Docu / config of DHCPv6 solicitation and advertisement messages between wan6 and the PPP-based adapter

I have Unitymedia / Kabel BW --> Cable Modem (Connect Box) --> R7800 OpenWRT 18.06.1 --> LAN
IPv6 is running with the one or other issue, learning is in progress, firewall rules testing and VPN connectivity checks ongoing.

Whereas I solved one issue: In the past I got this situation and IPv6 on the internet was gone:
IPv6Upstream_missing

In fact I figured out that this config makes it working properly fine and I get my IPv6 Prefix delegated and IPv6 address on the OpenWrt router.
https://openwrt.org/docs/guide-user/network/ipv6/start#native_ipv6_connection
(/etc/config/firewall rules Allow DHCPv6 (546-to-547) and Allow DHCPv6 (547-to-546))
FirewallRules

There is no other config for pppoe and nothing like "option ipv6 '1'"

What I don't understand:

  • The documentation says that this is required for ppp based protocols only
  • Why this is changing / fixing my IPv6 connectivity

Is it that this might be a basic requirement for full working IPv6 ? In the Unitymedia area I see that people capture with filters on port 546 547 only.
https://www.unitymediaforum.de/viewtopic.php?t=36631&start=25

For me, tcpdump does not show anything suspicious in regard to the "missing" UDP packets, I see
Advertise XID
Release XID
Reply XID
Solicit XID

Ummmm...Yes.

Because; this is the ACCEPT rule for the DHCPv6 requests sent out by your router. If you did not have this rule, you could not receive an IPv6 address via DHCPv6 reply.

By the way, the rule is included by default on my OpenWrt device:

Screenshot%20from%202018-09-23%2022-22-32

Is this what was there for you by default or have you done slight changes?
This is what I got by default (with this option name) when building from sources. But it has gone (I deleted it) after some flashes since I might had recognised that it does not apply to my network.

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

This is a journey to the history of my files and back to 2011:
https://dev.archive.openwrt.org/ticket/10381#no2

Isn't it that per default it should be fe80::/10 instead of fc00::/6 ?

It looks like that the fc00::/6 was used as a default in my very old / first image config files.

@Frood42,

Why are you under that impression?

Those are ULA and Link Local subnets. If you are not understanding at this time what the fc00::/6 and fe80::/10 subnets are, I recommend that you look at:

I answered you:

Here is another device, included rule by default:

Screenshot%20from%202018-09-24%2013-19-00

THIS IS BY DEFAULT, I likely coped the old default rule from an LEDE 15 device.

You can compare your current config with default anytime:

opkg update; opkg install diffutils
mkdir -p /tmp/test; cd /tmp/test
opkg download firewall; tar -zxvf firewall*; tar -zxvf data*
diff /tmp/test/etc/config/firewall /etc/config/firewall
2 Likes

I think it is not very helpful if you post these two different examples to be so called defaults - Without even mentioning the ppp topic from the documentation.
And repeating the certification post is unwanted ads.

The point: both are defaults. It works, if you don't remove them. I had no clue it would matter to you, since you already noted you saw the defaults in code:

Let me be more clear. Please study DHCPv6 (and other IPv6 related matters/protocols/practices/etc.), as you would better understand what ports you need to open. (EDIT: I also provided a Wikipedia link, you failed to notice that.)

I don't see a PPP related issue in anything you've stated. It seems to me - that you didn't have a firewall rule for DHCPv6, because you may have removed it.

These two lines are the best answer for the second item. Mark B!
No RFCs, no links and no further recommendations are required.
You will get an A for an additional explanation why both "defaults" work in the same way / with the same result. But you didn't. Instead, you point out to stupid docs, this is why you get a C.

You need to keep in mind that it is important to focus on the topic header and content. The topic content and the questions that are asked are the reason why a topic was posted. Try to focus. Please don't answer: You need to read something on wiki or other stupid certification sites. This is neither helpful for the TO nor for others readers later on.

This topic is about

  • The documentation says that this is required for ppp based protocols only
  • Why this is changing / fixing my IPv6 connectivity

I don't care about the first one if no-one else does. Just keep in mind that it is confusing to mention it with ppp based protocols only. Even if it is a default config.
The second one is solved.

So in this community we have a "be nice to each other" rule and I am not sure whether the attempted grading of a volunteers response to your question still falls within this spirit (nor is shouting in all caps). How about you simply thank the poster for his input that ultimately solved? your issue instead of going of into the weeds about less important details instead?

Well, since you do not pay anybody to respond it seems somewhat impolite to come up with such a list of demands, no? Nobody forces you to like all answers, but if you ask you should accept all answers, helpful or not, gracefully, after all somebody else is spending their time in an attempt to help. Yes, not all answers are equally helpful, but since that is partly in the eye of the beholder, please simply say thanks :wink:

I've read your original question a few times and it was not clear to me what you mean. Did you refer to option ipv6 1 all the time?

Yes, option ipv6 1 is only defined for PPP based connection types. In fact one should not set option ipv6 1 anymore nowadays as its default setting, auto, takes care of spawning a virtual wan_6 (sic!) sub-interface if the PPP IPv4 connection handler performed a successful IPCP6 negotiation.

1 Like

moeller0, you are absolutely right and I apologise. But I also did encounter to get this chastisement. I needed to be impolite since I feel lots of replies from a specific person very annoying. And it is not only me. And it is difficult to continuously ignore them.
In general, I respect and thank the community very much.
The issues and questions are not solved at all, but I often come to a point where I don't care anymore because I am too annoyed to I prefer to ask some colleagues at lunch. Initially I prefer to ask on the forum because I think it could also be helpful for others.

1 Like

The topic refers to
https://openwrt.org/docs/guide-user/network/ipv6/start#native_ipv6_connection
(/etc/config/firewall rules Allow DHCPv6 (546-to-547) and Allow DHCPv6 (547-to-546))
which are very similar / with the same effect as the default config with fc00::/6
Here we have the "ppp based protocol" documentation vs "the default Ipv6" config.
I tapped into it since I "lost" the default config but had the ppp based config there for various (playing / testing / firewall opening actions, still having issues with IPv6 upstream) reasons but the only documentation in relation to this is the one for ppp based protocols.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.