A default route is present but there is no public prefix on lan thus we don’t announce a default route!

Hello!

I keep seeing these messages in my Logfile:

Mon Aug 29 22:14:50 2022 daemon.warn odhcpd[1191]: A default route is present but there is no public prefix on lan thus we don't announce a default route!
Mon Aug 29 22:14:54 2022 daemon.warn odhcpd[1191]: A default route is present but there is no public prefix on lan thus we don't announce a default route!
Mon Aug 29 22:19:06 2022 daemon.warn odhcpd[1191]: A default route is present but there is no public prefix on lan thus we don't announce a default route!

I found this old thread and applied the recommendation. Still the issue is not solved.

Any additional ideas?

thanks

Please provide the output of:

ip a
ip -6 route

If the upstream router only provides NAT'ed ULAs (as required e.g. when using IPv6 with mwan3), then you have to force the announcement of the IPv6 default route in LAN configuration.

here you go:

root@OpenWrt:~# ip -6 route
default from 2a02:9003:af:4891::/64 via fe80::46aa:50ff:fe52:e718 dev pppoe-wan  metric 512 
unreachable 2a02:9003:af:4891::/64 dev lo  metric 2147483647 
fda7:3a7a:f62::/64 dev br-lan  metric 1024 
unreachable fda7:3a7a:f62::/48 dev lo  metric 2147483647 
fe80::46aa:50ff:fe52:e718 dev pppoe-wan  metric 1 
fe80::6d98:3e65:9b65:325d dev pppoe-wan  metric 256 
fe80::/64 dev eth1  metric 256 
fe80::/64 dev eth0  metric 256 
fe80::/64 dev eth0.2  metric 256 
fe80::/64 dev br-lan  metric 256 
fe80::/64 dev tun0  metric 256 
fe80::/64 dev wlan1  metric 256 
fe80::/64 dev wlan0  metric 256 
fe80::/64 dev wlan0-1  metric 256 
anycast 2a02:9003:af:4891:: dev pppoe-wan  metric 0 
anycast fda7:3a7a:f62:: dev br-lan  metric 0 
anycast fe80:: dev eth0.2  metric 0 
anycast fe80:: dev eth0  metric 0 
anycast fe80:: dev eth1  metric 0 
anycast fe80:: dev tun0  metric 0 
anycast fe80:: dev br-lan  metric 0 
anycast fe80:: dev wlan1  metric 0 
anycast fe80:: dev wlan0-1  metric 0 
anycast fe80:: dev wlan0  metric 0 
multicast ff00::/8 dev eth1  metric 256 
multicast ff00::/8 dev br-lan  metric 256 
multicast ff00::/8 dev eth0  metric 256 
multicast ff00::/8 dev eth0.2  metric 256 
multicast ff00::/8 dev pppoe-wan  metric 256 
multicast ff00::/8 dev tun0  metric 256 
multicast ff00::/8 dev wlan1  metric 256 
multicast ff00::/8 dev wlan0  metric 256 
multicast ff00::/8 dev wlan0-1  metric 256 
root@OpenWrt:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether dc:ef:09:f2:7e:aa brd ff:ff:ff:ff:ff:ff
    inet6 fe80::deef:9ff:fef2:7eaa/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether dc:ef:09:f2:7e:a9 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::deef:9ff:fef2:7ea9/64 scope link 
       valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether dc:ef:09:f2:7e:a9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fda7:3a7a:f62::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::deef:9ff:fef2:7ea9/64 scope link 
       valid_lft forever preferred_lft forever
8: eth1.1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether dc:ef:09:f2:7e:a9 brd ff:ff:ff:ff:ff:ff
9: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether dc:ef:09:f2:7e:aa brd ff:ff:ff:ff:ff:ff
    inet6 fe80::deef:9ff:fef2:7eaa/64 scope link 
       valid_lft forever preferred_lft forever
10: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN qlen 3
    link/ppp 
    inet 83.43.202.222 peer 192.168.144.1/32 scope global pppoe-wan
       valid_lft forever preferred_lft forever
    inet6 2a02:9003:af:4891:6d98:3e65:9b65:325d/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::6d98:3e65:9b65:325d/128 scope link 
       valid_lft forever preferred_lft forever
11: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether dc:ef:09:f2:7e:ac brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.1/24 brd 192.168.100.255 scope global wlan1
       valid_lft forever preferred_lft forever
    inet6 fe80::deef:9ff:fef2:7eac/64 scope link 
       valid_lft forever preferred_lft forever
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 500
    link/[65534] 
    inet 10.0.0.1/24 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::5db8:a633:e759:ded2/64 scope link flags 800 
       valid_lft forever preferred_lft forever
19: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether dc:ef:09:f2:7e:ab brd ff:ff:ff:ff:ff:ff
    inet6 fe80::deef:9ff:fef2:7eab/64 scope link 
       valid_lft forever preferred_lft forever
20: wlan0-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether de:ef:09:f2:7e:ab brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.1/24 brd 192.168.10.255 scope global wlan0-1
       valid_lft forever preferred_lft forever
    inet6 fe80::dcef:9ff:fef2:7eab/64 scope link 
       valid_lft forever preferred_lft forever

thanks for investing your time on my setup @patrakov

At this point, all we can see is:

  1. The ISP is providing a public IPv6 address, so the situation in my original reply is not what happens here.
  2. The LANs (br-lan, tun0 and wlan0-1) do not receive public IPv6 addresses.

So, apparently, prefix delegation fails. Could you please show the /etc/config/network file (minus passwords), as well as the output of ifstatus wan6 or ifstatus wan_6, whichever works?

Sure. Here you go!

root@OpenWrt:~# cat /etc/config/network 

config interface 'loopback'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'
	option device 'lo'

config globals 'globals'
	option ula_prefix 'fda7:3a7a:0f62::/48'

config interface 'lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.1'
	option device 'br-lan'
	option ip6class 'local'

config interface 'wan'
	option proto 'pppoe'
	option password '*redacted*'
	option username '*redacted*'
	option device 'eth0.2'
        option ipv6 'auto'

config switch
	option name 'switch0'
	option reset '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 5'
	option vid '2'

config interface 'kitusguest'
	option proto 'static'
	option ipaddr '192.168.10.1'
	option netmask '255.255.255.0'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1.1'

config interface 'iot'
	option proto 'static'
	list ipaddr '192.168.100.1/24'
root@OpenWrt:~# ifstatus wan_6
{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": true,
	"uptime": 30108,
	"l3_device": "pppoe-wan",
	"proto": "dhcpv6",
	"device": "pppoe-wan",
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "2a02:9003:af:4891:6d98:3e65:9b65:325d",
			"mask": 64
		}
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::46aa:50ff:fe52:e718",
			"metric": 512,
			"valid": 7836,
			"source": "2a02:9003:af:4891:6d98:3e65:9b65:325d/64"
		}
	],
	"dns-server": [
		
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		"zone": "wan"
	}
}

thanks again!

So the ISP does not delegate you a prefix to use on your LAN. Generally, with manual configuration, it would still be possible to use the same /64 on both WAN and LAN, using the "relay" functionality for NDP and DHCPv6, but, after using this to work around Rostelecom bugs, I absolutely can't recommend this. Even deprecated 6to4 tunnels work better. The reason is that, when the PPPoE link disconnects and reconnects, the prefix would likely be different, but there is nobody to announce the change into the LAN. So the clients would continue using the outdated and no-longer-routable prefix, and therefore all IPv6 connections will just time out.

So our goal now is to convince your ISP's router to delegate a prefix correctly.

What I can suggest is:

  1. Instead of relying on IPv6 autoconfiguration via a virtual interface, please change option ipv6 'auto' to option ipv6 '1', and then create an explicit "wan6" interface (protocol: DHCPv6, device: @wan) in Luci. This will allow you to tweak advanced DHCPv6 settings.
  2. In the newly-created wan6 interface settings, play with the reqprefix setting, in hope to coach your ISP into actually delegating a prefix. Valid values to try are auto, 64, 62, 60, and 56. You will know one of them works when ifstatus wan6 shows a non-empty "ipv6-prefix".
1 Like

On the other hand, when odhcp6c does not receive a delegated prefix, I think netifd activates the relay mode automatically. Do devices in LAN receive public IPv6 addresses? If so, the problem does not really exist, it's just a misleading log message. The announcements of a public prefix and the default route are then done directly by the router on the ISP side of the pppoe link, not by odhcpd.

I would say that some of the devices do receive a ipv6 address, but I'm not sure.

this is what my Mac displays:

Marcs-Air:~ marcgarcia$ ifconfig 
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
	nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
anpi1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether 3a:d5:21:93:06:19 
	inet6 fe80::38d5:21ff:fe93:619%anpi1 prefixlen 64 scopeid 0x4 
	nd6 options=201<PERFORMNUD,DAD>
	media: none
	status: inactive
anpi0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether 3a:d5:21:93:06:18 
	inet6 fe80::38d5:21ff:fe93:618%anpi0 prefixlen 64 scopeid 0x5 
	nd6 options=201<PERFORMNUD,DAD>
	media: none
	status: inactive
en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether 3a:d5:21:93:06:f8 
	nd6 options=201<PERFORMNUD,DAD>
	media: none
	status: inactive
en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether 3a:d5:21:93:06:f9 
	nd6 options=201<PERFORMNUD,DAD>
	media: none
	status: inactive
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=460<TSO4,TSO6,CHANNEL_IO>
	ether 36:aa:46:85:21:40 
	media: autoselect <full-duplex>
	status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=460<TSO4,TSO6,CHANNEL_IO>
	ether 36:aa:46:85:21:44 
	media: autoselect <full-duplex>
	status: inactive
ap1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether 3a:3e:ef:ca:8d:43 
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
	ether 18:3e:ef:ca:8d:43 
	inet6 fe80::4f:c348:2127:4922%en0 prefixlen 64 secured scopeid 0xb 
	inet6 fda7:3a7a:f62:0:1085:bdc6:d893:854f prefixlen 64 autoconf secured 
	inet 192.168.1.209 netmask 0xffffff00 broadcast 192.168.1.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether 4a:41:07:31:b0:17 
	inet6 fe80::4841:7ff:fe31:b017%awdl0 prefixlen 64 scopeid 0xc 
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active
llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether 4a:41:07:31:b0:17 
	inet6 fe80::4841:7ff:fe31:b017%llw0 prefixlen 64 scopeid 0xd 
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active
bridge0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
	options=63<RXCSUM,TXCSUM,TSO4,TSO6>
	ether 36:aa:46:85:21:40 
	Configuration:
		id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
		maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
		root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
		ipfilter disabled flags 0x0
	member: en1 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 8 priority 0 path cost 0
	member: en2 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 9 priority 0 path cost 0
	media: <unknown type>
	status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
	inet6 fe80::3db3:3111:e403:4d2f%utun0 prefixlen 64 scopeid 0xf 
	nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
	inet6 fe80::8cd0:dfea:4a77:9f49%utun1 prefixlen 64 scopeid 0x10 
	nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1000
	inet6 fe80::ce81:b1c:bd2c:69e%utun2 prefixlen 64 scopeid 0x11 
	nd6 options=201<PERFORMNUD,DAD>
Marcs-Air:~ marcgarcia$ 

I'm not very familiar with ipv6 so I can't know if it actually received a ipv6 address.

thanks!

Nope, it doesn't. Public IPv6 addresses begin with the digit "2".

I'll give this a shot during the weekend and report back. Thanks a million for your assistance!!!

Any luck? having the same issue here

Hi @patrakov ! apologies in advance as I have not yet have managed to find some time and dive into my openwrt configuration. I came across this on the management interface of the router a few minutes ago. Does this change anything so far? These are two local devices on my network, and they are apparently getting a ipv6 address, right?

thanks

They get an ULA address (fd...) which is the IPv6 equivalent of private RFC1918 IP address. No public IP.

2 Likes

understood. I still need to apply the suggestions I was provided with, earlier in this thread. Will hopefully report back next weekend.

Thank you guys for this superb community!

Hello again @patrakov!

I'm sorry it has taken me a bit long to react upon your guidance. I've now managed to find time and test what you suggested.

I configured wan interface with

option ipv6 '1' 

and wan6 like this:

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'

I then deleted wan_6 and brought the wan interface down and back up. This is what I see in the network file:

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'
	option reqaddress 'try'
	option reqprefix 'auto'

which feels like openwrt has bought it.

After rebooting the device, this is what I see on the interfaces page:

and this is the output of the ifstatus

root@OpenWrt:~# ifstatus wan6
{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 260,
	"l3_device": "pppoe-wan",
	"proto": "dhcpv6",
	"device": "pppoe-wan",
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "*redacted*",
			"mask": 64
		}
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::46aa:50ff:fe52:e718",
			"metric": 512,
			"valid": 8746,
			"source": "2a02:9003:af:6fb5:c9fe:fd0e:edd5:9d00/64"
		}
	],
	"dns-server": [
		
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		
	}
}

I will now start trying the reqprefix values you suggested above and report back.

thanks

Actually, on another router (not mine, so can't experiment), I could reproduce your issue using a SwissVPN PPtP account. I will report a bug when I have enough debugging information.

Oh, ok! In the mean time I can report that I've followed your instructions and with any of the values the ipv6-prefix is empty. Should I restore my previous configuration then?

No, you shouldn't restore the old configuration. The new suggested configuration is:

  • Go to wan6 properties, to the DHCP Server tab, create one if needed, tick the "ignore interface" box for IPv4. For IPv6, check the "Designated Master" box, and put all three selections (RA, DHCPv6, NDP) into relay mode.
  • Go to lan properties, do not check the box for Designated master (you can't), and set all three to Relay. I am not sure if you need to "learn routes" or not - probably not.

In the end, you'll get something like this:

# cat /etc/config/dhcp
config dhcp lan
    option dhcpv6 relay
    option ra relay
    option ndp relay
    ...
 
config dhcp wan6
    option dhcpv6 relay
    option ra relay
    option ndp relay
    option master 1
    option interface wan6

In this case, the lan interface itself will not get an IPv6 address, but devices connected to the LAN will. So please check the IP addresses and routes on them.

Hi there! I followed your instructions and this does look quite ok, right?

Yes. To check if it works indeed, go to https://test-ipv6.com/