IPv6 Dual Stack with DHCP-PD

Hi, thanks for your replies.

I removed the mtu line and rebooted.

The output for ifstatus commands are:

root@OpenWrt:~# ifstatus wan
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 205,
        "l3_device": "pppoe-wan",
        "proto": "pppoe",
        "device": "eth0.6",
        "updated": [
                "addresses",
                "routes"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [
                {
                        "address": "x.x.x.x",
                        "mask": 32,
                        "ptpaddress": "y.y.y.y"
                }
        ],
        "ipv6-address": [

        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [
                {
                        "target": "0.0.0.0",
                        "mask": 0,
                        "nexthop": "y.y.y.y",
                        "source": "0.0.0.0/0"
                }
        ],
        "dns-server": [
                "a.a.a.a",
                "b.b.b.b"
        ],
        "dns-search": [

        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {

        }
}
root@OpenWrt:~# ifstatus wan6
{
        "up": false,
        "pending": true,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "proto": "dhcpv6",
        "device": "pppoe-wan",
        "data": {

        }
}
root@OpenWrt:~#

How can I get more logs about the ppp negotiation?

Thanks,
kix

Try this: ifup wan6; sleep 10; ifstatus wan6

Thanks,

same results:

root@OpenWrt:~# ifup wan6; sleep 10; ifstatus wan6
{
        "up": false,
        "pending": true,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "proto": "dhcpv6",
        "device": "pppoe-wan",
        "data": {

        }
}

Let's see if there are any interesting packets:
opkg update; opkg install tcpdump; tcpdump -i pppoe-wan -vn icmp6 or udp port 547
Then restart the wan6 interface.

Hi @trendy,

thanks a lot for your reply. I installed tcpdump and run the tcpdump -i pppoe-wan -vn icmp6 or udp port 547 command. Then I open a new ssh connection and typed ifdown wan6; sleep 5; ifup wan6 but the tcpdump doesn't print any package. I played with other tpcdump options, but no packages too.

In my firewall configuration I have (I have more lines, these are related to the wan interface and the INPUT rule):

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port '547'
        option name 'Allow DHCPv6 (546-to-547)'
        option family 'ipv6'
        option src_port '546'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option name 'Allow DHCPv6 (547-to-546)'
        option family 'ipv6'
        option src_port '547'

config defaults
        option syn_flood '1'
        option output 'ACCEPT'
        option drop_invalid '1'
        option forward 'DROP'
        option input 'DROP'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'DROP'
        option forward 'DROP'
        option network 'wan'

IMO, the problem is not in the firewall, but only for your knowledge.

Thanks again,
kix

Add wan6 in wan firewall zone. The post the following:

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru
1 Like
root@OpenWrt:~# ubus call system board; \
> uci export network; uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -6 addr ; ip -6 ro li tab all ; ip -6 ru
{
        "kernel": "5.4.154",
        "hostname": "OpenWrt",
        "system": "Atheros AR9344 rev 2",
        "model": "TP-Link TL-WDR3600 v1",
        "board_name": "tplink,tl-wdr3600-v1",
        "release": {
                "distribution": "OpenWrt",
                "version": "21.02.1",
                "revision": "r16325-88151b8303",
                "target": "ath79/generic",
                "description": "OpenWrt 21.02.1 r16325-88151b8303"
        }
}
package network

config interface 'loopback'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
        option device 'lo'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 2 3 4 5'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 1t'
        option vid '2'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '0t 1t'
        option vid '3'

config switch_vlan
        option device 'switch0'
        option vlan '6'
        option ports '0t 1t'

config interface 'lan'
        option proto 'static'
        option ip6assign '60'
        option netmask '255.255.255.0'
        option ipaddr '192.168.1.1'
        option ip6ifaceid 'random'
        option ip6hint 'caca'
        option device 'br-lan'

config interface 'iptv'
        option proto 'static'
        option ipaddr '10.255.168.228'
        option netmask '255.128.0.0'
        option gateway '10.128.0.1'
        option defaultroute '0'
        option peerdns '0'
        option device 'eth0.2'

config route
        option interface 'iptv'
        option target '172.16.0.0'
        option netmask '255.240.0.0'
        option gateway '10.128.0.1'

config interface 'voip'
        option proto 'dhcp'
        option defaultroute '0'
        option peerdns '0'
        option device 'eth0.3'

config interface 'wan'
        option proto 'pppoe'
        option username 'xxx'
        option password 'yyy'
        option ipv6 '1'
        option device 'eth0.6'

config interface 'wan6'
        option proto 'dhcpv6'
        option device '@wan'
        option reqaddress 'try'
        option reqprefix 'auto'

config route
        option target '192.168.33.0'
        option gateway '192.168.1.2'
        option interface 'lan'
        option netmask '255.255.255.0'

config route
        option target '192.168.44.0'
        option gateway '192.168.1.2'
        option interface 'lan'
        option netmask '255.255.255.0'

config route
        option target '192.168.55.0'
        option gateway '192.168.1.2'
        option netmask '255.255.255.0'
        option interface 'lan'

config route
        option target '192.168.66.0'
        option gateway '192.168.1.8'
        option netmask '255.255.255.0'
        option interface 'lan'

config route
        option target '192.168.77.0'
        option netmask '255.255.255.0'
        option interface 'lan'
        option gateway '192.168.1.8'

config route
        option target '192.168..0'
        option gateway '192.168.1.8'
        option netmask '255.255.255.0'
        option interface 'lan'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'eth0.1'
        option igmp_snooping '1'

package dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option nonwildcard '0'
        option rebind_protection '0'
        list interface 'lan'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'

config dhcp 'lan'
        option interface 'lan'
        option networkid 'tag:!dhcptv'
        option start '100'
        option leasetime '12h'
        option limit '150'
        list dhcp_option '3,192.168.1.1'
        list dhcp_option '6,8.8.8.8,1.1.1.1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

config vendorclass 'vendortv'
        option vendorclass 'IAL'
        option networkid 'dhcptv'

config dhcp 'dhcptv'
        option networkid 'tag:dhcptv'
        option interface 'lan'
        option limit '23'
        option leasetime '24h'
        list dhcp_option '6,172.16.1.1'
        list dhcp_option '240,:::::239.0.2.10:22222:v6.0:239.0.2.30:22222'
        option start '100'
        list dns '2606:4700:4700::1111'
        list domain '2606:4700:4700::1001'
        option ra 'server'
        option dhcpv6 'server'
        option ra_management '1'
        option ndp 'hybrid'

config dhcp 'wwan'
        option start '100'
        option leasetime '12h'
        option limit '150'
        option interface 'wwan'
        list dhcp_option '6,8.8.8.8,1.1.1.1'

config host
        option mac 'AA:BB:CC:DD:EE:FF'
        option name 'test1'
        option dns '1'
        option ip '192.168.1.129'

config host
        option mac 'AA:BB:CC:DD:EE:FA'
        option name 'test2'
        option dns '1'
        option ip '192.168.1.142'

package firewall

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port '547'
        option name 'Allow DHCPv6 (546-to-547)'
        option family 'ipv6'
        option src_port '546'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option name 'Allow DHCPv6 (547-to-546)'
        option family 'ipv6'
        option src_port '547'

config defaults
        option output 'ACCEPT'
        option drop_invalid '1'
        option forward 'DROP'
        option input 'DROP'
        option synflood_protect '1'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule
        option target 'ACCEPT'
        option proto 'tcp'
        option dest_port '80'
        option family 'ipv4'
        option name 'lan-80'
        option src 'lan'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'DROP'
        option forward 'DROP'
        option network 'wan'

config forwarding
        option src 'lan'
        option dest 'wan'

config zone
        option name 'iptv'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option network 'iptv'
        option mtu_fix '1'
        option masq '1'
        option forward 'DROP'

config forwarding
        option src 'lan'
        option dest 'iptv'

config forwarding
        option src 'iptv'
        option dest 'lan'

config zone
        option name 'voip'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option network 'voip'
        option masq '1'
        option mtu_fix '1'
        option forward 'DROP'

config forwarding
        option src 'lan'
        option dest 'voip'

config rule
        option dest_port '22'
        option src 'lan'
        option name 'ssh-management'
        option target 'ACCEPT'
        list proto 'tcp'

config rule
        option src 'lan'
        option name 'dhcp-lan'
        option target 'ACCEPT'
        list proto 'all'

config redirect
        option src 'wan'
        option name 'ALL->DMZ'
        option target 'DNAT'
        option dest_ip '192.168.1.16'
        option dest 'lan'
        list proto 'tcp'
        list proto 'udp'
        list proto 'icmp'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'

config redirect
        option src 'wan'
        option name 'server'
        option src_dport '1-65535'
        option target 'DNAT'
        option dest_ip '192.168.1.16'
        option dest 'lan'
        list proto 'tcp'
        list proto 'udp'
        list proto 'icmp'

config zone
        option name 'wan6'
        option input 'DROP'
        option output 'ACCEPT'
        option forward 'DROP'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::a2f3:c1ff:fece:28c6/64 scope link
       valid_lft forever preferred_lft forever
8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::a2f3:c1ff:fece:28c6/64 scope link
       valid_lft forever preferred_lft forever
9: eth0.3@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::a2f3:c1ff:fece:28c6/64 scope link
       valid_lft forever preferred_lft forever
12: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::a2f3:c1ff:fece:28c5/64 scope link
       valid_lft forever preferred_lft forever
13: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::a2f3:c1ff:fece:28c6/64 scope link
       valid_lft forever preferred_lft forever
18: eth0.6@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::a2f3:c1ff:fece:28c6/64 scope link
       valid_lft forever preferred_lft forever
fe80::/64 dev eth0.2  metric 256
fe80::/64 dev eth0.3  metric 256
fe80::/64 dev br-lan  metric 256
fe80::/64 dev wlan0  metric 256
fe80::/64 dev wlan1  metric 256
fe80::/64 dev eth0.6  metric 256
local ::1 dev lo table local  metric 0
anycast fe80:: dev eth0.2 table local  metric 0
anycast fe80:: dev eth0.3 table local  metric 0
anycast fe80:: dev br-lan table local  metric 0
anycast fe80:: dev wlan0 table local  metric 0
anycast fe80:: dev wlan1 table local  metric 0
anycast fe80:: dev eth0.6 table local  metric 0
local fe80::a2f3:c1ff:fece:28c5 dev wlan0 table local  metric 0
local fe80::a2f3:c1ff:fece:28c6 dev eth0.2 table local  metric 0
local fe80::a2f3:c1ff:fece:28c6 dev eth0.3 table local  metric 0
local fe80::a2f3:c1ff:fece:28c6 dev br-lan table local  metric 0
local fe80::a2f3:c1ff:fece:28c6 dev wlan1 table local  metric 0
local fe80::a2f3:c1ff:fece:28c6 dev eth0.6 table local  metric 0
multicast ff00::/8 dev eth0.2 table local  metric 256
multicast ff00::/8 dev eth0.3 table local  metric 256
multicast ff00::/8 dev br-lan table local  metric 256
multicast ff00::/8 dev wlan0 table local  metric 256
multicast ff00::/8 dev wlan1 table local  metric 256
multicast ff00::/8 dev eth0.6 table local  metric 256
0:      from all lookup local
32766:  from all lookup main
4200000001:     from all iif lo lookup unspec 12
4200000006:     from all iif br-lan lookup unspec 12
4200000008:     from all iif eth0.2 lookup unspec 12
4200000009:     from all iif eth0.3 lookup unspec 12
4200000019:     from all iif pppoe-wan lookup unspec 12
root@OpenWrt:~#

caca will work only if you get a /48. It is more common to allocate a /56, in which case you'll use ca

You have created and empty zone. Delete it. Add the interface wan6 in wan zone.

1 Like

faulty route maybe too... (likely unrelated)

2 Likes

Hi,

I think now is ok:

config zone
        option name 'wan'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'DROP'
        option forward 'DROP'
        list network 'wan'
        list network 'wan6'

But, same results. No packets on tcpdump and no ipv6 address.

Regards,
kix

1 Like

Try this:
uci set network.wan.ipv6='auto' ; uci add_list firewall.wan.network='wan_6' ; uci commit ; ifup wan; sleep 10; ifstatus wan_6

This is PPPoe and PPP didn't even negotiate link local addresses (IPv6CP negotiation). So there is no way DHCPv6 can possibly work. You have to find out why PPP doesn't receive the link-local. All fiddling around with wan6 and tcpdump is futile at this point. You need to find out what is needed for PPP to make IPv6CP work first of all.

Try adding this to your wan interface definition in /etc/config/network

option pppd_options 'ipv6cp-use-ipaddr'
1 Like

Maybe there is something missing from the ppp command. Can you do a ps wwww | grep ppp
My working ppp has
/usr/sbin/pppd nodetach ipparam wan ifname pppoe-wan lcp-echo-interval 10 lcp-echo-failure 6 lcp-echo-adaptive +ipv6 nodefaultroute usepeerdns maxfail 1 user 000111 password ???????? ip-up-script /lib/netifd/ppp-up ipv6-up-script /lib/netifd/ppp6-up ip-down-script /lib/netifd/ppp-down ipv6-down-script /lib/netifd/ppp-down mtu 1492 mru 1492 plugin rp-pppoe.so nic-eth1

Hi,

thanks for your reply. The wan interface is now:

config interface 'wan'
        option proto 'pppoe'
        option username 'adslppp@telefonicanetpa'
        option password 'adslppp'
        option ipv6 '1'
        option device 'eth0.6'
        option pppd_options 'ipv6cp-use-ipaddr'

I restarted the router, but I have the same results.

Regards,
kix

Hi,

mine is (now with ipv6cp-use-ipaddr):

/usr/sbin/pppd nodetach ipparam wan ifname pppoe-wan lcp-echo-interval 1 lcp-echo-failure 5 lcp-echo-adaptive +ipv6 nodefaultroute usepeerdns maxfail 1 user xxxx password ??????? ip-up-script /lib/netifd/ppp-up ipv6-up-script /lib/netifd/ppp6-up ip-down-script /lib/netifd/ppp-down ipv6-down-script /lib/netifd/ppp-down mtu 1492 mru 1492 plugin rp-pppoe.so nic-eth0.6 ipv6cp-use-ipaddr

Diferences are:

lcp-echo-interval is 1 / 10
lcp-echo-failure 5 / 6
And now the ipv6cp-use-ipaddr and the interface name.

The ps command also prints:

odhcp6c -s /lib/netifd/dhcpv6.script -Ntry -P0 -t120 pppoe-wan

Regards,
kix

Thanks,

The uci add_list firewall.wan.network='wan_6' reports uci: Invalid argument. I used wan_6 and wan6 for the interface (mine is wan6).

Regards,
kix.

This looks weird, it should be working without any modifications. Take a backup of the device, then reset to defaults. Configure the wan interface for pppoe with minimum to achieve connectivity and check that it has at least a link local address.

1 Like

Thanks.

I contacted with my ISP and there was a problem in the configuration. Now is solved :slight_smile:

root@OpenWrt:~# ping -6 ipv6.google.com
PING ipv6.google.com (2a00:1450:4003:801::200e): 56 data bytes
64 bytes from 2a00:1450:4003:801::200e: seq=0 ttl=117 time=3.913 ms
64 bytes from 2a00:1450:4003:801::200e: seq=1 ttl=117 time=3.278 ms
^C
--- ipv6.google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 3.278/3.595/3.913 ms
root@OpenWrt:~#

Thanks a lot for your help!
Best Regards,
kix

1 Like

21 posts were split to a new topic: IPv6 is not working

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.