LAN device can not obtain ipv6 after reboot

I found a very strange problem: After reboot the openwrt, LAN devices can not obtain ipv6 address.

My network is a little bit different: I have 2 different ipv6 subnets: a /64 subnet and a /56 subnet, I can use both of them. And there is no DHCPv6 or RA service in upstream network.

I decide to assign a static ipv6 address to wan6 interface, pick up form the /64 subnet. And I use the /56 subnet as ipv6-pd, also config manually.

After that, the br-lan has the ipv6 address, and all things goes right, the devices in LAN network can get ipv6 address and reach the internet.

However once I reboot the router, ipv4 still works, but the ipv6 not. The br-lan still has ipv6 address, but there is only a fe80 ipv6 address in lan devices.

BTW, I found restart br-lan interface or restart odhcpd service will fix this issue temporary.
Here is my config:

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd65:cf15:774f::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '64'
	option ip6hint '1'

config interface 'wan'
	option device 'eth0'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0'
	option proto 'static'
	option ip6gw 'fe80::1'
	option ip6prefix '2a01:56:56:56::/56'
	list ip6addr '2a01:64:64:64::1/64'

/etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option ndp 'relay'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

log of odhcpd

# logread | grep -i 'odhcpd\|dhcpv6\|ipv6'
Wed Feb 19 08:08:34 2025 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Feb 19 08:08:34 2025 daemon.notice procd: start /etc/rc.d/S35odhcpd boot
Wed Feb 19 08:08:34 2025 daemon.notice procd: Create service odhcpd
Wed Feb 19 08:08:34 2025 daemon.notice procd: Start instance odhcpd::instance1
Wed Feb 19 08:08:34 2025 daemon.notice procd: Started instance odhcpd::instance1[1869]
Wed Feb 19 08:08:34 2025 daemon.notice procd: running /etc/init.d/odhcpd running
Wed Feb 19 08:08:34 2025 daemon.notice procd: start /etc/init.d/odhcpd running
Wed Feb 19 08:08:34 2025 daemon.notice procd: stop /etc/rc.d/S35odhcpd boot - took 0.022315150s
Wed Feb 19 08:08:34 2025 daemon.notice procd: stop /etc/init.d/odhcpd running - took 0.014014450s
Wed Feb 19 08:08:35 2025 user.notice ucitrack: Setting up /etc/config/odhcpd reload dependency on /etc/config/dhcp
Wed Feb 19 08:08:39 2025 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile

And you have a static prefix from your provider?

Yes static prefix.

option ndp 'relay'

Why?

There are some virtual servers behind this router, so i use ndp relay to make the these servers reachable from internet.

Pardon me... but you have a STATIC prefix. So why don't you just use.... routing?!

And I disabled the ndp proxy, restart the router, it seems LAN devices still not get ipv6 address.

Did you restarted the clients network connection? (Especially Network Manager on Linux behaves somethings funny.)

Actually there is a strict mac address rule. Only one mac is allowed in one subnet. for this reason a have to use ndp proxy.

Yes, I have tried disable and enable connections in Network Manager and restart the VM system which behind this router.

The logs from Network Manager is only about dhcpv4 and ipv6, there is no ipv6 logs appeared before restart interface on openwrt.

There has to be a huge conceptual misunderstanding here.
If your OpenWrt device acts as a router; and has static prefix delegation; and its properly configured/uses default settings (besides the static prefix set on wan); then there is no such thing as "only one mac per network". And all end-devies on a network, get router advertisments with a prefix where they can pick addresses, and if they can reach the Internet via a default gateway... ndp proxy is an ugly hack for broken network setups.

Thank you for your reply! I know, in normal situation, we do not use ndp proxy, and relay mode is like a hack of ISP network.

However, in my situation, this is a network in server racks. for security reasons, there is a strict mac address rule in upstream network. the whole block of ipv6 address only allowed one mac address.

This rule made me headache. It makes the whole ipv6 address block only available on one instance. So I decide to use openwrt as a router in front of these VMs to deal with this rule.

I am sure I can use these two blocks of ipv6 address. these address is for the servers. Maybe this is not the right config in openwrt.

I'm in the same boat - and I noticed the same behavior. As I didn't want to reboot the OpenWrt VM again, I just left it as-is and considered it a temporary problem.

Edit: Thanks to your post, I did a couple of restarts to debug this issue. With "loglevel" set to "7" for odhcp, I receive the following in my log after rebooting:

Wed Feb 19 14:22:13 2025 daemon.debug odhcpd[1964]: Enabling services with lo running
Wed Feb 19 14:22:13 2025 daemon.debug odhcpd[1964]: Enabling services with eth1 running
Wed Feb 19 14:22:13 2025 daemon.debug odhcpd[1964]: Enabling services with WireGuard running
Wed Feb 19 14:22:13 2025 daemon.debug odhcpd[1964]: Enabling services with eth1 running

As you can see, br-lan is missing. And indeed, odhcp is working fine over Wireguard. Upon restarting odhcp, the output looks like this:

Wed Feb 19 14:23:36 2025 daemon.debug odhcpd[1964]: Enabling services with WireGuard running
Wed Feb 19 14:23:36 2025 daemon.debug odhcpd[1964]: Enabling services with br-lan running
Wed Feb 19 14:23:36 2025 daemon.debug odhcpd[1964]: Enabling services with lo running
Wed Feb 19 14:23:36 2025 daemon.debug odhcpd[1964]: Enabling services with eth1 running

So for whatever reason (a race condition?) it doesn't detect br-lan during startup.

Btw, I could disable NDP proxying for my environment.

For the time being, the following work around "fixes" this issue for me:

Add to /etc/rc.local:

sleep 5
/etc/init.d/odhcpd restart

It doesn't work without the sleep. I will report this to the issue tracker.

That's maybe a good pointer.

I use dnsmasq-full for DHCP, DHCPv6, and RA.

So yes, a service restart is a good first test, the see if you find any race conditions.

(andy, Please do not feel directly addressed by the following)
Of course. NDP proxy is only needed to relay NDP and RA messesges between interfaces, which SHOULD NEVER BE NECESSARY AT ALL. A router is a router is a router. It routes. Especially if you have a proper prefix on wan, and a delegated prefix. Then there is no sane reason EVERY to use a NDP proxy. Period.

Thank you guys!

I have a little knowledge about ipv6. I was misunderstand the usage of NDP proxy.

I had considered to add delay and restart odhcpd service. but this may not a "good" solution. If you report this to issue tracker, please leave the link of the issue, thank you!

I found same issues on github

The log Enabling services with xxx running is output by the void reload_services(struct interface *iface); function. maybe we need add more debug info and recompile odhcpd to findout the reason.

Ah, in the ODHCP repo. I created a new one in the OpenWrt repo: https://github.com/openwrt/openwrt/issues/18033

Created new issue in odhcpd repo: openwrt/odhcpd #230

I added more debug info, you can see the result in the issue

You can find the modified version with more debug log in the issue.

And another solution is install dnsmasq-fullor other packages to replace odhcpd-ipv6only

I tried with dnsmasq-full: While it solves this issue, it does not allow me to retrieve a prefix over Wireguard. I did not investigate this further as I have a functioning workaround for the time being.

Edit: A workaround not involving dnsmasq-full as reported in post #12 (LAN device can not obtain ipv6 after reboot - #12 by andyboeh)