconf).
To fix this, you can leave everything on and just add one line to the dnsmasq config via the custom file you showed:
dhcp-range=set:net_Default_br0_192-168-1-0-24_IPV6,240Y:ABCD:XXXX:a900::a,240Y:ABCD:XXXX:a900::f,slaac,64,86400
[how the set is called is in the unifi-generated dnsmasq config. The Adress range should not overlap with the one unifi generates and puts into its config file]
deployment is done the way you described here.
I hope that helps, cheers Ulrich.
This is how I did on the UXG Pro.
https://pernold.blogspot.com/2023/04/fixing-ipv6-ra-on-uxg-pro.html