CentOS 7 and DHCPv6 failure


I have four Centos 7 virtual machines, and I am trying out different ways to configure IPv6 DHCP services. Running an Archer C7 v2.

I have port 547 for IPv6 UDP open on the router side.

If I mandate IPv6 in CentOS configuration, the interface will come up when IPv6 is configured Automatic (DHCP-only) but not with plain Automatic. Also, running sudo dhclient -6 will get stuck indefinitely.

Looking at the traffic received at the router, using tcpdump, it looks like there is no answer.

I do have the following configuration

config dhcp 'otherlan'
	option leasetime '12h'
	option interface 'otherlan'
	option start '128'
	option limit '64'
	option ra 'server'
	option dhcpv6 'server'
	option ra_management '1'
	list domain 'my.domain'
	list dns 'router:interface:addr::1'

I have configured the hostname in CentOS as both FQDN (originally in every VM) and for experimenting I left the domain out of one, but that changed nothing.

Update 1:

Additionally, netstat -n -l -W -p does show (in fact, one for each lan, but the lines are identical):

udp 0 0 :::547 :::* 1004/odhcpd

Update 2:

My virtual machines randomly get either link local address only, link local and ULA address or sometimes all three, link local, ULA and a real global address. But I haven't been able to figure out what causes what. It is impossible to replicate any behavior for some reason.

Update 3:

There is no active firewall in any of the virtual machines. sudo iptables -L comes out quite empty.

Update 4:

Three of four virtual machines eventually get all three addresses. There is nothing apparently different in the first one that still has only link local address.

Update 5:

I see DHCPv6 replies in tcpdump running on the router, but all have bad UDP checksum, like

[bad udp cksum 0xcbc4 -> 0x90f8!].

Update 6:

At the same time, only the machine with no other address than the link local one, is shown on the Active DHCPv6 Leases list. The list has the ULA address, which the machine doesn't have.

At the same time, machine number 2 is configured to use a certain IPv6 postfix on the router's DHCP configuration page, but none of the three addresses in the machine, as shown by ifconfig, have that.

Update 7:

I installed another (virtual) Centos system with Wireshark to the same segment. I can see the DHCPv6 requests in Wireshark, but the router sends no replies. The router does log some requests and claims to have replied to them (with an ULA address), but the Wireshark doesn't see it. It does see all ARP, NTP and DHCPv4 traffic.

Update 8:

ip6tables -A POSTROUTING -t mangle -p udp --dport 546 -j CHECKSUM --checksum-fill is either not supported anymore, or I need to recompile my image. Will get back to that later.

Update 9:

I know there are known problems in VMware's virtual NICs and their offload implementations. But I see the error as the packet is leaving the Archer C7. Using ethtool I see that only the generic receive offload is enabled. So what is happening here exactly?

Update 10:

Also the DHCPv4 packets have broken checksums, but for some reason are seen and accepted at the receiving end. But since no offload is enabled in the router, except the single one that has to do with receiving, I can't figure how to proceed with this. There is nothing to disable.

Currently the router isn't even responding to DHCPv6 queries. Don't know why, because everything is enabled and on, the server is still listening, the logs always have something like

Sat Oct 21 15:52:22 2017 daemon.notice odhcpd[18882]: Got DHCPv6 request

The LEDE instructions talk about M and A flags with DHCPv6. This article and some others talk about M and O flags. I think I am right to assume that A and O are different names for the same thing.

I set up a CentOS machine to be a DHCPv6 server, and could pass an address from it to one client in the same subnet. I am confused whether I should try stateless, stateful or a combination of these if I want to give certain addressess to certain clients.

Update 1:

No. The O and A are separate flags. A asks the client to create its own address. The M and O are part of the router advertisement. Couldn't find any info on where the flag A is.

(Later: The router advertisement message has optional parts. One of these optional parts, number 3, called Prefix information, has the A flag.)

But my troubles again seem to be over for a while. I needed to open both UDP 547 and NDP parts of ICMPv6 (router-solicitation, router-advertisement, neighbor-solicitation and neighbor-advertisement) on the firewall. The latter two are missing from the LuCI menu.

Update 2:

Still unable to manually deliver addresses to clients via DHCPv6. Is the 'hostid' field for that? Why does the documentation talk about interface suffix? Doesn't sound like it.