Probably from the ISP.
I'm just running DHCP on the router and I'm getting internet access without PPPoE
It doesn't seem to capture anything when the Gateway is changed to fe80::1. Maybe the command is wrong?
All I managed to capture is:
root@OpenWrt:~# tcpdump -vvvv -ttt -i eth1 icmp6 and 'ip6[40] = 134'
tcpdump: listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
00:00:00.000000 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1 > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 32
hop limit 64, Flags [other stateful], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
mtu option (5), length 8 (1): 1492
0x0000: 0000 0000 05d4
source link-address option (1), length 8 (1): 4c:2e:fe:1d:35:04
0x0000: 4c2e fe1d 3504
00:02:30.223168 IP6 (class 0xc0, hlim 255, next-header ICMPv6 (58) payload length: 24) fe80::1a5b:ff:fe7e:bbcc > fe80::9683:c4ff:fea3:fa8b: [icmp6 sum ok] ICMP6, router advertisement, length 24
hop limit 64, Flags [managed], pref medium, router lifetime 4500s, reachable time 0ms, retrans timer 0ms
source link-address option (1), length 8 (1): 00:00:5e:00:01:01
0x0000: 0000 5e00 0101
00:02:41.666246 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1 > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 32
hop limit 64, Flags [other stateful], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
mtu option (5), length 8 (1): 1492
0x0000: 0000 0000 05d4
source link-address option (1), length 8 (1): 4c:2e:fe:1d:35:04
0x0000: 4c2e fe1d 3504
But when the Gateway returned to fe80::1 nothing has been added to the log...
What's your public IP?
Just the first two blocks suffice.
Public IPv4: starts with 5.29.
Within Luci I see:
IPv4 Upstream
Protocol: DHCP client
Address: 100.120.222.34/17
Gateway: 100.120.128.1
Wait, I think the last part has fe80::1 in that log, so maybe I didn't notice it and this is the wrong broadcast that causes this? Anyone can confirm?
I assume your ISP has some major issues. Did you contacted their customer service and asked them about ip6 issues?
But maybe it's my ONT device that is causing the issue.
From TCPDUMP I can see two devices:
4c:2e:fe:1d:35:04
00:00:5e:00:01:01
I think 4c:2e:fe:1d:35:04 is the problem. How can I check if it's my ONT's MAC Address? And it if is, how can I ignore it?
So I think I confirmed the problem.
Here is the good broadcast:
00:03:33.444632 IP6 (class 0xc0, hlim 255, next-header ICMPv6 (58) payload length: 24) fe80::1a5b:ff:fe7e:bbcc > fe80::9683:c4ff:fea3:fa8b: [icmp6 sum ok] ICMP6, router advertisement, length 24
hop limit 64, Flags [managed], pref medium, router lifetime 4500s, reachable time 0ms, retrans timer 0ms
source link-address option (1), length 8 (1): 00:00:5e:00:01:01
0x0000: 0000 5e00 0101
Here is the bad broadcast:
00:05:07.935729 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1 > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 32
hop limit 64, Flags [other stateful], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
mtu option (5), length 8 (1): 1492
0x0000: 0000 0000 05d4
source link-address option (1), length 8 (1): 4c:2e:fe:1d:35:04
0x0000: 4c2e fe1d 3504
Am I right?
1 Like
Does this device has no admin panel?
Or you will find the Mac addr printed onto the case.
But yes. You get a router advertisement from a bonkers device.
This was registered to Shenzhen Comnect Tech Co, Ltd.
Seems to be something from a Virtual Machine.
Yes, I found its MAC address, it had a sticker with the info on the bottom. So it's indeed the ONT causing trouble. I may be able to log into it, however it's not very user friendly and I don't know what to look out for. I can log into its admin when I connect it directly to the computer with the RJ45 directly connected to my PC, so I will lose my internet access.
Is there a settings option in OpenWrt where I can ingnore certain MAC addresses?
I wonder if it's really the ONT and not the ISP's network.
Normally an ONT is just a bridge which converts from fiber to ethernet and vice versa.
Maybe you're inclined to tell us the maker and model of your ONT and perhaps even your ISP and location?
Yeah, you receive a router advertisement from fe80::1 and your router says "ok, you're the upstream router now" but that device doesn't actually work.
You can add a rule to your firewall to ignore incoming RA on WAN from mac address 4c:2e:fe:1d:35:04 and that might help you.
Is this how?
uci add firewall rule # =cfg1192bd
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest='lan'
uci set firewall.@rule[-1].name='Reject WAN RA'
uci add_list firewall.@rule[-1].proto='icmp'
uci add_list firewall.@rule[-1].src_mac='4C:2E:FE:1D:35:04'
uci set firewall.@rule[-1].target='REJECT'
uci add_list firewall.@rule[-1].icmp_type='multicast-router-advertisement'
EDIT: should be icmp_type='router-advertisement
Probably not dest='lan'
not sure if this is correct or icmpv6 or something similar
I'm not very good with uci commands. I could probably help more with a LuCi interface.
Is any other networking device connected (wired or wireless) to the ONT other than the router wan port and the fiber to the ISP?
No, there isn't.
I tried this:
config rule
option src 'wan'
option name 'Reject WAN RA'
list proto 'icmp'
list src_mac '4C:2E:FE:1D:35:04'
option target 'REJECT'
list icmp_type 'router-advertisement'
option family 'ipv6'
But the router-advertisement packet still passes.
I'm not sure how OpenWrt handles RA packets, whether it lets the kernel handle them, or it processes at user-space. If it's the kernel, then I suspect you need to intercept this packet early in the firewall processing chain, and that might require a custom nftables file.