[IPv6]: Router Advertisement is Getting Ignored -> no route

#1

Hi guys,
please help me configuring my R7800 OpenWRT 18.06.2 router to use DUAL STACK behind my ConnectBox (ISP: Unitymedia NRW - DUAL STACK enabled by ISP) modem-router.

Problem
OpenWRT does not recognize the Router advertisement interval. My ConnectBox settings for the DHCPv6 Server are:

ConnectBox Settings and Info
Auto configuration type: Stateless
Start address: 2a02:908:1062:b300::/64
Number of addresses: 512
DHCPv6 valid lifetime: 1209600 seconds
Router advertisement lifetime: 1800 seconds
Router advertisement interval: 180 seconds

MAC Adresse: 38:43:7D:**:**:**
 
IPv6 Adresse: 2a02:908:1000:6:21df:f9b0:ffb8:3b27/128
	      fe80::3a43:7dff:fe**:****/64
IPv6 default gateway: fe80::201:5cff:fe76:dc46
IPv6 lease time:		D:7 H:0 M:0 S:0
IPv6 lease expire:		Tue Feb 26 00:29:56 2019
IPv6 DNS Servers: 2a02:908:2:a::1
		  2a02:908:2:b::1
 
IPv4 Adresse: 37.201.180.152
Standard Gateway: 37.201.180.1
IPv4 lease time: D:0 H:1 M:0 S:0
IPv4 lease expire: Tue Feb 19 15:27:04 2019
IPv4 DNS Servers: 80.69.96.12 81.210.129.4 

But if I boot OpenWRT first and then the ConnectBox I am getting:

ifstatus wan6 (ConnectBox not fully booted)
root@router:~# ifstatus wan6
{
	"up": false,
	"pending": true,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"proto": "dhcpv6",
	"device": "eth0.2",
	"data": {
		
	}
}

which makes sense since the Connect Box is not up yet. But even after the Connect Box is up I don't get a valid connection. Only after manually restarting wan6 Interface I'm getting a valid and woking IPv6 connection:

ifstatus wan6 (after ConnectBox is up and wan6 manually restarted)
root@router:~# ifstatus wan6
{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 12,
	"l3_device": "eth0.2",
	"proto": "dhcpv6",
	"device": "eth0.2",
	"updated": [
		"addresses",
		"routes",
		"prefixes",
		"data"
	],
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "2a02:908:1062:b300:deef:9ff:fef2:64e5",
			"mask": 64,
			"preferred": 552788,
			"valid": 1157588
		},
		{
			"address": "2a02:908:1062:b300:c354:2827:eb5a:57da",
			"mask": 128,
			"preferred": 552923,
			"valid": 1157723
		}
	],
	"ipv6-prefix": [
		{
			"address": "2a02:908:1062:b31c::",
			"mask": 62,
			"preferred": 552923,
			"valid": 1157723,
			"class": "wan6",
			"assigned": {
				"lan": {
					"address": "2a02:908:1062:b31c::",
					"mask": 62
				}
			}
		}
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "2a02:908:1062:b300::",
			"mask": 64,
			"nexthop": "::",
			"metric": 256,
			"valid": 1157588,
			"source": "::\/0"
		},
		{
			"target": "2a02:908:1062:b300::",
			"mask": 64,
			"nexthop": "fe80::3a43:7dff:fe65:611a",
			"metric": 512,
			"valid": 1157722,
			"source": "::\/0"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::3a43:7dff:fe65:611a",
			"metric": 384,
			"valid": 1787,
			"source": "2a02:908:1062:b31c::\/62"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::3a43:7dff:fe65:611a",
			"metric": 384,
			"valid": 1787,
			"source": "2a02:908:1062:b300:deef:9ff:fef2:64e5\/64"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::3a43:7dff:fe65:611a",
			"metric": 384,
			"valid": 1787,
			"source": "2a02:908:1062:b300:c354:2827:eb5a:57da\/128"
		}
	],
	"dns-server": [
		"2a02:908:2:a::1",
		"2a02:908:2:b::1"
	],
	"dns-search": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		]
	},
	"data": {
		"passthru": "001700202a0209080002000a00000000000000012a0209080002000b0000000000000001"
	}
}

A traceroute6 openwrt.org is working just fine now.

But after 1800 seconds there is no more route:

ifstatus wan6 (after 1800s)
root@router:~# ifstatus wan6
{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 1985,
	"l3_device": "eth0.2",
	"proto": "dhcpv6",
	"device": "eth0.2",
	"updated": [
		"addresses",
		"routes",
		"prefixes",
		"data"
	],
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "2a02:908:1062:b300:deef:9ff:fef2:64e5",
			"mask": 64,
			"preferred": 550815,
			"valid": 1155615
		},
		{
			"address": "2a02:908:1062:b300:c354:2827:eb5a:57da",
			"mask": 128,
			"preferred": 550950,
			"valid": 1155750
		}
	],
	"ipv6-prefix": [
		{
			"address": "2a02:908:1062:b31c::",
			"mask": 62,
			"preferred": 550950,
			"valid": 1155750,
			"class": "wan6",
			"assigned": {
				"lan": {
					"address": "2a02:908:1062:b31c::",
					"mask": 62
				}
			}
		}
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "2a02:908:1062:b300::",
			"mask": 64,
			"nexthop": "::",
			"metric": 256,
			"valid": 1155615,
			"source": "::\/0"
		},
		{
			"target": "2a02:908:1062:b300::",
			"mask": 64,
			"nexthop": "fe80::3a43:7dff:fe65:611a",
			"metric": 512,
			"valid": 1155749,
			"source": "::\/0"
		}
	],
	"dns-server": [
		"2a02:908:2:a::1",
		"2a02:908:2:b::1"
	],
	"dns-search": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		]
	},
	"data": {
		"passthru": "001700202a0209080002000a00000000000000012a0209080002000b0000000000000001"
	}
}

OpenWRT settings
I flashed the latest stable 18.06.2 for my Netgear R7800 router and ran the following script to configure it.

Config script
# /etc/config/dhcp
uci set dhcp.cfg01411c.rebind_localhost='1'
uci set dhcp.lan.start='513'
uci set dhcp.lan.limit='99'
uci set dhcp.lan.ra_management='1'
uci add dhcp domain # =cfg05f37d
uci set dhcp.@domain[-1].name='modem4'
uci set dhcp.@domain[-1].ip='192.168.0.1'
uci add dhcp domain # =cfg06f37d
uci set dhcp.@domain[-1].name='printer4'
uci set dhcp.@domain[-1].ip='10.0.0.5'

# /etc/config/dropbear
uci set dropbear.cfg014dd4.Interface='lan'
uci del dropbear.cfg014dd4.RootPasswordAuth

# /etc/config/firewall
uci set firewall.cfg01e63d.flow_offloading='1'
#uci set firewall.cfg01e63d.flow_offloading_hw='1'

# /etc/config/luci
uci add luci ifstate # =cfg090295
uci set luci.@ifstate[-1].interface='wan'
uci set luci.@ifstate[-1].ifname='eth0.2'
uci set luci.@ifstate[-1].bridge='false'

# /etc/config/network
uci del network.wan.proto
uci set network.wan.proto='static'
uci set network.wan.ipaddr='192.168.0.2'
uci set network.wan.netmask='255.255.255.0'
uci set network.wan.gateway='192.168.0.1'
uci set network.lan.ipaddr='10.0.0.1'
uci set network.lan.netmask='255.0.0.0'
uci set network.lan.gateway='192.168.0.1'
uci set network.lan.dns='80.69.96.12 81.210.129.4'
uci set network.lan.ip6assign='62'

# /etc/config/system
uci set system.cfg01e48a.hostname='router'
uci set system.cfg01e48a.zonename='Europe/Berlin'
uci set system.cfg01e48a.timezone='CET-1CEST,M3.5.0,M10.5.0/3'
uci set system.cfg01e48a.log_proto='udp'
uci set system.cfg01e48a.conloglevel='8'
uci set system.cfg01e48a.cronloglevel='8'
uci del system.ntp.enable_serverpasswd

# /etc/config/wireless
uci set wireless.radio0.channel='132'
uci set wireless.radio0.htmode='VHT40'
uci set wireless.radio0.country='DE'
uci set wireless.radio0.legacy_rates='0'
uci set wireless.radio0.distance='15'
uci set wireless.default_radio0.ssid='**********'
uci set wireless.default_radio0.encryption='psk2+ccmp'
uci set wireless.default_radio0.key='**********'
uci set wireless.radio1.channel='4'
uci set wireless.radio1.htmode='HT40'
uci set wireless.radio1.country='DE'
uci set wireless.radio1.legacy_rates='0'
uci set wireless.radio1.distance='auto'
uci set wireless.default_radio1.ssid='**********'
uci set wireless.default_radio1.encryption='psk2+ccmp'
uci set wireless.default_radio1.key='**********'
uci set wireless.radio0.disabled='0'
uci set wireless.radio1.disabled='0'

# commit changes and reboot
uci commit && reboot

and ran

opkg update && opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade && reboot

after a reboot.

Task:
Please help me to make DUAL STACK work on my OpenWRT router behind my ISP's ConnectBox either by telling me which settings to use tweak in OpenWRT or the ConnectBox or by working around bugs (using manual static routes?!)

THANKS

0 Likes

#2

This is probably irrelative to your issue, but nonetheless, addressing a section via CFGID is not right.
CFGID is generated automatically and it's not permanent, so you should use section name or anonymous-name instead:
https://openwrt.org/docs/guide-user/base-system/uci#sections_naming


A similar issue:

0 Likes

#3

No, don't do that. We have discussed it many times in here. This can break things, it doesn't work the same as apt or other package management systems.

2 Likes

#4

If you are using DHCPv6, then the timer on the RA doesn't matter (for the WAN). Since you will get a lease time for the DHCPv6.

It sounds like there is an incompatibility between the DHCPv6 server on the Connect Box and the client on OpenWrt (these do exist).

As a work-around, you may consider restarting the WAN6 via a cronjob (in the middle of the night.

0 Likes

#5

THANKS for your fast replies!

@jow


--> Please have a look at my first post


--> It is enabled. I did not changed anything in firewall other then turning Software flow offloading
on.

@shm0


--> I turned it off and rebooted but this had not any effect on my issue. Therefore I re-enabled it.

@cvmiller


--> If you compare the ifstatus wan6 of wokring and non working state in my 1st post you can see that 3 routes have a valid lifetime of 1800s which is the setting of the ConnectBox. Form my point of view the problem seems to be that the routes don't get renewed after 180s and therefore are not present after 1800s.

I tried to work around my issue by appending the following static routes to /etc/config/network without success. Therefore I deleted those lines after testing.

static routes
config route6
        option interface 'wan6'
        option target '::/0'
        option gateway 'fe80::3a43:7dff:fe65:611a'
        option metric '384'
	option source '2a02:908:1062:b31c::/62'

config route6
        option interface 'wan6'
        option target '::/0'
        option gateway 'fe80::3a43:7dff:fe65:611a'
        option metric '384'
	option source '2a02:908:1062:b300:deef:9ff:fef2:64e5/64'

config route6
        option interface 'wan6'
        option target '::/0'
        option gateway 'fe80::3a43:7dff:fe65:611a'
        option metric '384'
	option source '2a02:908:1062:b300:c354:2827:eb5a:57da/128'

Please note that I see

root@router:~# traceroute6 openwrt.org
traceroute6: can't connect to remote host: Permission denied
root@router:~# ping6 openwrt.org
PING openwrt.org (2a03:b0c0:3:d0::1af1:1): 56 data bytes
ping6: sendto: Permission denied

after the 1800 seconds (non working state). Is that normal behaviour? From a PC connected to OpenWRT's lan interface I see

[relentless@machine ~]$ traceroute6 openwrt.org
traceroute to openwrt.org (2a03:b0c0:3:d0::1af1:1), 30 hops max, 80 byte packets
connect: Network is unreachable

Attached you will find the IPv6 routes using ip -6 route command of working and non working state:

ip -6 route (working state)
root@router:~# ip -6 route
default from 2a02:908:1062:b300:c354:2827:eb5a:57da via fe80::3a43:7dff:fe65:611a dev eth0.2 proto static metric 384 pref medium
default from 2a02:908:1062:b300::/64 via fe80::3a43:7dff:fe65:611a dev eth0.2 proto static metric 384 pref medium
default from 2a02:908:1062:b31c::/62 via fe80::3a43:7dff:fe65:611a dev eth0.2 proto static metric 384 pref medium
2a02:908:1062:b300::/64 dev eth0.2 proto static metric 256 pref medium
2a02:908:1062:b300::/64 via fe80::3a43:7dff:fe65:611a dev eth0.2 proto static metric 512 pref medium
2a02:908:1062:b31c::/64 dev br-lan proto static metric 1024 pref medium
unreachable 2a02:908:1062:b31c::/62 dev lo proto static metric 2147483647 error -113 pref medium
fdea:cdc6:cf5c::/64 dev br-lan proto static metric 1024 pref medium
unreachable fdea:cdc6:cf5c::/48 dev lo proto static metric 2147483647 error -113 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
ip -6 route (non working state)
root@router:~# ip -6 route
2a02:908:1062:b300::/64 dev eth0.2 proto static metric 256 pref medium
2a02:908:1062:b300::/64 via fe80::3a43:7dff:fe65:611a dev eth0.2 proto static metric 512 pref medium
2a02:908:1062:b31c::/64 dev br-lan proto static metric 1024 pref medium
unreachable 2a02:908:1062:b31c::/62 dev lo proto static metric 2147483647 error -113 pref medium
fdea:cdc6:cf5c::/64 dev br-lan proto static metric 1024 pref medium
unreachable fdea:cdc6:cf5c::/48 dev lo proto static metric 2147483647 error -113 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium

How do I add these routes via ip route add?

default from 2a02:908:1062:b300:c354:2827:eb5a:57da via fe80::3a43:7dff:fe65:611a dev eth0.2 proto static metric 384 pref medium
default from 2a02:908:1062:b300::/64 via fe80::3a43:7dff:fe65:611a dev eth0.2 proto static metric 384 pref medium
default from 2a02:908:1062:b31c::/62 via fe80::3a43:7dff:fe65:611a dev eth0.2 proto static metric 384 pref medium
0 Likes

#6

I can't answer your question about the routes.

But connectbox has known issues with prefix delegation.
I guess your isp is unitymedia?
Did they release a firmware update to fix the intel puma bug yet?
I guess no..
Their support sucks also.
I activated my modem and the support guy said i could keep the connectbox just in case. Now they want 40 eur for this piece of < insert swear word of choice>
Can't reach the support either.
Your best bet is to get a plain modem.
But sadly docsis 3.0/3.1 modems are hard to get germany.

0 Likes

#7

Turns out the question how to add the missing routes via ip -6 route is rather simple:

ip -6 route add default from 2a02:908:1062:b300:c354:2827:eb5a:57da via fe80::3a43:7dff:fe65:611a dev eth0.2 proto static metric 384 pref medium
ip -6 route add default from 2a02:908:1062:b300::/64 via fe80::3a43:7dff:fe65:611a dev eth0.2 proto static metric 384 pref medium
ip -6 route add default from 2a02:908:1062:b31c::/62 via fe80::3a43:7dff:fe65:611a dev eth0.2 proto static metric 384 pref medium

and ping6, traceroute6 as well as http://ipv6-test.com/ show working IPv6 connectivity like in the first 1800s after a reboot.

Were is the difference between these commands and my static routes in /etc/config/network?
How to make these routes persistent (reboot safe)? Or probably better how to write a script which runs run boot which sets these routes with the current IPv6 addresses delegated?

0 Likes

#8

These commands will not survive a reboot. The static routes in config will.

0 Likes

#9

There're still 2 routes, but their target is not the internet ::/0.

Adding a route6 to the internet via default gateway:

source /lib/functions/network.sh
network_find_wan6 NET_IF6
network_get_gateway6 NET_GW6 "${NET_IF6}"
uci add network route6
uci set network.@route6[-1].interface="${NET_IF6}"
uci set network.@route6[-1].target="::/0"
uci set network.@route6[-1].gateway="${NET_GW6}"
uci commit network
service network reload

If default gateway is dynamic, do not commit, use runtime config and trigger the script with hotplug on ifup action for wan6 interface:
https://openwrt.org/docs/guide-user/base-system/hotplug

1 Like