IPv6 setup - DHCPv6 Issues - Help!

Here is my WAN, IPv6 is enabled. DHCP is off under wan for both IPv4/6

Here is my LAN, I was confused so I had setup proxy in Hybrid,

Also remove the gateway from the lan interface (the 192.168.0.1) and post again the configs to see where we are.

uci export network; uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; ip6tables-save -c; \
ip -4 addr ; ip -4 ro ls tab all ; ip -4 ru; \
ip -6 addr ; ip -6 ro ls tab all ; ip -6 ru; \
ifstatus wan; ifstatus wan6; ifstatus lan

@trendy, By removing the gateway ( 192.168.0.1 ) , I lost connectivity to my 10.16.0.0/12 network. I have put that back again. Plus, an IPv4 gateway shouldn't impact DHCPv6 lease ? I am posting the configs with the changes you suggested.

Thanks :slightly_smiling_face:

You have it both in LAN and WAN. Remove it from LAN only.

I suggest we start clean as this error with the default gateway is not normal and I am not sure what else might be the problem.
Take a backup of the settings and reset to defaults.
WAN and LAN will work with default settings. That means the WAN will get an IP from the DHCP server of the router of the ISP and wan6 is configured for DHCP6.
If you really need 1 million hosts in the LAN you can change the LAN address and mask, but I don't think it is necessary.
Configure the wireless to your needs.
Don't change anything in the firewall, DHCP or the VPN yet.
Let us know how it goes.

@trendy, Thanks a bunch.

The wan6 interface gets an IPv6 and I can ping ipv6 sites from the router. Not an issue there.

image

The IPv6 route seems to be correctly there also,

default from 2001:8f8:1349:cbd4::1 via fe80::f68c:ebff:fec7:7f01 dev eth1.2 proto static metric 512 pref medium

However, I don't get an IPv6 lease for my hosts on the LAN. Here is what I get on DHCP, just IPv4, an example below

image

I have followed this post and tried to add a custom IPv6 prefix under my WAN6 Interface,

As per the post, the WAN side is set to relay for all (RA / DHCP / NDP) , The LAN side is set to server for (DHCP and RA) , and NDP is hybrid.

I tried adding the custom prefix

2001:8f8:1349:cbd4::/56 , under the LAN I set the assignment as 60, here is what it looks like now,

I setup a host on my LAN to get dhcp and here is what it looks like now, this time it does get a dhcpv6, but the gateway is wrong,

image

It should be,

image

Okay, but the point is to check that the router of the ISP delegates correctly a prefix to OpenWrt. And by the looks of it, it doesn't.

This is wrong in many ways. Has your provider assigned you a bigger than /56 prefix or will it conflict with what is assigned on the router of the ISP? Is it static?

The gateway is fine as it will use the link local address of the LAN port of OpenWrt as gateway.
The problem is that if the router of the ISP has not allocated that prefix with prefix delegation and created a static route for it via the OpenWrt it will not work.

Take some steps back, remove the custom prefix and verify that the router of the ISP is delegating prefix.

tcpdump -i eth1.2 -vn udp port 547 &
ifup wan6
[let it collect some packets]
kill `pidof tcpdump`

If it doesn't, although it is configure to, according to the screenshots you posted earlier, you'll have to discuss it with your ISP.
There is the option for relay, but that requires different configuration (the third box here) So don't mix them for now.

Thanks @trendy

Still stuck ! Is it possible to directly relay settings from the Provider's router ? From the Provider's DHCP using SLAAC, I get a public IPv6 routable address on my LAN hosts. I can ping that IPv6 address from outside.

How can I do the same using openWRT in between ? OR I stop using openWRT as a DHCP ? The issue is my LAN hosts on 10.16.0.0/12 use pxeboot to boot the OS. So if I give the openWRT DHCP, I may lose the pxeboot too . .

You could try the relay, but you have not run the tcpdump to verify that DHCP6 is indeed working, which is the best in my opinion.

@trendy , Here we go,

13:30:15.332828 IP6 (flowlabel 0x4ae3c, hlim 1, next-header UDP (17) payload length: 118) fe80::5aef:68ff:fea8:bf7.546 > ff02::1:2.547: [bad udp cksum 0xcc9c -> 0x67ef!] dhcp6 solicit (xid=582793 (elapsed-time 0) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_82 opt_94 opt_95 opt_96 opt_82) (client-ID hwaddr type 1 58ef68a80bf7) (reconfigure-accept) (Client-FQDN) (IA_NA IAID:1 T1:0 T2:0) (IA_PD IAID:1 T1:0 T2:0))
13:30:16.953947 IP6 (flowlabel 0x4ae3c, hlim 1, next-header UDP (17) payload length: 102) fe80::5aef:68ff:fea8:bf7.546 > ff02::1:2.547: [bad udp cksum 0xcc8c -> 0x5ea2!] dhcp6 solicit (xid=8f30d9 (elapsed-time 0) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_82 opt_94 opt_95 opt_96 opt_82) (client-ID hwaddr type 1 58ef68a80bf7) (reconfigure-accept) (Client-FQDN) (IA_PD IAID:1 T1:0 T2:0))
13:30:18.700936 IP6 (flowlabel 0x4ae3c, hlim 1, next-header UDP (17) payload length: 96) fe80::5aef:68ff:fea8:bf7.546 > ff02::1:2.547: [bad udp cksum 0xcc86 -> 0x6038!] dhcp6 inf-req (xid=55c67d (elapsed-time 0) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_83 opt_94 opt_95 opt_96 opt_83 lifetime) (client-ID hwaddr type 1 58ef68a80bf7) (server-ID hwaddr type 1 f48cebc77f01) (Client-FQDN))

I hope you left it run for some time cause I don't see any response from the DHCP6 server of the router of the ISP.
If you plug another device directly on the router does it acquire DHCP6 settings or only SLAAC? If no, then you should discuss it with your ISP's support first.

@trendy, here is a trace with some more time,

13:31:54.033934 IP6 (flowlabel 0x4ae3c, hlim 1, next-header UDP (17) payload length: 102) fe80::5aef:68ff:fea8:bf7.546 > ff02::1:2.547: [bad udp cksum 0xcc8c -> 0x4f0a!] dhcp6 solicit (xid=1f40e1 (elapsed-time 0) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_82 opt_94 opt_95 opt_96 opt_82) (client-ID hwaddr type 1 58ef68a80bf7) (reconfigure-accept) (Client-FQDN) (IA_PD IAID:1 T1:0 T2:0))
13:31:55.314970 IP6 (flowlabel 0x4ae3c, hlim 1, next-header UDP (17) payload length: 96) fe80::5aef:68ff:fea8:bf7.546 > ff02::1:2.547: [bad udp cksum 0xcc86 -> 0x928d!] dhcp6 inf-req (xid=89475 (elapsed-time 0) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_83 opt_94 opt_95 opt_96 opt_83 lifetime) (client-ID hwaddr type 1 58ef68a80bf7) (server-ID hwaddr type 1 f48cebc77f01) (Client-FQDN))
13:35:29.531003 IP6 (hlim 1, next-header UDP (17) payload length: 105) fe80::5613:79ff:fe87:7538.546 > ff02::1:2.547: [udp sum ok] dhcp6 rebind (xid=c02e63 (elapsed-time 65535) (client-ID hwaddr type 1 541379877538) (IA_NA IAID:3 T1:21600 T2:34560 (IA_ADDR 2001:8f8:1349:cdd3:5aef:68ff:0:fc8 pltime:602638 vltime:861838)) (option-request status-code server-unicast DNS-server DNS-search-list Client-FQDN) (Client-FQDN))
13:45:29.482392 IP6 (hlim 1, next-header UDP (17) payload length: 105) fe80::5613:79ff:fe87:7538.546 > ff02::1:2.547: [udp sum ok] dhcp6 rebind (xid=c02e63 (elapsed-time 65535) (client-ID hwaddr type 1 541379877538) (IA_NA IAID:3 T1:21600 T2:34560 (IA_ADDR 2001:8f8:1349:cdd3:5aef:68ff:0:fc8 pltime:602638 vltime:861838)) (option-request status-code server-unicast DNS-server DNS-search-list Client-FQDN) (Client-FQDN))

Also, I would want you see this, overall it is simple . . I want to run DHCP with IPv4 , IPv6 should relay to the hosts with SLAAC. To ensure SLAAC works, do I need to play with the settings in my WAN also ? or just LAN ? The reason I am asking for WAN because in the forums I have seen people made SLAAC work with modifying WAN settings too.

What should be for LAN and WAN ?

  1. RA
  2. DHCP Server
  3. NDP-Proxy

Announce as default router ? Below is my topology for ease,

Still the same, your OpenWrt is trying from its Link Local address port 546 to contact the multicast address port 547, but there is no response from the router of your ISP from port 547 to OpenWrt port 546.

SLAAC is working with default settings. You should be able to see on the hosts connected to LAN interface the ULA address fdeb:....
Also if you have configured a few hosts to get a specific IP address from DHCPv6, it should also work for the ULA address.
The problem here is that you don't have any prefix delegated from the router of the ISP with Global IPs, so the LAN hosts cannot be routed to the internet.

WAN should be ignored.
LAN should be:
Server
Stateless+Statefull
Disabled.

Better don't touch the WAN yet, unless your ISP tells you to do a relay.

@trendy, Thank you so much as you have been the only following up on this thread :slight_smile:

I'll try those settings you suggested. However, what should be under WAN as default ?

RA
DHCP
NDP

Nothing, it should be ignored.

OK , so I am setting everything there as Disabled under WAN

@trendy, So here is my update,

This configuration below seems to work for relay. I get the same dhcpv6 leases as if I would directly connect to my ISP's router,

The trick here is to set the wan6 interface as 'master'.

Now there are 2 issues that I need to sort out. I need outside (Internet) and inside (LAN) connectivity to these IPv6 addresses (Just like I have it when I connect a LAN host directly to my ISP's router)

  1. By setting the WAN6 as master, it relays the IPv6 DNS servers to the hosts on my LAN. So if try to ping google.com, it doesn't pick up the IPv4 DNS. I can ping 8.8.8.8 from hosts.

  2. If I directly connect to my provider's router, I get a public IPv6 address. It is pingable from Internet. If I connect my LAN hosts via openWRT, it does get a public IPv6 address relayed correctly but the IPv6 addresses are not Pingable from inside(LAN) or even outside(Internet). Here is the IP config of my LAN host now,

    link/ether 1c:1b:0d:23:08:e9 brd ff:ff:ff:ff:ff:ff
    inet 10.16.0.157/12 brd 10.31.255.255 scope global noprefixroute enp1s0
       valid_lft forever preferred_lft forever
    inet6 2001:8f8:1349:cf08:e815:c0da:2a3:d6c5/64 scope global temporary dynamic
       valid_lft 603253sec preferred_lft 84458sec
    inet6 2001:8f8:1349:cf08:6035:9320:d8fc:8b37/64 scope global dynamic mngtmpaddr noprefixroute
       valid_lft 863913sec preferred_lft 604713sec
    inet6 fe80::c537:d4c:a678:935c/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

Do I need to add to static routes somewhere ? How can I fix the routing ? I was assuming that the RA relay should have addressed this.

My OpenWRT configuration here,

config dhcp 'wan'
        option ignore '1'

config dhcp 'wan6'
        option dhcpv6 'relay'
        option ra 'relay'
        option ndp 'relay'
        option master '1'

config dhcp 'lan'
        option interface 'lan'
        option dhcpv6 'relay'
        option ra 'relay'
        option ndp 'relay' ```

From the OpenWRT router connected to my ISP's router, here is what my ip -4 r and ip -6 r looks like,

router:~# ip -6 r
default from 2001:8f8:1349:cf08::/64 via fe80::f68c:ebff:fec7:7f01 dev eth1.2 proto static metric 512 pref medium
2001:8f8:1349:cf08::/64 dev eth1.2 proto static metric 256 pref medium
2001:8f8:1349:cf08::/64 via fe80::f68c:ebff:fec7:7f01 dev eth1.2 proto static metric 384 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev eth1.2 proto kernel metric 256 pref medium
fe80::/64 dev tun0 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium

Here is fe80::f68c:ebff:fec7:7f01 is the local link address of my ISP's router. I can ping and ping6 too google.com with no issues.

Here is what I get on my LAN host connected to OpenWRT

root@lan_host:~# ip -6 r
2001:8f8:1349:cf08::/64 via fe80::58ef:68ff:fea8:bf7 dev enp1s0 proto ra metric 100 pref high
2001:8f8:1349:cf08::/64 dev enp1s0 proto kernel metric 100 pref medium
fe80::/64 dev enp1s0 proto kernel metric 100 pref medium
fe80::/64 dev enp1s0 proto kernel metric 256 pref medium
default via fe80::58ef:68ff:fea8:bf7 dev enp1s0 proto ra metric 100 pref medium

root@lan_host:~# ip -4 r
default via 10.16.0.1 dev enp1s0 proto static metric 100
10.16.0.0/12 dev enp1s0 proto kernel scope link src 10.16.0.157 metric 100
169.254.0.0/16 dev enp1s0 scope link metric 1000

Here is fe80::58ef:68ff:fea8:bf7 is the local link of my OpenWRT.

You need to allow traffic in firewall from wan zone to lan zone. By default it is blocking almost everything, so allow only the protocols/ports that your servers need.

You need to specify on ping to use IPv4, usually with -4 as argument.

@trendy, Thanks

Rules are already permissive as I can ping IPv4 perfectly back and forth.
Wan Zone has both interfaces covered = wan + wan6

One question ? When relaying, we don't need to assign any prefixes ? Global ULA ? or ipv6assign anywhere ?