IPv6 setup - DHCPv6 Issues - Help!

abdulgig · March 11, 2020, 1:23pm

Hey Guys,

I have a simple network. I have IPv4 working with no issues. I get the dhcp lease and I can connect to the Internet. The default setup works perfectly. However, I am unable to get an IPv6 lease.

Provider Router/Modem --> OpenWRT --> My Machine

My provider supports IPv6. If I connect my machine directly to my provider's Modem, I get an IPv4 + IPv6 address and I can ping around everywhere with ping and ping6.

But if I connect with openWRT in between, I just get an IPv4 lease and I don't get an IPv6 dhcp lease.

Please guide me how to do it ? I am using Luci. Is there a decent guide on how to do it via Luci ?

Best Regards,

trendy · March 11, 2020, 1:41pm

You can connect with SSH and run the following commands:

uci export network; uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; ip6tables-save -c; \
ip -4 addr ; ip -4 ro ls tab all ; ip -4 ru; \
ip -6 addr ; ip -6 ro ls tab all ; ip -6 ru; \
ifstatus wan6; ifstatus wan_6; ifstatus lan

The paste them here using "Preformatted text </>"

abdulgig · March 12, 2020, 8:24am

Thank you for very much. The output of the commands are below,

*uci export dhcp
****************

config dnsmasq
	option localise_queries '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option nonwildcard '1'
	option enable_tftp '1'
	option dhcp_boot 'pxelinux.0'
	option tftp_root '/opt/storage'
	option readethers '1'
	option rebind_protection '0'
	option localservice '0'
	option boguspriv '0'

config dhcp 'wan'
	option interface 'wan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dynamicdhcp '0'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'lan'
	option interface 'lan'
	option force '1'
	option start '100'
	option limit '150'
	option leasetime '12h'

config host
	option ip '10.16.10.102'
	option mac '00:25:90:2F:58:6A'
	option name 'r10_cpu_02'

config host
	option ip '10.16.10.103'
	option mac '00:25:90:2D:F1:12'
	option name 'r10_cpu_03'

config host
	option name 'ahmed_vm'
	option dns '1'
	option mac '08:00:27:49:6A:EA'
	option ip '10.16.0.150'


*uci export network
*******************

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '10.16.0.1'
	option netmask '255.240.0.0'
	option gateway '192.168.0.1'
	option delegate '0'
	option metric '1'
	option ipv6 'off'

config interface 'wan'
	option ifname 'eth1.2'
	option proto 'static'
	option ipaddr '192.168.0.2'
	option netmask '255.255.255.0'
	option gateway '192.168.0.1'
	option dns '192.168.0.1'
	option ipv6 'off'

config interface 'wan6'
	option ifname 'eth1.2'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0 1 2 3 5t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'
	option vid '2'

config interface 'vpn0'
	option ifname 'tun0'
	option proto 'none'


*uci export firewall
********************

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'
	option masq '1'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option input 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option network 'wan wan6'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config forwarding
	option dest 'lan'
	option src 'wan'

config forwarding
	option dest 'wan'
	option src 'lan'

config rule 'Allow_OpenVPN_Inbound'
	option target 'ACCEPT'
	option src '*'
	option proto 'udp'
	option dest_port '443'

config zone 'vpn'
	option name 'vpn'
	option network 'vpn0'
	option input 'ACCEPT'
	option forward 'REJECT'
	option output 'ACCEPT'
	option masq '1'

config forwarding 'vpn_forwarding_lan_in'
	option src 'vpn'
	option dest 'lan'

config forwarding 'vpn_forwarding_lan_out'
	option src 'lan'
	option dest 'vpn'

config forwarding 'vpn_forwarding_wan'
	option src 'vpn'
	option dest 'wan'

*head -n -0 /etc/firewall.user
******************************

iptables -I forwarding_rule -i tun0 -o br-lan -j ACCEPT
iptables -I forwarding_rule -o tun0 -i br-lan -j ACCEPT
iptables -I INPUT -i tun0 -j ACCEPT


*ip -4 addr
***********

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
13: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 10.16.0.1/12 brd 10.31.255.255 scope global br-lan
       valid_lft forever preferred_lft forever
15: eth1.2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.0.2/24 brd 192.168.0.255 scope global eth1.2
       valid_lft forever preferred_lft forever

*ip -6 addr
***********

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 532
    inet6 fe80::5aef:68ff:fea8:bf7/64 scope link
       valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 532
    inet6 fe80::58ef:68ff:fea8:bf7/64 scope link
       valid_lft forever preferred_lft forever
13: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::58ef:68ff:fea8:bf7/64 scope link
       valid_lft forever preferred_lft forever
15: eth1.2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2001:8f8:1349:cb9a:5aef:68ff:fea8:bf7/64 scope global dynamic noprefixroute
       valid_lft 863895sec preferred_lft 604695sec
    inet6 fe80::5aef:68ff:fea8:bf7/64 scope link
       valid_lft forever preferred_lft forever
16: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::58ef:68ff:fea8:bf8/64 scope link
       valid_lft forever preferred_lft forever
17: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::58ef:68ff:fea8:bf9/64 scope link
       valid_lft forever preferred_lft forever

*ip -4 ro ls tab all
********************

default via 192.168.0.1 dev eth1.2 proto static
10.16.0.0/12 dev br-lan proto static scope link metric 1
192.168.0.0/24 dev eth1.2 proto kernel scope link src 192.168.0.2
broadcast 10.16.0.0 dev br-lan table local proto kernel scope link src 10.16.0.1
local 10.16.0.1 dev br-lan table local proto kernel scope host src 10.16.0.1
broadcast 10.31.255.255 dev br-lan table local proto kernel scope link src 10.16.0.1
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.0.0 dev eth1.2 table local proto kernel scope link src 192.168.0.2
local 192.168.0.2 dev eth1.2 table local proto kernel scope host src 192.168.0.2
broadcast 192.168.0.255 dev eth1.2 table local proto kernel scope link src 192.168.0.2


*ip -6 ro ls tab all
********************
default from 2001:8f8:1349:cb9a::/64 via fe80::f68c:ebff:fec7:7f01 dev eth1.2 proto static metric 512 pref medium
2001:8f8:1349:cb9a::/64 dev eth1.2 proto static metric 256 pref medium
2001:8f8:1349:cb9a::/64 via fe80::f68c:ebff:fec7:7f01 dev eth1.2 proto static metric 384 pref medium
fd80:56c2:e21c:0:199:9300::/88 dev ztmjfmfyq5 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev eth1.2 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast 2001:8f8:1349:cb9a:: dev eth1.2 table local proto kernel metric 0 pref medium
local 2001:8f8:1349:cb9a:5aef:68ff:fea8:bf7 dev eth1.2 table local proto kernel metric 0 pref medium
anycast fe80:: dev ztmjfmfyq5 table local proto kernel metric 0 pref medium
anycast fe80:: dev eth1.2 table local proto kernel metric 0 pref medium
anycast fe80:: dev eth1 table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
anycast fe80:: dev wlan1 table local proto kernel metric 0 pref medium
anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
local fe80::32:d7ff:fe53:801b dev ztmjfmfyq5 table local proto kernel metric 0 pref medium
local fe80::58ef:68ff:fea8:bf7 dev eth0 table local proto kernel metric 0 pref medium
local fe80::58ef:68ff:fea8:bf7 dev br-lan table local proto kernel metric 0 pref medium
local fe80::58ef:68ff:fea8:bf8 dev wlan1 table local proto kernel metric 0 pref medium
local fe80::58ef:68ff:fea8:bf9 dev wlan0 table local proto kernel metric 0 pref medium
local fe80::5aef:68ff:fea8:bf7 dev eth1.2 table local proto kernel metric 0 pref medium
local fe80::5aef:68ff:fea8:bf7 dev eth1 table local proto kernel metric 0 pref medium
ff00::/8 dev eth0 table local metric 256 pref medium
ff00::/8 dev eth1 table local metric 256 pref medium
ff00::/8 dev eth1.2 table local metric 256 pref medium
ff00::/8 dev br-lan table local metric 256 pref medium
ff00::/8 dev wlan1 table local metric 256 pref medium
ff00::/8 dev wlan0 table local metric 256 pref medium

*ip -4 ru
*********
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

ip -6 ru
********
0:      from all lookup local
32766:  from all lookup main
4200000001:     from all iif lo failed_policy
4200000013:     from all iif br-lan failed_policy
4200000015:     from all iif eth1.2 failed_policy
4200000015:     from all iif eth1.2 failed_policy


*ifstatus wan6
**************

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 3958,
	"l3_device": "eth1.2",
	"proto": "dhcpv6",
	"device": "eth1.2",
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "2001:8f8:1349:cb9a:5aef:68ff:fea8:bf7",
			"mask": 64,
			"preferred": 604721,
			"valid": 863921
		}
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "2001:8f8:1349:cb9a::",
			"mask": 64,
			"nexthop": "::",
			"metric": 256,
			"valid": 863921,
			"source": "::/0"
		},
		{
			"target": "2001:8f8:1349:cb9a::",
			"mask": 64,
			"nexthop": "fe80::f68c:ebff:fec7:7f01",
			"metric": 384,
			"valid": 863921,
			"source": "::/0"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::f68c:ebff:fec7:7f01",
			"metric": 512,
			"valid": 3521,
			"source": "2001:8f8:1349:cb9a:5aef:68ff:fea8:bf7/64"
		}
	],
	"dns-server": [
		
	],
	"dns-search": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		]
	},
	"data": {
		
	}
}

*ifstatus lan
*************

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 3971,
	"l3_device": "br-lan",
	"proto": "static",
	"device": "br-lan",
	"updated": [
		"addresses",
		"routes"
	],
	"metric": 1,
	"dns_metric": 0,
	"delegation": false,
	"ipv4-address": [
		{
			"address": "10.16.0.1",
			"mask": 12
		}
	],
	"ipv6-address": [
		
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "0.0.0.0",
			"mask": 0,
			"nexthop": "192.168.0.1",
			"source": "0.0.0.0/0"
		}
	],
	"dns-server": [
		
	],
	"dns-search": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		]
	},
	"data": {
		
	}
}

abdulgig · March 12, 2020, 8:36am

@trendy , Here is if I directly connect to my Provider's CPE/modem

root@ABDUL:~# ifconfig wifi0
wifi0     Link encap:Ethernet  HWaddr 74:df:bf:6d:aa:19
          inet addr:192.168.0.168  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: 2001:8f8:1349:cb9a:2d7e:1dfc:742e:32f9/64 Scope:Global
          inet6 addr: 2001:8f8:1349:cb9a:f09f:2fb0:5c1d:5f8e/128 Scope:Global
          inet6 addr: fe80::2d7e:1dfc:742e:32f9/64 Scope:Unknown
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@ABDUL:~# ping6 google.com
PING google.com(fjr01s01-in-x0e.1e100.net) 56 data bytes
64 bytes from fjr01s01-in-x0e.1e100.net: icmp_seq=1 ttl=56 time=6.08 ms
64 bytes from fjr01s01-in-x0e.1e100.net: icmp_seq=2 ttl=56 time=5.61 ms

trendy · March 12, 2020, 10:20am

The CPE of your provider doesn't seem to delegate any prefix to the OpenWrt. In ifstatus wan6 command the ipv6-prefix is empty. You can verify that by checking with tcpdump:

tcpdump -i eth1.2 -vxn udp port 547 &
ifup wan6
[let it collect some packets]
kill `pidof tcpdump`

abdulgig · March 12, 2020, 10:53am

@trendy . . So I tried that , here is what I get,

-router:~# ifup wan6
-router:~# 10:52:30.945499 IP6 (flowlabel 0x7aa3e, hlim 1, next-header UDP (17) payload length: 118) fe80::5aef:68ff:fea8:bf7.546 > ff02::1:2.547: [bad udp cksum 0xcc9c -> 0x1737!] dhcp6 solicit (xid=66783d (elapsed-time 0) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_82 opt_94 opt_95 opt_96 opt_82) (client-ID hwaddr type 1 58ef68a80bf7) (reconfigure-accept) (Client-FQDN) (IA_NA IAID:1 T1:0 T2:0) (IA_PD IAID:1 T1:0 T2:0))
        0x0000:  6007 aa3e 0076 1101 fe80 0000 0000 0000
        0x0010:  5aef 68ff fea8 0bf7 ff02 0000 0000 0000
        0x0020:  0000 0000 0001 0002 0222 0223 0076 cc9c
        0x0030:  0166 783d 0008 0002 0000 0006 001a 0015
        0x0040:  0016 0017 0018 001f 0038 0040 0043 0052
        0x0050:  005e 005f 0060 0052 0001 000a 0003 0001
        0x0060:  58ef 68a8 0bf7 0014 0000 0027 0010 000d
        0x0070:  6d61 7a72 6161 2d72 6f75 7465 7200 0003
        0x0080:  000c 0000 0001 0000 0000 0000 0000 0019
        0x0090:  000c 0000 0001 0000 0000 0000 0000
10:52:33.005452 IP6 (flowlabel 0x7aa3e, hlim 1, next-header UDP (17) payload length: 102) fe80::5aef:68ff:fea8:bf7.546 > ff02::1:2.547: [bad udp cksum 0xcc8c -> 0x9cb8!] dhcp6 solicit (xid=56f2fb (elapsed-time 0) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_82 opt_94 opt_95 opt_96 opt_82) (client-ID hwaddr type 1 58ef68a80bf7) (reconfigure-accept) (Client-FQDN) (IA_PD IAID:1 T1:0 T2:0))
        0x0000:  6007 aa3e 0066 1101 fe80 0000 0000 0000
        0x0010:  5aef 68ff fea8 0bf7 ff02 0000 0000 0000
        0x0020:  0000 0000 0001 0002 0222 0223 0066 cc8c
        0x0030:  0156 f2fb 0008 0002 0000 0006 001a 0015
        0x0040:  0016 0017 0018 001f 0038 0040 0043 0052
        0x0050:  005e 005f 0060 0052 0001 000a 0003 0001
        0x0060:  58ef 68a8 0bf7 0014 0000 0027 0010 000d
        0x0070:  6d61 7a72 6161 2d72 6f75 7465 7200 0019
        0x0080:  000c 0000 0001 0000 0000 0000 0000
10:52:34.811478 IP6 (flowlabel 0x7aa3e, hlim 1, next-header UDP (17) payload length: 96) fe80::5aef:68ff:fea8:bf7.546 > ff02::1:2.547: [bad udp cksum 0xcc86 -> 0x0f56!] dhcp6 inf-req (xid=df16d6 (elapsed-time 0) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_83 opt_94 opt_95 opt_96 opt_83 lifetime) (client-ID hwaddr type 1 58ef68a80bf7) (server-ID hwaddr type 1 f48cebc77f01) (Client-FQDN))
        0x0000:  6007 aa3e 0060 1101 fe80 0000 0000 0000
        0x0010:  5aef 68ff fea8 0bf7 ff02 0000 0000 0000
        0x0020:  0000 0000 0001 0002 0222 0223 0060 cc86
        0x0030:  0bdf 16d6 0008 0002 0000 0006 001a 0015
        0x0040:  0016 0017 0018 001f 0038 0040 0053 005e
        0x0050:  005f 0060 0053 0020 0001 000a 0003 0001
        0x0060:  58ef 68a8 0bf7 0002 000a 0003 0001 f48c
        0x0070:  ebc7 7f01 0027 0010 000d 6d61 7a72 6161
        0x0080:  2d72 6f75 7465 7200

abdulgig · March 12, 2020, 10:55am

@trendy, I can ping from the router. The issue is that I don't get an dhcpv6 lease to my hosts on that LAN (10.16.0.0/12)

PING google.com (2a00:1450:4019:802::200e): 56 data bytes
64 bytes from 2a00:1450:4019:802::200e: seq=0 ttl=56 time=3.758 ms
64 bytes from 2a00:1450:4019:802::200e: seq=1 ttl=56 time=3.088 ms
64 bytes from 2a00:1450:4019:802::200e: seq=2 ttl=56 time=3.636 ms
64 bytes from 2a00:1450:4019:802::200e: seq=3 ttl=56 time=3.744 ms

trendy · March 12, 2020, 11:01am

There are 3 packets sent out from the DHCP6 client of OpenWrt, but no response back from the router of the ISP. It seems to me that there is no DHCP6 server running on the router of the ISP. Without that, you cannot take an IPv6 subnet from the router of the ISP and redistribute it to the clients in LAN of OpenWrt.
The router of your ISP seems to only allocate settings with SLAAC, which just works in most cases, that's why the OpenWrt and your PC work when you connect them on the router of the provider. But it is not customizable and doesn't work when you want to connect more segments, like you do with the OpenWrt in the middle.

Maybe you can search in the router of your provider if there is any option for DHCP6, or talk to your ISP?

abdulgig · March 12, 2020, 11:44am

@trendy , Thank You. My settings in IPv6 for modem are in the image attached !

Also, I don't think I have a DHCPv6 section in my CPE. Is there a work around? Can I create static dhcpv6 addresses and have them route via OpenWRT and my CPE ? I already have IPv4 static leases in my DHCP

abdulgig · March 12, 2020, 11:48am

I do have these options under IPv6 in my CPE,

abdulgig · March 12, 2020, 11:54am

Under stateful DHCP, I have the option to specify range of IP addresses, Should that help ?

trendy · March 12, 2020, 12:50pm

The Enable Automatic DHCP-PD in LAN is correctly Enabled.
Set the Autconfiguration Type to Stateful DHCPv6 and try again.

tcpdump -i eth1.2 -vn udp port 547 &
ifup wan6
[let it collect some packets]
kill `pidof tcpdump`

Remove the x from -vxn when you run the tcpdump again.

abdulgig · March 12, 2020, 1:13pm

@trendy, Thanks

These are my DHCP settings under the LAN for IPv6, OK ?

You requested output,

13:12:51.768980 IP6 (flowlabel 0x60ec4, hlim 1, next-header UDP (17) payload length: 136) fe80::5aef:68ff:fea8:bf7.546 > ff02::1:2.547: [bad udp cksum 0xccae -> 0xc30f!] dhcp6 release (xid=a65af4 (elapsed-time 0) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_94 opt_95 opt_96) (client-ID hwaddr type 1 58ef68a80bf7) (server-ID hwaddr type 1 f48cebc77f01) (Client-FQDN) (IA_NA IAID:1 T1:0 T2:0 (IA_ADDR 2001:8f8:1349:cf07::5 pltime:0 vltime:0)))
root@mazraa-router:~# 13:12:52.402470 IP6 (flowlabel 0x60ec4, hlim 1, next-header UDP (17) payload length: 118) fe80::5aef:68ff:fea8:bf7.546 > ff02::1:2.547: [bad udp cksum 0xcc9c -> 0x3dff!] dhcp6 solicit (xid=635178 (elapsed-time 0) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_82 opt_94 opt_95 opt_96 opt_82) (client-ID hwaddr type 1 58ef68a80bf7) (reconfigure-accept) (Client-FQDN) (IA_NA IAID:1 T1:0 T2:0) (IA_PD IAID:1 T1:0 T2:0))
13:12:54.261307 IP6 (flowlabel 0x60ec4, hlim 1, next-header UDP (17) payload length: 140) fe80::5aef:68ff:fea8:bf7.546 > ff02::1:2.547: [bad udp cksum 0xccb2 -> 0x56b5!] dhcp6 request (xid=d3626f (elapsed-time 0) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_94 opt_95 opt_96) (client-ID hwaddr type 1 58ef68a80bf7) (server-ID hwaddr type 1 f48cebc77f01) (reconfigure-accept) (Client-FQDN) (IA_NA IAID:1 T1:0 T2:0 (IA_ADDR 2001:8f8:1349:cf07::5 pltime:604800 vltime:864000)))

abdulgig · March 12, 2020, 1:16pm

Here is what I have under my interfaces, I do see an IPv6 address under my LAN too,

trendy · March 12, 2020, 1:22pm

In your network configuration you have option ipv6 'off' in LAN and WAN. Why is that? Also NDP proxy should be disabled.
Furthermore you are running DHCP server on the WAN interface, is that intentional?

abdulgig · March 12, 2020, 1:32pm

Here is my WAN, IPv6 is enabled. DHCP is off under wan for both IPv4/6

Here is my LAN, I was confused so I had setup proxy in Hybrid,

trendy · March 12, 2020, 1:50pm

Also remove the gateway from the lan interface (the 192.168.0.1) and post again the configs to see where we are.

uci export network; uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; ip6tables-save -c; \
ip -4 addr ; ip -4 ro ls tab all ; ip -4 ru; \
ip -6 addr ; ip -6 ro ls tab all ; ip -6 ru; \
ifstatus wan; ifstatus wan6; ifstatus lan

abdulgig · March 12, 2020, 3:51pm

@trendy, By removing the gateway ( 192.168.0.1 ) , I lost connectivity to my 10.16.0.0/12 network. I have put that back again. Plus, an IPv4 gateway shouldn't impact DHCPv6 lease ? I am posting the configs with the changes you suggested.

Thanks

trendy · March 12, 2020, 4:12pm

You have it both in LAN and WAN. Remove it from LAN only.

trendy · March 12, 2020, 11:12pm

I suggest we start clean as this error with the default gateway is not normal and I am not sure what else might be the problem.
Take a backup of the settings and reset to defaults.
WAN and LAN will work with default settings. That means the WAN will get an IP from the DHCP server of the router of the ISP and wan6 is configured for DHCP6.
If you really need 1 million hosts in the LAN you can change the LAN address and mask, but I don't think it is necessary.
Configure the wireless to your needs.
Don't change anything in the firewall, DHCP or the VPN yet.
Let us know how it goes.