Native IPv6 via PPPoE unstable - possible configuration error?

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi,

I'm connecting to my ISP via PPPoE.
My ISP provides:

  • one public IPv4
  • one IPv6 /64 prefix via DHCP
  • one routed IPv6 /56 prefix, supposed to be used for my LAN

In principal all seem to be working. However, IPv6 is unstable on Android and Linux clients. Those clients are unable to connect to IPv6 networks after some time. On a Linux client I recognized, that after about an hour after connecting to my home network, the default route for IPv6 is gone.

On my Android clients it could be a similar issue. After connecting to the WiFi, IPv6 is working fine. But after some time, v6 networks aren't reachable anymore.

Could someone please help to look at my OpenWRT configs to see, if there is something obviously wrong?

Some more configuration details:

  • VLAN-ID for the PPPoE connection: 31
  • /64 prefix provided from ISP via DHCPv6
  • /56 prefix is just routed. Not distributed via DHCPv6
  • The home network is separated into different VLANs (trusted, IoT, guest). Each VLAN get's its own IPv6 /64 prefix out of the /56 prefix.

Thanks,
newpipe

This is my OpenWRT config (let me know if other output would be of more value):

Command uci show network gives:

network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd53:922c:7320::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan_dev=device
network.lan_dev.name='eth0.1'
network.lan_dev.macaddr='50:64:62:a1:ed:d4'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].vid='1'
network.@switch_vlan[0].ports='2 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='1 6t'
network.@switch_vlan[1].vid='2'
network.@switch_vlan[2]=switch_vlan
network.@switch_vlan[2].device='switch0'
network.@switch_vlan[2].vlan='3'
network.@switch_vlan[2].vid='31'
network.@switch_vlan[2].ports='1t 6t'
network.oja_wan=interface
network.oja_wan.proto='pppoe'
network.oja_wan.ifname='eth0.31'
network.oja_wan.username='xxxxxxxxxx@idsl'
network.oja_wan.password='xxxxxxxx'
network.oja_wan.ipv6='auto'
network.oja_wan.keepalive='2 5'
network.@switch_vlan[3]=switch_vlan
network.@switch_vlan[3].device='switch0'
network.@switch_vlan[3].vlan='4'
network.@switch_vlan[3].vid='10'
network.@switch_vlan[3].ports='3t 6t'
network.@switch_vlan[4]=switch_vlan
network.@switch_vlan[4].device='switch0'
network.@switch_vlan[4].vlan='5'
network.@switch_vlan[4].ports='3t 6t'
network.@switch_vlan[4].vid='15'
network.@switch_vlan[5]=switch_vlan
network.@switch_vlan[5].device='switch0'
network.@switch_vlan[5].vlan='6'
network.@switch_vlan[5].ports='3t 6t'
network.@switch_vlan[5].vid='16'
network.VLAN_Trusted=interface
network.VLAN_Trusted.proto='static'
network.VLAN_Trusted.ipaddr='192.168.2.1'
network.VLAN_Trusted.netmask='255.255.255.0'
network.VLAN_Trusted.ifname='eth0.10'
network.VLAN_Trusted.ip6prefix='2a01:411:9000:4001::/64'
network.VLAN_Trusted.ip6ifaceid='random'
network.VLAN_Trusted.ip6addr='2a01:411:9000:4001::1/64'
network.VLAN_Gast=interface
network.VLAN_Gast.proto='static'
network.VLAN_Gast.ifname='eth0.15'
network.VLAN_Gast.ipaddr='192.168.5.1'
network.VLAN_Gast.netmask='255.255.255.0'
network.VLAN_Gast.ip6prefix='2a01:411:9000:4002::/64'
network.VLAN_Gast.ip6addr='2a01:411:9000:4002::1/64'
network.VLAN_IoT=interface
network.VLAN_IoT.proto='static'
network.VLAN_IoT.ifname='eth0.16'
network.VLAN_IoT.ipaddr='192.168.6.1'
network.VLAN_IoT.netmask='255.255.255.0'
network.VLAN_IoT.delegate='0'
network.VLAN_IoT.ip6prefix='2a01:411:9000:4003::/64'
network.VLAN_IoT.ip6addr='2a01:411:9000:4003::1/64'
network.@route6[0]=route6
network.@route6[0].target='::/0'
network.@route6[0].metric='1'
network.@route6[0].interface='oja_wan'
network.@route[0]=route
network.@route[0].interface='VLAN_Trusted'
network.@route[0].target='192.168.88.0'
network.@route[0].netmask='255.255.255.0'
network.@route[0].metric='0'

Command ip -6 addr gives:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
    inet6 fe80::5264:2bff:fe57:ecd3/64 scope link 
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::5264:2bff:fe57:ecd4/64 scope link 
       valid_lft forever preferred_lft forever
7: eth0.15@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2a01:411:9000:4002::1/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::5264:2bff:fe57:ecd3/64 scope link 
       valid_lft forever preferred_lft forever
8: eth0.16@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2a01:411:9000:4003::1/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::5264:2bff:fe57:ecd3/64 scope link 
       valid_lft forever preferred_lft forever
39: eth0.31@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::5264:2bff:fe57:ecd3/64 scope link 
       valid_lft forever preferred_lft forever
40: pppoe-oja_wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 state UNKNOWN qlen 3
    inet6 fe80::9ca5:bcba:c46f:302f/10 scope link 
       valid_lft forever preferred_lft forever
46: eth0.10@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2a01:411:9000:4001::1/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::5264:2bff:fe57:ecd3/64 scope link 
       valid_lft forever preferred_lft forever

Command ip -6 ro gives:

default from 2a01:411:2066:2077::/64 via fe80::222:bdff:fe52:9c1b dev pppoe-oja_wan  metric 512 
unreachable 2a01:411:2066:2077::/64 dev lo  metric 2147483647  error -148
2a01:411:9000:4001::/64 dev eth0.10  metric 256 
unreachable 2a01:411:9000:4001::/64 dev lo  metric 2147483647  error -148
2a01:411:9000:4002::/64 dev eth0.15  metric 256 
unreachable 2a01:411:9000:4002::/64 dev lo  metric 2147483647  error -148
2a01:411:9000:4003::/64 dev eth0.16  metric 256 
unreachable 2a01:411:9000:4003::/64 dev lo  metric 2147483647  error -148
unreachable fd53:922c:7320::/48 dev lo  metric 2147483647  error -148
fe80::/64 dev eth0  metric 256 
fe80::/64 dev eth0.15  metric 256 
fe80::/64 dev eth0.16  metric 256 
fe80::/64 dev br-lan  metric 256 
fe80::/64 dev eth0.31  metric 256 
fe80::/64 dev eth0.10  metric 256 
fe80::/10 dev pppoe-oja_wan  metric 1 
fe80::/10 dev pppoe-oja_wan  metric 256 
default dev pppoe-oja_wan  metric 1 
anycast 2a01:411:9000:4001:: dev eth0.10  metric 0 
anycast 2a01:411:9000:4002:: dev eth0.15  metric 0 
anycast 2a01:411:9000:4003:: dev eth0.16  metric 0 
anycast fe80:: dev eth0.16  metric 0 
anycast fe80:: dev eth0.15  metric 0 
anycast fe80:: dev eth0  metric 0 
anycast fe80:: dev br-lan  metric 0 
anycast fe80:: dev eth0.31  metric 0 
anycast fe80:: dev pppoe-oja_wan  metric 0 
anycast fe80:: dev eth0.10  metric 0 
ff00::/8 dev eth0  metric 256 
ff00::/8 dev eth0.15  metric 256 
ff00::/8 dev eth0.16  metric 256 
ff00::/8 dev br-lan  metric 256 
ff00::/8 dev eth0.31  metric 256 
ff00::/8 dev pppoe-oja_wan  metric 256 
ff00::/8 dev eth0.10  metric 256

Command ip -6 ru gives:

0:	from all lookup local 
32766:	from all lookup main 
4200000001:	from all iif lo lookup unspec 12
4200000005:	from all iif br-lan lookup unspec 12
4200000007:	from all iif eth0.15 lookup unspec 12
4200000008:	from all iif eth0.16 lookup unspec 12
4200000040:	from all iif pppoe-oja_wan lookup unspec 12
4200000040:	from all iif pppoe-oja_wan lookup unspec 12
4200000046:	from all iif eth0.10 lookup unspec 12

Command ifstatus oja_wan gives:

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 512098,
	"l3_device": "pppoe-oja_wan",
	"proto": "pppoe",
	"device": "eth0.31",
	"updated": [
		"addresses",
		"routes"
	],
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		{
			"address": "77.31.20.221",
			"mask": 32,
			"ptpaddress": "81.94.57.7"
		}
	],
	"ipv6-address": [
		{
			"address": "fe80::9ca5:bcba:c46f:302f",
			"mask": 128
		}
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "::",
			"mask": 0,
			"nexthop": "::",
			"metric": 1,
			"source": "::/0"
		},
		{
			"target": "0.0.0.0",
			"mask": 0,
			"nexthop": "81.94.57.7",
			"source": "0.0.0.0/0"
		}
	],
	"dns-server": [
		"92.63.212.161",
		"93.185.134.36"
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [		
		]
	},
	"data": {
	}
}

Command ifstatus oja_wan_6 gives:

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": true,
	"uptime": 512185,
	"l3_device": "pppoe-oja_wan",
	"proto": "dhcpv6",
	"device": "pppoe-oja_wan",
	"updated": [
		"prefixes"
	],
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		
	],
	"ipv6-prefix": [
		{
			"address": "2a01:411:2066:2077::",
			"mask": 64,
			"preferred": 512,
			"valid": 1712,
			"class": "oja_wan_6",
			"assigned": {
				
			}
		}
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::222:bdff:fe52:9c1b",
			"metric": 512,
			"valid": 1690,
			"source": "2a01:411:2066:2077::/64"
		}
	],
	"dns-server": [
		"2a00:e98:4::4",
		"2a00:e98:5::5"
	],
	"dns-search": [
		"as39912.net"
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		"passthru": "001700202a000e980004000000000000000000042a000e980005000000000000000000050018000d0761733339393132036e657400",
		"zone": "wan"
	}
}
2

no use ula prefix when you have you own prefixe

3

Thanks. I removed it now.

But what looks not OK in IMO is what I get from the command ip -6 ro.
I'm getting some unreachable errors. Do you know, what that means?

root@verteiler:~# ip -6 ro
default from 2a01:411:2066:2077::/64 via fe80::222:bdff:fe52:9c1b dev pppoe-oja_wan metric 512
unreachable 2a01:411:2066:2077::/64 dev lo metric 2147483647 error -148
2a01:411:9000:4001::/64 dev eth0.10 metric 256
unreachable 2a01:411:9000:4001::/64 dev lo metric 2147483647 error -148
2a01:411:9000:4002::/64 dev eth0.15 metric 256
unreachable 2a01:411:9000:4002::/64 dev lo metric 2147483647 error -148
2a01:411:9000:4003::/64 dev eth0.16 metric 256
unreachable 2a01:411:9000:4003::/64 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.15 metric 256
fe80::/64 dev eth0.16 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev eth0.31 metric 256
fe80::/64 dev eth0.10 metric 256
fe80::/10 dev pppoe-oja_wan metric 1
fe80::/10 dev pppoe-oja_wan metric 256
default dev pppoe-oja_wan metric 1
anycast 2a01:411:9000:4001:: dev eth0.10 metric 0
anycast 2a01:411:9000:4002:: dev eth0.15 metric 0
anycast 2a01:411:9000:4003:: dev eth0.16 metric 0
anycast fe80:: dev eth0.16 metric 0
anycast fe80:: dev eth0.15 metric 0
anycast fe80:: dev eth0 metric 0
anycast fe80:: dev br-lan metric 0
anycast fe80:: dev eth0.31 metric 0
anycast fe80:: dev pppoe-oja_wan metric 0
anycast fe80:: dev eth0.10 metric 0
ff00::/8 dev eth0 metric 256
ff00::/8 dev eth0.15 metric 256
ff00::/8 dev eth0.16 metric 256
ff00::/8 dev br-lan metric 256
ff00::/8 dev eth0.31 metric 256
ff00::/8 dev pppoe-oja_wan metric 256
ff00::/8 dev eth0.10 metric 256

4

u adresse ipv6 2a01:411:2066:2077::/64 is not correct

5

The WAN interface is set to protocol "PPPoE". It uses built-in IPv6 management
and automatically obtains the IPv6 address.
"Use default gateway" is checked as well.

Once connected, it receives the static IPv4 and the following IPv6: fe80::9ca5:bcba:c46f:302f/128

Furthermore, OpenWRT automatically creates a new WAN interface called " OJA_WAN_6".
This one get's the /64 prefix assigned (2a01:411:2066:2077::/64).

OJA_WAN interface is the interface that I configured to establish the connection. OJA_WAN_6 is the automatically created one.

Command ifstatus oja_wan gives:

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 512098,
	"l3_device": "pppoe-oja_wan",
	"proto": "pppoe",
	"device": "eth0.31",
	"updated": [
		"addresses",
		"routes"
	],
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		{
			"address": "77.31.20.221",
			"mask": 32,
			"ptpaddress": "81.94.57.7"
		}
	],
	"ipv6-address": [
		{
			"address": "fe80::9ca5:bcba:c46f:302f",
			"mask": 128
		}
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "::",
			"mask": 0,
			"nexthop": "::",
			"metric": 1,
			"source": "::/0"
		},
		{
			"target": "0.0.0.0",
			"mask": 0,
			"nexthop": "81.94.57.7",
			"source": "0.0.0.0/0"
		}
	],
	"dns-server": [
		"92.63.212.161",
		"93.185.134.36"
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [		
		]
	},
	"data": {
	}
}

Command ifstatus oja_wan_6 gives:

 {
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": true,
	"uptime": 512185,
	"l3_device": "pppoe-oja_wan",
	"proto": "dhcpv6",
	"device": "pppoe-oja_wan",
	"updated": [
		"prefixes"
	],
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		
	],
	"ipv6-prefix": [
		{
			"address": "2a01:411:2066:2077::",
			"mask": 64,
			"preferred": 512,
			"valid": 1712,
			"class": "oja_wan_6",
			"assigned": {
				
			}
		}
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::222:bdff:fe52:9c1b",
			"metric": 512,
			"valid": 1690,
			"source": "2a01:411:2066:2077::/64"
		}
	],
	"dns-server": [
		"2a00:e98:4::4",
		"2a00:e98:5::5"
	],
	"dns-search": [
		"as39912.net"
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		"passthru": "001700202a000e980004000000000000000000042a000e980005000000000000000000050018000d0761733339393132036e657400",
		"zone": "wan"
	}
}
6

u cant work only with a prefixe 2a01:411:2066:2077::/64 cant reache and are unreachable its ony a prefix , das good : 2a01:411:2066:2077::187 ( random )

7

OK, understand. But how can I change that. That is set by OpenWRT automatically. I do not assign this address manually.

8

you have luci ? if yes make screen of u wan interface and lan
then if not install it ( opkg install luci-nginx )
then make screen

9

Yes
I'm using standard 19.07.3 release with Luci.

10

Here is the screenshot. You see a mismatch on the v6 addresses, because I changed them in my previous posts. Here on this picture I only masked the MAC and the public v4.

Screenshot from 2020-07-25 13-02-46
Screenshot from 2020-07-25 13-02-461870×1055 166 KB

11

oja wan are corupted see her ipv6 its ( temp ipv6 try to edit this interface to add ya PD

12

Pls note, that I'm getting 2 prefix from my ISP.

WAN: 2a01:100:1022:1033::/64
Routed LAN: 2a01:100:2000:4000::/56

13

what is you isp ?

14

This one
https://www.oja.at/

15

I'm not too familiar with the specifics of IPv6 configuration either, but here's my screenshot.

Screenshot from 2020-07-25 19-24-13
Screenshot from 2020-07-25 19-24-131446×1576 232 KB

I'd suggest you try out the DHCPv6 Relay option in interface configuration, under Edit > DHCP Server > IPv6 Settings.
You can also check out journalctl on your Linux client for any clues.

Also keep in mind that difference exist regarding obtaining IPv6 addresses between clients. Android only supports SLAAC via Router Advertisement and my Debian 10.4 Gnome flavor desktop defaults to DHCPv6 and a "stable privacy" address.

16

IMO, ULA prefix is not related to your IPv6 connection problem. It's reserved for private network. Should your PPPoE connection come down, all your connected devices would be still reachable via IPv6 thanks to ULA.

Screenshot from 2020-07-25 19-36-15
Screenshot from 2020-07-25 19-36-151919×1281 124 KB

A screenshot of the IPv6 options.

2 Likes
17

Hmm...
Actually I don't want to use the prefix that I'm getting via DHCP in my LAN.
I would like to use the /56 one, that I'm getting routed in addition.
What I will try, is to set the "Obtain IPv6 address" from "Automatic" to "Manual" from the PPoE connection, so that the WAN_6 interface isn't created automatically.
Then I create another interface that is set to DHCP, pointing to the physical pppoe wan interface, where I leave IPv4 details open, but add the /56 v6 prefix in addition. Would that work? Would that result OpenWRT to set the routes correctly?

18

You are not getting any prefix via DHCP that can be delegated to other interfaces, as show here

ifstatus oja_wan_6
"ipv6-prefix": [
		{
			"address": "2a01:411:2066:2077::",
			"mask": 64,
			"preferred": 512,
			"valid": 1712,
			"class": "oja_wan_6",
			"assigned": {
				
			}
		}
	],

/64 can not be further delegated. I get a /60 in ifstatus wan_6.

I'm suggesting that it might work by bypassing the OpenWrt DHCPv6 server entirely on individual interfaces, set it to relay or other option.

Again, I'm not an expert on this subject. Just guessing what might work out.

And then the routed /56 is no where to be seen. Not DHCPv6-Prefix Delegation?

19

Here is a short update. I was able to get rid of the following errors:

root@verteiler:~# ip -6 ro
default from 2a01:411:2066:2077::/64 via fe80::222:bdff:fe52:9c1b dev pppoe-oja_wan metric 512
unreachable 2a01:411:2066:2077::/64 dev lo metric 2147483647 error -148
2a01:411:9000:4001::/64 dev eth0.10 metric 256
unreachable 2a01:411:9000:4001::/64 dev lo metric 2147483647 error -148
2a01:411:9000:4002::/64 dev eth0.15 metric 256
unreachable 2a01:411:9000:4002::/64 dev lo metric 2147483647 error -148
2a01:411:9000:4003::/64 dev eth0.16 metric 256
unreachable 2a01:411:9000:4003::/64 dev lo metric 2147483647 error -148

What I did was to change the prefix for distribution to the clients from /64 to /56.
So from
2a01:411:9000:4003::/64
to
2a01:411:9000:4003::/56

Where I still kept the assigned address for the specific LAN interface at 2a01:411:9000:4003::1/64

But to be honest, I don't know why the /64 was wrong before.
I'm getting a /56 prefix routed from my ISP. But each LAN interface should manage a /64 prefix, out of the /56 prefix.

Anyone able to explain, why this change seem to be right now?

Thanks

20

Back to your first post, I can see that they delegate you a /64.
You can configure the routed /56 to be delegated with ip6prefix in wan6 interface. That means you'll need to change ipv6 from auto to manual in oja_wan and create the wan6 interface.

Use of ip6prefix in your configuration is wrong, as it is used for delegated prefixes, but you are assigning the same prefix as the interface has.
You'll then be able to use ip6assign instead of using ip6addr.