Interfaces used:

• eth0: WAN
• eth1: secondary WAN (optional)
• eth2: LAN

Adjust accordingly.

Create firewall rules for WAN6_IN

edit firewall ipv6-name WAN6_IN
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
top

Create firewall rules for WAN6_LOCAL

edit firewall ipv6-name WAN6_LOCAL
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
set rule 40 action accept
set rule 40 description "allow DHCPv6 client/server"
set rule 40 protocol udp
set rule 40 source port 547
set rule 40 destination port 546
top

Assign IPv6 firewall rules to primary wan interface

set interfaces ethernet eth0 firewall in ipv6-name WAN6_IN
set interfaces ethernet eth0 firewall local ipv6-name WAN6_LOCAL

Assign IPv6 firewall rules to secondary wan interface (optional)

set interfaces ethernet eth1 firewall in ipv6-name WAN6_IN
set interfaces ethernet eth1 firewall local ipv6-name WAN6_LOCAL

request v6 address on eth0 (optional)

set interfaces ethernet eth0 ipv6 address autoconf
set interfaces ethernet eth0 ipv6 dup-addr-detect-transmits 1

Request prefix with eth0 and assign to eth2

Requested prefix size /60 for compatibility with FritzBox

edit interfaces ethernet eth0 dhcpv6-pd
set prefix-only
set pd 0 prefix-length /60
set pd 0 interface eth2 host-address ::1
set pd 0 interface eth2 prefix-id :0
set pd 0 interface eth2 service slaac
top

Set options for eth2

edit interfaces ethernet eth2 ipv6 router-advert
set send-advert true
set min-interval 200
set max-interval 600
set managed-flag true
set default-preference high
set prefix '::/64' autonomous-flag true
set prefix '::/64' preferred-lifetime 300
set prefix '::/64' valid-lifetime 600
top

enable mss-clamping for v6 (optional)

set firewall options mss-clamp6 1280

finally

commit
save

Resources

• https://washburn.at/howtos/edgeos-dhcpv6-pd
• https://netwerk.io/ipv6-dhcpv6-pd-slaac-dnsmasq-edgeos/
• https://noobient.com/2018/08/02/ipv6-on-ubnt-edgerouter-x-with-digi-pppoe/