Need help with IPv6 missing routes

Hi all, I hope someone would offer a suggestion how to troubleshoot this weird problem I'm having with IPv6 routes.

I currently run OpenWrt 19.07.0 r10860-a3ffeb413b / LuCI openwrt-19.07 branch git-20.019.69542-dc79166 on R7800 and everything is working fine except my security IP cameras.

I have 4 IP cameras in the house which I've been accessing from outside via dyndns and port forwarding on IPv4 but the video performance is very choppy. So, I tried assigning static IPv6 leases to these 4 cameras, then created traffic rules to expose one of their ports and was able to access them from Internet just fine with very fluid video stream.
I use Luci to create static leases (IPv4 and IPv6) by providing DUID and IPv6 prefixes - those cameras get their IPv6 leases just fine, I can see the leases on Network-DHCP and DNS-Static Lease page. The issue is that after some time, I lose access to the cameras. Not the same ones, random order. What I was able to gather is that the router loses IPv6 routes, and when that happens, I cant access the cameras which routes are no longer listed on Status-Routes-IPv6 Neighbors page, and I cant even ping them by their IPv6 address locally. Rebooting cameras makes no difference, but restating router makes everything work again, for a little while, then some routes disappear preventing access to those cameras.

I can see all of the IPv6 leases recorded in odhcp file, but once the routes are gone, cameras which routes are no longer listed are not accessible.

Can anyone suggest how to troubleshoot this issue?

Some more info, when I run ip -6 neigh show, the cameras that I cant access listed as this:

dead:feef:cafe:a53::31 dev br-lan  used 0/0/0 probes 6 FAILED
dead:feef:cafe:a53::32 dev br-lan  used 0/0/0 probes 6 FAILED

What is the output of:
uci export network; uci export dhcp; uci export firewall

  • any other configuration you touched to make it work.

I haven't replied because, strangely, everything has been working for 2 days now. Maybe I just needed to give the router some time, you know, to know thy neighbors.

Thank you @trendy for your attention.

1 Like

you really want some kind of authentication or security on these. and not just obscurity. imagine a router between you and home is compromised and therefore knows the addresses and ports in use... what keeps that person from watching your camera?

1 Like

Yes, of course, that's why I'm only exposing 1 port and login is password protected with illegal login lock out after 7 attempts.

1 Like

hopefully password is not sent in the clear but rather some resistant crypto system. with that you should be ok.

2 Likes