IPv6 - not receiving WAN IPv6 address

NiQ · December 22, 2020, 2:23pm

Sorry that it's probably not the first or second time this comes up but I tried to follow all previous posts and I still get IPv6 working. I can't even get the router to receive an IP from the upstream dchp6 server.
When I disconnect the router and plug-in a computer directly it receives an IPv6 after a "ipconfig /renew6" command and there is full connectivity.

This is the WAN interface (I've just restarted the router, that's why RX and TX values are low):

root@gateway:/etc/config# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr F4:XX:XX:XX:XX:XX
          inet addr:141.xxx.xxx.xxx  Bcast:141.xxx.xxx.255  Mask:255.255.248.0
          inet6 addr: fe80::xxxx:xxxx:xxxx:xxx/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:25130 errors:0 dropped:0 overruns:81 frame:0
          TX packets:14419 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:32437877 (30.9 MiB)  TX bytes:1552791 (1.4 MiB)
          Interrupt:4

uci export dhcp - Note that there is another DHCP server for IPv4 on the network so DHCP on the router is currently disabled. Advice on how to enable for IPv6 only is appreciated but for the time being I doubt this is the issue since the router doesn't even receive an IPv6 address for itself.

package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

uci export network (there are quite a lot of VPN connections that are used. All are IPv4 only and all are set to unmanaged)

package network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
        option ifname 'eth1'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.XXX.1'

config interface 'wan'
        option ifname 'eth0'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth0'
        option proto 'dhcpv6'
        option reqprefix 'auto'
        option reqaddress 'try'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 2 3 4 5'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '1 6'

config interface 'vpn_site'
        option proto 'none'
        option ifname 'tun0'

config interface 'vpn_ra'
        option proto 'none'
        option _orig_ifname 'tap0'
        option _orig_bridge 'false'
        option ifname 'tun1'

config interface 'vpn_ra_tcp'
        option proto 'static'
        option ifname 'tun2'

config interface 'WORK'
        option ifname 'ppp0'
        option proto 'none'
        option auto '0'
        option delegate '0'

uci export firewall (there are a lot of port redirects that I've omitted)

package firewall

config defaults
        option syn_flood '1'
        option output 'ACCEPT'
        option forward 'REJECT'
        option drop_invalid '1'
        option input 'REJECT'
        option flow_offloading '1'
        option flow_offloading_hw '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'VPN_RA_TCP lan vpn_ra vpn_site vpn_ra_tcp'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan WORK'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_port '547'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config redirect (a lot of these - omitted)

config rule
        option target 'ACCEPT'
        option src 'wan'
        option dest_port 'XXXX'
        option name 'OpenVPN-Remote-Access'
        option proto 'tcp udp'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port 'XXXX'
        option name 'OpenVPN-Site-Link-Incoming'

config forwarding
        option dest 'wan'
        option src 'lan'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp'
        option dest_port 'XXXX'
        option name 'OpenVPN-SSL'

/etc/firewall.user is empty (contains only comments)

ip -4 addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    inet 141.XXX.XXX.XXX/21 brd 141.XXX.XXX.255 scope global eth0
       valid_lft forever preferred_lft forever
13: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.XXX.1/24 brd 192.168.XXX.255 scope global br-lan
       valid_lft forever preferred_lft forever

ip -6 addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::XXXX:XXXX:XXXX:XXX/64 scope link
       valid_lft forever preferred_lft forever
10: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 100
    inet6 fe80::XXXX:XXXX:XXXX:XXXX/64 scope link
       valid_lft forever preferred_lft forever
11: tun2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 100
    inet6 fe80::XXXX:XXXX:XXXX:XXXX/64 scope link
       valid_lft forever preferred_lft forever
12: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 100
    inet6 fe80::XXXX:XXXX:XXXX:XXXX/64 scope link
       valid_lft forever preferred_lft forever
13: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::XXXX:XXXX:XXXX:XXXX/64 scope link
       valid_lft forever preferred_lft forever
14: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::XXXX:XXXX:XXXX:XXXX/64 scope link
       valid_lft forever preferred_lft forever
15: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::XXXX:XXXX:XXXX:XXXX/64 scope link
       valid_lft forever preferred_lft forever

ip -4 ro list table all

default via 141.XXX.XXX.1 dev eth0  src 141.XXX.XXX.XXX
141.XXX.XXX.0/21 dev eth0 scope link  src 141.XXX.XXX.XXX
192.168.XXX.0/24 dev br-lan scope link  src 192.168.XXX.1
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
broadcast 141.XXX.XXX.0 dev eth0 table local scope link  src 141.XXX.XXX.XXX
local 141.XXX.XXX.XXX dev eth0 table local scope host  src 141.XXX.XXX.XXX
broadcast 141.XXX.XXX.255 dev eth0 table local scope link  src 141.XXX.XXX.XXX
broadcast 192.168.XXX.0 dev br-lan table local scope link  src 192.168.XXX.1
local 192.168.XXX.1 dev br-lan table local scope host  src 192.168.XXX.1
broadcast 192.168.XXX.255 dev br-lan table local scope link  src 192.168.XXX.1

ip -6 ro list table all

fe80::/64 dev tun1  metric 256
fe80::/64 dev tun2  metric 256
fe80::/64 dev tun0  metric 256
fe80::/64 dev eth0  metric 256
fe80::/64 dev br-lan  metric 256
fe80::/64 dev wlan1  metric 256
fe80::/64 dev wlan0  metric 256
local ::1 dev lo table local  metric 0
anycast fe80:: dev tun1 table local  metric 0
anycast fe80:: dev tun2 table local  metric 0
anycast fe80:: dev tun0 table local  metric 0
anycast fe80:: dev eth0 table local  metric 0
anycast fe80:: dev br-lan table local  metric 0
anycast fe80:: dev wlan1 table local  metric 0
anycast fe80:: dev wlan0 table local  metric 0
local fe80::XXXX:XXXX:XXXX:XXXX dev tun2 table local  metric 0
local fe80::XXXX:XXXX:XXXX:XXXX dev tun1 table local  metric 0
local fe80::XXXX:XXXX:XXXX:XXXX dev tun0 table local  metric 0
local fe80::XXXX:XXXX:XXXX:XXXX dev wlan0 table local  metric 0
local fe80::XXXX:XXXX:XXXX:XXXX dev br-lan table local  metric 0
local fe80::XXXX:XXXX:XXXX:XXXX dev wlan1 table local  metric 0
local fe80::XXXX:XXXX:XXXX:XXXX dev eth0 table local  metric 0
ff00::/8 dev tun1 table local  metric 256
ff00::/8 dev tun2 table local  metric 256
ff00::/8 dev tun0 table local  metric 256
ff00::/8 dev eth0 table local  metric 256
ff00::/8 dev br-lan table local  metric 256
ff00::/8 dev wlan1 table local  metric 256
ff00::/8 dev wlan0 table local  metric 256

ip -4 ru

0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

ip -6 ru

0:      from all lookup local
32766:  from all lookup main
4200000001:     from all iif lo lookup unspec 12
4200000002:     from all iif eth0 lookup unspec 12
4200000002:     from all iif eth0 lookup unspec 12
4200000010:     from all iif tun0 lookup unspec 12
4200000011:     from all iif tun2 lookup unspec 12
4200000012:     from all iif tun1 lookup unspec 12
4200000013:     from all iif br-lan lookup unspec 12

ifstatus wan6

{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 755,
        "l3_device": "eth0",
        "proto": "dhcpv6",
        "device": "eth0",
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [

        ],
        "ipv6-address": [

        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [

        ],
        "dns-server": [

        ],
        "dns-search": [

        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {

        }
}

ifstatus lan

{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 1047,
        "l3_device": "br-lan",
        "proto": "static",
        "device": "br-lan",
        "updated": [
                "addresses"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [
                {
                        "address": "192.168.XXX.1",
                        "mask": 24
                }
        ],
        "ipv6-address": [

        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [

        ],
        "dns-server": [

        ],
        "dns-search": [

        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {

        }
}

tcpdump -i eth0 -vn icmp6 or udp port 546 (while restarting the wan6 interface)

16:19:18.297129 IP6 (flowlabel 0x53b49, hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::XXXX:XXXX:XXXX:XXXX > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
          source link-address option (1), length 8 (1): f4:f2:6d:de:5a:51
16:19:18.626704 IP6 (flowlabel 0xf6641, hlim 1, next-header UDP (17) payload length: 114) fe80::XXXX:XXXX:XXXX:XXXX.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=80c75c (elapsed-time 0) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_94 opt_95 opt_96 opt_82) (client-ID hwaddr type 1 f4f26dde5a51) (reconfigure-accept) (Client-FQDN) (IA_NA IAID:1 T1:0 T2:0) (IA_PD IAID:1 T1:0 T2:0))
16:19:19.801100 IP6 (flowlabel 0xf6641, hlim 1, next-header UDP (17) payload length: 114) fe80::XXXX:XXXX:XXXX:XXXX.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=80c75c (elapsed-time 117) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_94 opt_95 opt_96 opt_82) (client-ID hwaddr type 1 f4f26dde5a51) (reconfigure-accept) (Client-FQDN) (IA_NA IAID:1 T1:0 T2:0) (IA_PD IAID:1 T1:0 T2:0))
16:19:22.121107 IP6 (flowlabel 0xf6641, hlim 1, next-header UDP (17) payload length: 114) fe80::XXXX:XXXX:XXXX:XXXX.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=80c75c (elapsed-time 349) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_94 opt_95 opt_96 opt_82) (client-ID hwaddr type 1 f4f26dde5a51) (reconfigure-accept) (Client-FQDN) (IA_NA IAID:1 T1:0 T2:0) (IA_PD IAID:1 T1:0 T2:0))
16:19:22.300153 IP6 (flowlabel 0x53b49, hlim 255, next-header ICMPv6 (58) payload length: 8) fe80::XXXX:XXXX:XXXX:XXXX > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 8
16:19:26.300437 IP6 (flowlabel 0x53b49, hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::XXXX:XXXX:XXXX:XXXX > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
          source link-address option (1), length 8 (1): f4:f2:6d:de:5a:51
16:19:26.501110 IP6 (flowlabel 0xf6641, hlim 1, next-header UDP (17) payload length: 114) fe80::XXXX:XXXX:XXXX:XXX.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=80c75c (elapsed-time 787) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_94 opt_95 opt_96 opt_82) (client-ID hwaddr type 1 f4f26dde5a51) (reconfigure-accept) (Client-FQDN) (IA_NA IAID:1 T1:0 T2:0) (IA_PD IAID:1 T1:0 T2:0))
16:19:30.300727 IP6 (flowlabel 0x53b49, hlim 255, next-header ICMPv6 (58) payload length: 8) fe80::XXXX:XXXX:XXXX:XXXX > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 8
16:19:35.561103 IP6 (flowlabel 0xf6641, hlim 1, next-header UDP (17) payload length: 114) fe80::XXXX:XXXX:XXXX:XXX.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=80c75c (elapsed-time 1693) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_94 opt_95 opt_96 opt_82) (client-ID hwaddr type 1 f4f26dde5a51) (reconfigure-accept) (Client-FQDN) (IA_NA IAID:1 T1:0 T2:0) (IA_PD IAID:1 T1:0 T2:0))
16:19:53.481207 IP6 (flowlabel 0xf6641, hlim 1, next-header UDP (17) payload length: 114) fe80::XXXX:XXXX:XXXX:XXXX.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=80c75c (elapsed-time 3485) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_94 opt_95 opt_96 opt_82) (client-ID hwaddr type 1 f4f26dde5a51) (reconfigure-accept) (Client-FQDN) (IA_NA IAID:1 T1:0 T2:0) (IA_PD IAID:1 T1:0 T2:0))
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel

Any insights will be extremely appreciated!

trendy · December 22, 2020, 2:44pm

Add wan6 interface in wan firewall zone for a start. From the dump it seems that you don't get any response to the router or dhcp6 solicits.

NiQ · December 22, 2020, 2:52pm

Changed:

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan WORK wan6'

I'll try to contact the ISP, though I'm not really sure why the DHCPv6 responds to a computer but not to a router.

trendy · December 22, 2020, 4:02pm

Maybe there is a mac binding or a DUID binding from the nic of the computer. In any case, contact the ISP just to be sure.