IPV6 issue with LEDE

alexiskhoury · August 29, 2018, 7:18am

Hi,
I am having hard time configuring the IPV6 connectivity on LEDE. My ISP is Freebox, I tried the configuation proposed in [https://wiki.openwrt.org/doc/howto/freebox] with no avail. My configuration is as follows:

/etc/config/network

config interface 'wan6'
option ifname 'eth0.2'
option proto 'static'
option ip6gw      '2a01:e35:87fc:xxxx::1'
option ip6prefix  '2a01:e35:87fc:xxxx::/64'
option ip6addr    '2a01:e35:87fc:xxxx::2/126'

config interface 'lan'
option ifname 'eth0.1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '64'

/etc/config/dhcp

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ra_management '1'
        option ra_default '1'
        option ra 'server'
        option dhcpv6 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

wan6 is connected and I can ping the modem from the router. The clients can get ipv6 addressing and can ping the modem but not the router. The router cannot ping any ipv6 adsress on the internet, ping6 gives a Permisison Denied message. The firewall has the original configuration with 2 zones lan => wan and wan => reject.

Am I misssing Something? Seems that there is something blocking traffic between lan and wan6, however the ifstatus wan6 has the following route:

 "route": [
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "2a01:e35:87fc:XXXX::1",
                        "source": "::\/0"
                }
        ],

And the 10-default.conf in (/etc/sysctl.d/) has:

net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1

The modem, which has ipv6 delegation, is instructed to use the nexthop which is the local-link address of the router (fe80::7aa3:51ff:fe44:ce86/64).

Please help.

mikma · August 29, 2018, 2:28pm

Unfortunately the wiki page isn't written in a language that I understand. But I think you need to enable RA and NDP relays in the LAN settings since it seems the IPv6 prefix isn't delegated to your openwrt lede router but is on-link.

tmomas · August 29, 2018, 4:33pm

New URL: https://openwrt.org/docs/guide-user/network/ipv6/freebox
The old page is for archival purposes only and does not receive updates any more.

English translation via google translate

Edit: I want to add that this page is quite old and hasn't received any update (apart from link-updates) in the last 3 years. @ffries Time for an overhaul?
The french original can be found in the fr namespace: https://openwrt.org/fr/docs/guide-user/network/ipv6/freebox

alexiskhoury · August 29, 2018, 10:16pm

Hi thanks for your reply, I partially solved the problem and the solution is posted (in English) at https://forum.archive.openwrt.org/viewtopic.php?id=53160&p=2 (please check the end of the post).

According to the post the ipv6 link is : ISP----wan6(eth0.2)----lan----clients. the wan6 is configured in DHCPv6 and using a custom prefix. IPv6 is deleagted but wan6 and lan are on different networks (see comments in code section). To make this work I am adding 2 routes (as per the post) between wan6 and the outside world using the ISP ipv6 as a gateway and another ipv6 route between lan and wan6 according to the follwing:

config route6
        option interface 'wan6'
        option target '::/0'
        option gateway '2a01:e35:87fc:xxx0::1' # wan6 have also and addr. in xxx0

config route6
        option interface 'lan'
        option target '2a01:e35:87fc:xxx1::/64' # lan have the addr. xxx1::1

Everything works fine and got ipv6 connectivity for all clients till I reboot the router. The ipv6 connectivity is lost, seem that the static routes are being ignored.

Is this linked to interfaces "not ready" on bootting when these routes are called by LEDE? I am looking for a persitent solution, can you please advise / help?

vgaetera · August 30, 2018, 2:02am

Show result after reboot:

ip -4 a; ip -4 r
ip -6 a; ip -6 r
uci show network
uci show dhcp

alexiskhoury · August 30, 2018, 7:12pm

Hi,
Sorry for my late reply; not evident during work hours. The same problem occurs if I restart the network service. Below the output of the requested commands after the router reboots.

The same commands executed in a working configuration reveal the route from wan6 to to the ISP modem which is found to be missing after the reboot (default via 2a01:e35:87xx:yyy0::1 dev eth0.2 metric 1024). However this route appears in Luci. Your help is appreciated.

root@OpenWrt:~# ip -4 a; ip -4 r
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.61.156/24 brd 192.168.61.255 scope global eth0.2
       valid_lft forever preferred_lft forever
default via 192.168.61.1 dev eth0.2  src 192.168.61.156 
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1 
192.168.61.0/24 dev eth0.2 scope link  src 192.168.61.156 
root@OpenWrt:~# ip -6 a; ip -6 r
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
    inet6 fe80::7aa3:51ff:fe44:ce86/64 scope link 
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2a01:e35:87xx:yyy1::1/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::7aa3:51ff:fe44:ce86/64 scope link 
       valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2a01:e35:87xx:yyy0::c2b0:adbf/128 scope global dynamic 
       valid_lft 85508sec preferred_lft 85508sec
    inet6 fe80::7aa3:51ff:fe44:ce87/64 scope link 
       valid_lft forever preferred_lft forever
8: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::7aa3:51ff:fe44:ce84/64 scope link 
       valid_lft forever preferred_lft forever
9: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::7aa3:51ff:fe44:ce85/64 scope link 
       valid_lft forever preferred_lft forever
default from 2a01:e35:87xx:yyy0::c2b0:adbf via fe80::f6ca:e5ff:fe5a:694a dev eth0.2  metric 512 
2a01:e35:87xx:yyy0::/64 dev eth0.2  metric 256 
2a01:e35:87xx:yyy1::/64 dev br-lan  metric 1024 
unreachable 2a01:e35:87xx:yyy1::/64 dev lo  metric 2147483647  error -148
fe80::/64 dev eth0  metric 256 
fe80::/64 dev eth0.2  metric 256 
fe80::/64 dev br-lan  metric 256 
fe80::/64 dev wlan1  metric 256 
fe80::/64 dev wlan0  metric 256 
anycast 2a01:e35:87xx:yyy1:: dev br-lan  metric 0 
anycast fe80:: dev eth0  metric 0 
anycast fe80:: dev eth0.2  metric 0 
anycast fe80:: dev br-lan  metric 0 
anycast fe80:: dev wlan1  metric 0 
anycast fe80:: dev wlan0  metric 0 
ff00::/8 dev eth0  metric 256 
ff00::/8 dev eth0.2  metric 256 
ff00::/8 dev br-lan  metric 256 
ff00::/8 dev wlan1  metric 256 
ff00::/8 dev wlan0  metric 256 
root@OpenWrt:~# uci show network
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd24:5b4d:bfc0::'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='64'
network.lan_dev=device
network.lan_dev.name='eth0.1'
network.lan_dev.macaddr='78:a3:51:44:ce:86'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan_dev=device
network.wan_dev.name='eth0.2'
network.wan_dev.macaddr='78:a3:51:44:ce:87'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.wan6.reqaddress='try'
network.wan6.reqprefix='auto'
network.wan6.ip6prefix='2a01:e35:87xx:yyy1::/64'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='0 1 2 3 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='4 6t'
network.@route6[0]=route6
network.@route6[0].interface='wan6'
network.@route6[0].target='::/0'
network.@route6[0].gateway='2a01:e35:87xx:yyy0::1'
network.@route6[1]=route6
network.@route6[1].interface='lan'
network.@route6[1].target='2a01:e35:87xx:yyy1::/64'
root@OpenWrt:~# uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].nonegcache='0'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.ra='server'
dhcp.lan.ra_default='1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
dhcp.family=tag
dhcp.family.dhcp_option='6,185.228.168.168,185.228.168.169'
dhcp.@host[0]=host
dhcp.@host[0].name='ipad_mini'
dhcp.@host[0].mac='a8:86:dd:b6:d2:6a'
dhcp.@host[0].tag='family'
dhcp.@host[1]=host
dhcp.@host[1].name='lenovo_x1'
dhcp.@host[1].mac='00:24:d7:ce:4e:b0'
dhcp.@host[1].tag='family'

vgaetera · August 31, 2018, 5:47pm

There are at least 3 ways to fix this issue.
First method is try to change prefix, so that default route will include both lan and wan:
https://www.ultratools.com/tools/ipv6CIDRToRangeResult?ipAddress=2a01%3Ae35%3A8711%3A1110%3A%3A%2F63

uci set network.wan6.reqprefix='63'
uci delete network.@route6[-1]
uci delete network.@route6[-1]
uci commit
/etc/init.d/network restart

Result should be:

# ip -6 r
default from 2a01:e35:87xx:yyy0::/63 via fe80::f6ca:e5ff:fe5a:694a dev eth0.2  metric 512 
...

Check it and post here.

It may (or may not, need testing) also require parameter ip6hint to delegate prefix "...1::/64" for lan:
https://openwrt.org/docs/guide-user/network/ipv6/start#downstream_configuration_for_lan-interfaces

uci set network.lan.ip6hint='1'
uci commit
/etc/init.d/network restart

alexiskhoury · August 31, 2018, 12:20pm

Hi,
I changed the prefix and deleted the routes as per your recommendations. I still have no IPv6 connection. The result is here:

root@OpenWrt:~# ip -6 r
default from 2a01:e35:87xx:yyy0::c2b0:adbf via fe80::f6ca:e5ff:fe5a:694a dev eth0.2  metric 512
2a01:e35:87xx:yyy0::/64 dev eth0.2  metric 256
2a01:e35:87xx:yyy1::/64 dev br-lan  metric 1024
unreachable 2a01:e35:87xx:yyy1::/64 dev lo  metric 2147483647  error -148
fe80::/64 dev eth0  metric 256
fe80::/64 dev eth0.2  metric 256
fe80::/64 dev br-lan  metric 256
fe80::/64 dev wlan1  metric 256
fe80::/64 dev wlan0  metric 256
anycast 2a01:e35:87xx:yyy1:: dev br-lan  metric 0
anycast fe80:: dev eth0.2  metric 0
anycast fe80:: dev eth0  metric 0
anycast fe80:: dev br-lan  metric 0
anycast fe80:: dev wlan1  metric 0
anycast fe80:: dev wlan0  metric 0
ff00::/8 dev eth0  metric 256
ff00::/8 dev eth0.2  metric 256
ff00::/8 dev br-lan  metric 256
ff00::/8 dev wlan1  metric 256
ff00::/8 dev wlan0  metric 256

I changed also the ip6hint without success.

root@OpenWrt:~# ip -6 r
default from 2a01:e35:87xx:yyy0::c2b0:adbf via fe80::f6ca:e5ff:fe5a:694a dev eth0.2  metric 512
2a01:e35:87xx:yyy0::/64 dev eth0.2  metric 256
2a01:e35:87xx:yyy1::/64 dev br-lan  metric 1024
unreachable 2a01:e35:87xx:yyy1::/64 dev lo  metric 2147483647  error -148
fe80::/64 dev eth0  metric 256
fe80::/64 dev eth0.2  metric 256
fe80::/64 dev br-lan  metric 256
fe80::/64 dev wlan1  metric 256
fe80::/64 dev wlan0  metric 256
anycast 2a01:e35:87xx:yyy1:: dev br-lan  metric 0
anycast fe80:: dev eth0  metric 0
anycast fe80:: dev eth0.2  metric 0
anycast fe80:: dev br-lan  metric 0
anycast fe80:: dev wlan1  metric 0
anycast fe80:: dev wlan0  metric 0
ff00::/8 dev eth0  metric 256
ff00::/8 dev eth0.2  metric 256
ff00::/8 dev br-lan  metric 256
ff00::/8 dev wlan1  metric 256
ff00::/8 dev wlan0  metric 256

Can you tell me according to your analysis what is the problem? and expose the 3 possible solutions. Please suggest!

vgaetera · February 26, 2021, 6:32am

Restore settings:

uci set network.wan6.reqprefix="auto"
uci -q delete network.lan.ip6hint
uci -q delete network.@route6[-1]
uci -q delete network.@route6[-1]
uci -q delete network.@route6[-1]
uci commit network
/etc/init.d/network restart

Method #2:

uci -q delete network.gw6
uci set network.gw6="route6"
uci set network.gw6.interface="wan6"
uci set network.gw6.target="::/0"
uci set network.gw6.gateway="fe80::f6ca:e5ff:fe5a:694a"
uci commit network
/etc/init.d/network restart

Method #3:

cat << "EOF" > /etc/hotplug.d/iface/30-gw6fix
NET_PROTO="inet6"
NET_ACTION="ifup"
. /lib/functions/network.sh
network_flush_cache
network_find_wan6 NET_IF
network_get_device NET_DEV "${NET_IF}"
network_get_gateway6 NET_GW "${NET_IF}"
if [ "${ACTION}" = "${NET_ACTION}" -a "${INTERFACE}" = "${NET_IF}" ]
then ip -f "${NET_PROTO}" route add default via "${NET_GW}" dev "${NET_DEV}"
fi
EOF
/etc/init.d/network restart

Also add route6 for lan only in case it is not added automatically.

Some routes present in another routing tables:

ip -6 route show table all

While routing table selection depends on routing rules:

ip -6 rule show

alexiskhoury · August 31, 2018, 11:34pm

Hi,

Method 2 seems to be working without issues. I restared the newtork and rebooted the router, in both cases the ipv6 connectivity is working. I did not test method 3 (scirpt fix) since method 2 is working (will come back here if I face new issue).

Thanks for your precious help, I will publish on my site the necessary information to get a working IPv6 configuration with Freebox (France ISP) and link to these discussions to whom it may concern.

Best Regards;
Alexis

alexiskhoury · September 1, 2018, 11:23pm

Hi,

Just to inform you that solution 2 worked definitely. But the clients do not have an IPv6 for the DNS servers. In the IPv6 settings of the LAN network I am referring to Google DNS servers as custom IPv6 DNS servers. Although, RA is in server mode and DHCv6 is disabled. Do you know why the clients are not receiving the DNS servers? Shoudn't this happen automatically? Or does this need to activate the DHCPv6 server forcibly?Or shall I put RA in relay mode?

Thanks in advance

Manai · September 14, 2018, 1:40pm

Is it possible to get the link to your web page? Something must not be correct in my setting. All client PCs get an IPv6. But the ping6 and the IPV6 test fail.
thank you in advance

alexiskhoury · September 14, 2018, 9:07pm

Hi,
You can reach my webpage here: http://akconcept.epizy.com/website/?ipv6
Regards;
Alexis

Manai · September 15, 2018, 8:46am

Hello,
Thank you for the link. Is it essential that the Freebox server is in bridge mode? I prefer to leave the Freebox as a router and put the Netgear WNDR3700 router in DMZ. This allows me to enjoy all the features of the Freebox.

ip -6 r

default from 2a01:e34:eexx:yyy0::/64 via fe80::6aa3:78ff:zzzz:zzz5 dev eth1  metric 512
2a01:e34:eexx:yyy0::/64 dev eth1  metric 256
2a01:e34:eexx:yyy1::/64 dev br-lan  metric 1024
unreachable 2a01:e34:eexx:yyy1::/64 dev lo  metric 2147483647  error -148
2000::/3 via fe80::6aa3:78ff:zzzz:zzz5 dev eth1  metric 1024
fdd7:dad8:e463::/64 dev br-lan  metric 1024
unreachable fdd7:dad8:e463::/48 dev lo  metric 2147483647  error -148
fe80::/64 dev eth0  metric 256
fe80::/64 dev br-lan  metric 256
fe80::/64 dev eth1  metric 256
fe80::/64 dev br-fbx  metric 256
fe80::/64 dev wlan1  metric 256
fe80::/64 dev wlan0  metric 256
unreachable default dev lo  metric -1  error -128
ff00::/8 dev eth0  metric 256
ff00::/8 dev br-lan  metric 256
ff00::/8 dev eth1  metric 256
ff00::/8 dev br-fbx  metric 256
ff00::/8 dev wlan1  metric 256
ff00::/8 dev wlan0  metric 256
unreachable default dev lo  metric -1  error -128

alexiskhoury · September 15, 2018, 12:19pm

Hi, the Freebox can be either in router or bridge mode. It doesn’t matter.

vgaetera · September 17, 2018, 4:16am

It should and it works for me on OpenWrt 18.06.1 with default DHCP-configuration.
Clients receive both DNS-server IPv4+IPv6-addresses which are LAN-interface IP-addresses.

In your case the cause could be related to this custom option:

lleachii · September 17, 2018, 5:06am

I added IPv6 DNS servers to my normal WAN (I use custom DNA servers). The OpenWrt IS is "smart" enough to use it's only IPv6 WAN to make the requests.

Hope it helps...sounds like you were referring to normal DNS requests.

Manai · October 6, 2018, 9:21pm

I made a little confusion between the local link of wan6 and lan. Everything works since I use the wan6 local link.

system · October 31, 2018, 9:52pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.