Fixing IPv6 Router Advertisements on the UDM Pro

I recently bought a UniFi Dream Machine Pro to replace the Cisco router used for my home internet (and inter-VLAN routing) function. I’ve really enjoyed using the UniFi wireless and switching gear, so I thought I’d try their router/firewall as well. On the whole the device is pretty cool, but they’ve clearly rushed it into production given the range of bugs found already (and seen in the community). In my case, the one causing me grief was their IPv6 support. It seems they’re using a BusyBox operating system with DNSMasq performing the IPv6 router advertisements and DHCPv6 functions. The configuration more or less forces you to use DHCPv6, which is completely unnecessary for an autoconfigured IPv6 network (which was more or less a key point of IPv6).

The problem encountered was that I was not receiving IPv6 router advertisements from the router, and therefore the clients were not autoconfiguring an IPv6 address. If I enabled DHCPv6, I could then see router advertisements being sent, but with incorrect flags set in the packet.

After a bit of research, I was able to determine that they were using DNSMasq for this function, and that the UniFi application was managing the configuration files for DNSMasq – and incorrectly I might add.

Whilst my ISP supports prefix delegation and I have a static /56 prefix, the prefix delegation function was also misbehaving in the UDM Pro.

I was able to correct the functionality from the UDM Pro with a couple of scripts, and a package created by BoostChicken. The high level steps involved:

  1. I assigned static IPv6 addresses to each LAN interface, and disabled Router Advertisements (they weren’t working anyway), and disabled DHCPv6.
  2. I created a custom DNSMasq configuration file configured to provide stateless router advertisements for the prefixes assigned to my LAN interfaces (/mnt/data/on_boot.d/customipv6.conf).
  3. I created a shell script to copy that DNSMasq configuration file from the persistent storage on the device to the DNSMasq config directory and then restart DNSMasq (/mnt/data/on_boot.d/
  4. I used the BoostChicken on boot script package. This was needed to ensure the UDM Pro would execute a script for me on each boot (as it wipes out most other changes you’d make to the OS).

Here’s my /mnt/data/on_boot.d/customipv6.conf file (I’ve replaced my addresses with fake ones for the purpose of the blog). I also assigned the IPv6 DNS servers to internal DNS servers of mine – could have used Google’s or the ISP’s DNS instead.


Here’s my /mnt/data/on_boot.d/ script.


cp /mnt/data/on_boot.d/customipv6.conf /run/dnsmasq.conf.d/

start-stop-daemon -K -q -x /usr/sbin/dnsmasq

The installation procedure for the package is defined on the package owner’s GitHub page, but here is a copy of what I used (it may change in future versions of the package however). These commands were executed through SSH into the UDM Pro.

unifi-os shell

curl -L -o udm-boot_1.0.5_all.deb
dpkg -i udm-boot_1.0.5_all.deb

Once the package was installed, I copied my .conf and .sh files to the /mnt/data/on_boot.d directory on the UDM Pro, and rebooted. Sure enough, I was now receiving the correct stateless router advertisements on all LAN interfaces, my clients then autoconfigured, and everything is working.

I’ll need to keep an eye on this as I do firmware updates on the UDM Pro. Hopefully they’ll offer a stateless (and working) router advertisement configuration in a later release.

~ Mike

27 thoughts on “Fixing IPv6 Router Advertisements on the UDM Pro

  1. This is a fantastic find. Have been annoyed with the broken ipv6 support on the UDM pro since I “upgraded” from the USG.

  2. Thanks for pointing me in the right direction. I needed a slightly different set-up than you: I run my own DHCPv6 on the Management LAN and was getting confused, that the UDM Pro would not advertise the router even though the RA tick was set. This config does it for me:


    Clients get DHCPv6 offer from my DHCP SErver and RA from UDM Pro. Not sure if the “domain” entry does anything, but seems to do no harm either.

    1. I’m currently having this issue on a UDM SE. I also have an external DHCPv6 server and I tried your configuration example but I’m only getting autoconf IPv6 addresses. Here’s what I have in my customipv6.conf file:


      I’ve also tried ra-names,slaac instead of ra-only but that didn’t make a difference.

      1. Howdy, drop the ra-only from the subnets. enable-ra by ittself should set the appropriate bits in the RA so that the client then looks for a DHCPv6 server for the additional config (e.g. DNS).

      2. After help from Simon Kelley I’d got everything working correctly with the UDM SE and my external DNS and DHCP/DHCPv6 servers.

        This is my /mnt/data/on_boot.d/customipv6.conf file:

        cp /mnt/data/on_boot.d/customipv6.conf /run/dnsmasq.conf.d/
        cp /mnt/data/on_boot.d/resolv.conf /etc/
        start-stop-daemon -K -q -x /usr/sbin/dnsmasq

        Since this requires disabling DNS in dnsmasq /etc/resolv.conf has to be replaced with a new file pointing to the external DNS servers.

        This is my /mnt/data/on_boot.d/customipv6.conf file:

        # Disable DNS, required to avoid having dnsmasq return
        # the router IP as a DNS server
        # Enable RAs
        # Enable RA on all interfaces with high priority
        # Set the domain
        # Configure each VLAN for RAs but turn off the DHCPv6
        # server and make sure the M and O flags are set and the
        # A flag is reset. If SLAAC IPv6 addresses are desired
        # append “,slaac”

  3. Thank you! I was able to configure and fix IPv6 on my UDM-Base. My ISP assigns me a Static IPv6 LAN and RA was NOT working with the stock UniFi settings, only DHCP. Following you’re guide I just plopped my static IPv6 LAN into the config example you provided and everything works with stateless now. Thanks!!

    1. It still works with the current versions of the platform. I’ve been continuing to upgrade the OS without any issues. If you’re having issues, check if there’s a later version of the on boot component.

  4. Hi Mike,

    I want to use this and i already installed boostchicken.
    That was the easy part 😉

    I’m stuck with the /mnt/data/on_boot.d/customipv6.conf part.
    How do i make the IPv6 dhcp ranges?


  5. Thank you so much for sharing, i was going out of ideas why on earth the RA is not functioning. Great stuff!

  6. Thanks for Mike / Eric using the external DHCPv6 server and using the exact config (with a different address) as Eric pasted above. The UDM is now sending RA and DHCPv6 works! But for some reason, none of my devices can route any IPv6 traffic. traceroute/ping6 all fail and I’m having a heck of a time trying to figure out what I missed.

  7. UniFi OS 2.4.23 for the UDM-Base and UDM-Pro was just released. ( )

    As expected, this update to 2.x, with it’s complete OS and storage re-do of the UDM’s wiped the BoostChicken’s script. The package itself was removed, and the config files and such were wiped, as expected.

    UniFi’s release still has broken native IPv6 RA via the config. Only DHCPv6 works. Which works for Windows clients, but not Android or other OS’s. When attempting to reinstall the script, it seems 2.x lacks PodMon and the installer fails for udm-boot. Until udm-boot works on 2.x releases it seems we’re stuck.

    1. I got it working until next reboot by just dropping customipv6.conf in to /run/dnsmasq.config.d/ and running start-stop-daemon -K -q -x /usr/sbin/dnsmasq
      However this is just a temporary solution that will not persist.

  8. A view remarks to your solution from what I did on my Dream Machine SE:

    * a symlink is sufficient for the custom config file (copying not necessary and avoids confusion where to edit)

    * actually it is not necessary to disable RA or DHCPv6 on the UDM. RAs are working on the UDM, *but* the RAs are sent out with the managed flag set which leads to the clients not doing stateless autoconf).

    To fix this, you can leave everything on and just add one line to the dnsmasq config via the custom file you showed:
    [how the set is called is in the unifi-generated dnsmasq config. The Adress range should not overlap with the one unifi generates and puts into its config file]

    deployment is done the way you described here.

    I hope that helps, cheers Ulrich.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s