IPv6 works from LAN but not the router

AcidSlide · April 30, 2023, 10:27pm

Hi All,

I've got a weird situation. Just to give background, my ISP gives out IPv6 with PD of /56 for a couple of yours now. I've disabled IPv6 on my network for the past 2 years due to my ISP's routing for IPv6 was sh*tty. For the past 2-3 days I've been trying to re-enable IPv6 on my network so to test if IPv6 routing improved already. I was at my wits end because it seems (I thought) that it's not working on mine but I've asked around with my peers who are using OpenWRT and same ISP that they have working IPv6. I've even tried resetting to default config but (again I thought) it's really not working on my side. I'm getting IPv6 addresses properly on the router and the downstream devices but it seems it was not working properly.

Got frustrated that I just copied IPv6 related config default config (network, firewall and dhcp) to my config then just leave it even if it's not working. Let me re-iterate I thought it was not working.

Now here is where it got weird, which I thought it was really not working. I tried doing a ping -6 google.com just to check on my laptop and lo and behold, it got a proper response. Huh!?? What was weird is, I've been doing the testing on the router itself doing various ping -6, curl <ipv6 address, ex: ipv6.google.com>, and traceroute -6 and none of them was working.

All IPv6 testing I did wasn't working (only) in the router. All my downstream devices has a working IPv6. I even have a router (openwrt based also) downstream and it too has a working IPv6.

Now the question is, why is IPv6 not working on the router itself?? Below are traceroute from within the router itself and one of my devices.

Traceroute inside the router Note: partially masked IPv6 addresses in the output

# traceroute6 google.com
traceroute to google.com (2404:6800:4017:803::200e), 30 hops max, 72 byte packets
 1  2001:XXXX:XXXX:a2::1 (2001:XXXX:XXXX:a2::1)  2.627 ms  2.330 ms  2.094 ms
 2  *  *  *
 3  *  *  *
 4  *  *  *
 5  *  *  *
 6  *

Traceroute with one of the downstream devices

traceroute6 to google.com (2404:6800:4017:803::200e) from 2001:XXXX:XXXX:f100:f1f5:XXXX:XXXX:cf12, 64 hops max, 12 byte packets
 1  2001:XXXX:XXXX:f100::1  0.428 ms  0.290 ms  0.302 ms
 2  2001:XXXX:XXXX:a2::1  2.563 ms  2.571 ms  2.281 ms
 3  2001:XXXX:XXXX:a2::  2.192 ms
    2001:XXXX:XXXX:a3::  2.850 ms  2.406 ms
 4  *
    2001:XXXX:XXXX:6000::7d  2.698 ms
    2001:XXXX:XXXX:2000::a  1.760 ms
 5  *
    2001:XXXX:XXXX:6000::c1  26.212 ms *
 6  2001:XXXX:XXXX:1::af4  27.755 ms
    2001:XXXX:XXXX:1::17c6  26.109 ms  26.005 ms
 7  2404:6800:8161::1  26.263 ms
    2404:6800:8041::1  26.120 ms
    2404:6800:802f::1  26.333 ms
 8  2001:4860:0:1::5516  27.369 ms
    2001:4860:0:1::56a4  26.005 ms
    2001:4860:0:1::4a4  26.586 ms
 9  2001:4860:0:e04::4  27.004 ms
    2001:4860:0:e07::e  46.180 ms
    2001:4860:0:e05::e  26.574 ms
10  2001:4860::c:4000:db82  26.295 ms
    2001:4860::c:4001:2282  79.164 ms
    2001:4860::c:4000:db81  30.546 ms
11  2001:4860::c:4003:1cb0  83.681 ms
    2001:4860::c:4003:1cb8  1602.699 ms  779.534 ms
12  2001:4860::c:4002:f3dc  108.587 ms
    2001:4860::c:4002:f3dd  82.224 ms
    2001:4860::c:4002:f3dc  92.274 ms
13  2001:4860::9:4002:f3a8  74.877 ms
    2001:4860::9:4002:f38f  79.072 ms
    2001:4860::9:4002:f3a9  74.171 ms
14  2001:4860:0:1::2f0f  72.659 ms
    2001:4860:0:1::3d4d  75.447 ms
    2001:4860:0:1::2f09  73.252 ms
15  mnl08s01-in-x0e.1e100.net  72.635 ms  73.302 ms  72.710 ms

Pico · April 30, 2023, 10:49pm

maybe your recent firewall mods? Question: RE: IP Set Extra script - cron portion

AcidSlide · April 30, 2023, 10:51pm

I'm sure it's not. Because I've tested also by resetting all config of openwrt (without changing a single config of the default) and got the same results.

vgaetera · April 30, 2023, 10:52pm

Try using your LAN IPv6:

traceroute6 -s 2001:XXXX:XXXX:f100::1 google.com

Also check if the issue persists with source routing disabled.

AcidSlide · April 30, 2023, 11:03pm

It worked

# traceroute6 -s 2001:XXXX:XXXX:f100::1 google.com
traceroute to google.com (2404:XXXX:XXXX:803::200e) from 2001:XXXX:XXXX:f100::1, 30 hops max, 72 byte packets
 1  2001:XXXX:XXXX:a2::1 (2001:XXXX:XXXX:a2::1)  1.965 ms  1.879 ms  2.188 ms
 2  2001:XXXX:XXXX:a3:: (2001:XXXX:XXXX:a3::)  2.188 ms  2.416 ms  2.539 ms
-- truncated output --

But with source routing disabled I got to more issues on the router and devices. All IPv6 stopped working hahaha.

Traceroute (from router) with source filter disabled.

 traceroute6 -s 2001:XXXX:XXXX:fc00::1 google.com
traceroute to google.com (2404:6800:4017:803::200e) from 2001:XXXX:XXXX:fc00::1, 30 hops max, 72 byte packets
 1  2001:XXXX:XXXX:fc00::1 (2001:XXXX:XXXX:fc00::1)  2151.882 ms !H  3094.686 ms !H  3119.717 ms !H

vgaetera · April 30, 2023, 11:12pm

I remember similar issues on this forum in the past.
If we search it, there should be a solution or a workaround.

Good to know, revert it.
I was not sure since I don't have native IPv6.

AcidSlide · April 30, 2023, 11:14pm

Ok.. i'll try to search it again.

vgaetera · April 30, 2023, 11:32pm

uci set network.wan6.reqaddress="none"
uci commit network
/etc/init.d/network restart

AcidSlide · May 1, 2023, 12:25am

Yup, this works perfectly, with minor fix on Option #3 (changed '.1' to just '1'.. thanks as always @vgaetera

Final script for /etc/odhcp6c.user.d/00-default-route

DHCPC_EVENT="${2}"
DHCPC_IF="${INTERFACE}"
DHCPC_GW="${SERVER}"
case ${DHCPC_EVENT} in
(bound|informed|updated|rebound|ra-updated) ;;
(*) exit 0 ;;
esac
#ip -6 route delete default dev "${DHCPC_IF}"
#ip -6 route add default via "${DHCPC_GW}" dev "${DHCPC_IF}"
ip -6 route delete default from "${ADDRESSES%%/*}1" dev "${DHCPC_IF}"
ip -6 route add default from "${PREFIXES%%/*}1" dev "${DHCPC_IF}" via "${DHCPC_GW}"

EDIT:
After more testing it seems the script wasn't actually helping my issue.

AcidSlide · May 1, 2023, 12:27am

@vgaetera I'll do additional testing later as people are starting to use the network already and I can't restart the router haha

AcidSlide · May 2, 2023, 1:58am

@vgaetera the script actually doesn't help after much testing. It look liked it worked because for some very weird reason after the initial running of the script the router was able to ping6 google.com. But after a couple of ifdown\ifup wan6 commands, IPv6 related test on the router failed again.

Now even after a reboot, IPv6 test are still failing just on the router with or without the additional script. Again all connected devices can do all IPv6 test with no issues.

AcidSlide · May 2, 2023, 2:56am

I'll try this tonight when peeps at home are asleep.

AcidSlide · May 2, 2023, 11:40am

Ok, I think the issue was somehow connected to the router being assigned an IPv6 address with a /128 which was not part of the PD. Looks like this is an issue coming from my ISP. The following config fixed the issue somehow.

/etc/config/network in the wan6 portion

        option reqaddress 'none'
        option reqprefix 'auto'
        option ip6assign '64'
        option ip6hint 'FF'
        option ip6ifaceid '::1'

Basically removed requesting of IPv6 address from ISP and forcing addressing from PD set for the router.

Thanks @vgaetera for your assistance. I'll be monitoring the setup and do a couple of restarts in the next couple of days to see if issue is really fixed. But for now tagging this as the solution.

system · May 12, 2023, 11:41am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.