No IPv6 delegation on lan interface

Hello,

I have the problem that IPv6 delegation on the LAN interface is not working, meaning my LAN interface does not receive an IPv6 address, and accordingly, the clients in the LAN also do not get one.
Under "Status->Overview," no IPv6-delegation is shown either.
My ISP provides me with a /56 prefix, and it does come through, but then I receive the following error message every two seconds:

daemon.warn odhcp6c[23112]: Server returned IA_PD status 'No Address Available (No addresses have been assigned)'

However, the WAN and WAN6 interfaces receive a /128 and /64 IPv6 address, respectively, and a prefix.

If i run odhcp6c manually, the following output is generated:

root@OpenWrt:~# odhcp6c -s /lib/netifd/dhcpv6.script -N try -e -P 0 -v pppoe-wan
odhcp6c[11609]: (re)starting transaction on pppoe-wan
Command failed: Not found
odhcp6c[11609]: Starting SOLICIT transaction (timeout 4294967295s, max rc 0)
odhcp6c[11609]: Got a valid ADVERTISE after 5ms
odhcp6c[11609]: IA_NA 0001 T1 1800 T2 2880
odhcp6c[11609]: 2a0f:ff00:abcd:0123::1 preferred 3600 valid 86400
odhcp6c[11609]: IA_PD 0001 T1 21600 T2 32400
odhcp6c[11609]: 2a0f:ff00:15b:1c00::/56 preferred 43200 valid 86400
odhcp6c[11609]: Starting REQUEST transaction (timeout 4294967295s, max rc 10)
odhcp6c[11609]: Send REQUEST message (elapsed 0ms, rc 0)
odhcp6c[11609]: Got a valid REPLY after 6ms
odhcp6c[11609]: Server returned IA_PD status 'No Address Available (No addresses have been assigned)'
odhcp6c[11609]: IA_PD 0001 T1 21600 T2 32400
odhcp6c[11609]: 2a0f:ff00:29a:7d00::/56 preferred 43200 valid 86400
odhcp6c[11609]: (re)starting transaction on pppoe-wan
odhcp6c[11609]: Starting SOLICIT transaction (timeout 4294967295s, max rc 0)
odhcp6c[11609]: Got a valid ADVERTISE after 6ms
odhcp6c[11609]: IA_NA 0001 T1 1800 T2 2880
odhcp6c[11609]: 2a0f:ff00:abcd:4567::1 preferred 3600 valid 86400
odhcp6c[11609]: IA_PD 0001 T1 21600 T2 32400
odhcp6c[11609]: 2a0f:ff00:15b:1c00::/56 preferred 43200 valid 86400
odhcp6c[11609]: Starting REQUEST transaction (timeout 4294967295s, max rc 10)
odhcp6c[11609]: Send REQUEST message (elapsed 0ms, rc 0)
odhcp6c[11609]: Got a valid REPLY after 6ms
odhcp6c[11609]: Server returned IA_PD status 'No Address Available (No addresses have been assigned)'
...

Here are my configurations:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	list dns '192.168.0.1'
	list ipaddr '192.168.0.1/24'
	option ip6assign '64'
	option ip6hint '10'
	option delegate '0'

config interface 'wan'
	option proto 'pppoe'
	option device 'eth1'
	option username '<username>'
	option password '<secret>'
	option ipv6 '1'
	option mtu '1500'
	option peerdns '0'
	list dns '1.1.1.1'
	list dns '1.0.0.1'
	option delegate '0'

config interface 'wg0'
	option proto 'wireguard'
	option private_key '<secret>'
	option listen_port '52225'
	list addresses '192.168.100.1/24'
	option mtu '1440'
	option delegate '0'

config wireguard_wg0
	option description 'user'
	option public_key '<pubkey>'
	list allowed_ips '192.168.100.2'

config device
	option name 'eth1'
	option mtu '1508'
	option mtu6 '1508'

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'
	option reqaddress 'try'
	option reqprefix '56'
	option norelease '1'
root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '0'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'
	option noresolv '0'
	option port '54'
	list server '192.168.0.1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	list dhcp_option '6,192.168.0.1'
	list dhcp_option '3,192.168.0.1'
	option ra_management '1'
	option ra_useleasetime '1'
	option ra 'server'
	option dhcpv6 'server'
	option ndp 'relay'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
root@OpenWrt:~# cat /etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'wg0'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'WireGuard VPN'
	list proto 'udp'
	option src 'wan'
	option src_dport '52225'
	option dest_ip '192.168.0.1'
	option dest_port '52225'

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'
	option family 'any'
	option reload '1'

I believe that I have read and implemented the Wiki article carefully and the troubleshooting too, but I still do not see my mistake.

I am using OpenWRT version 23.05.2 r23630-842932a63d / LuCI openwrt-23.05 branch git-23.357.58018-024e7ab on a Raspberry Pi Compute Module 4 (dfrobot).

Does anyone here have any idea what else I could try?

Looks like you're missing the ULA prefix in globals. Try running the installation script that sets it up: sh /rom/etc/uci-defaults/12_network-generate-ula

NOTE: Stable release has a bug with leading zeroes in the ULA, see: Resolving router's hostname to IPv6's ULA

If you get a ULA generated with leading zeroes, make sure to remove them.

It seems like I don't have this script?

root@OpenWrt:~# sh /rom/etc/uci-defaults/12_network-generate-ula
sh: can't open '/rom/etc/uci-defaults/12_network-generate-ula': No such file or directory

On the other hand, I have read everywhere that I do not need a ULA prefix at all, but that the GUA issued by the provider is sufficient? Am I wrong with this?

Is this a squashfs image? If it's not, you won't have a /rom.

You can download the updated script from here: https://github.com/openwrt/openwrt/blob/main/package/base-files/files/etc/uci-defaults/12_network-generate-ula
This one has the leading zeroes bug fixed.

You don't strictly need an ULA, but some programs running on OpenWrt expects them. For example, I'd to remove my ula entry from my IPv6-less dumb AP because a service (I believe it was netifd) kept complaining about it.

Thanks for the link! I have set the ULA with the script and my LAN interface now has an ULA address, but unfortunately this does not change the fact that the GUA address from the ISP is missing ...

The ip6class option lets you specify which set of IPv6 addresses you want an interface to accept.

I seem to remember I needed to use this on the WAN and LAN interfaces when I set this up - so that the IPv6 addresses delegated to the WAN interface can be used on the LAN interface.

See this documentation for more details https://openwrt.org/docs/guide-user/network/ipv6/configuration#protocol_static_ipv6

Edit: clarify first line.

Seems like the ISP is advertising 2a0f:ff00:15b:1c00::/56 but then is returning https://github.com/openwrt/odhcp6c/blob/master/src/dhcpv6.c#L175-L176 on REQUEST.

Can you set up a DHCPv6 sniffer so we have an idea of what's happening (odhcp6c bug or bad configured ISP)?

Why do you've prefix delegation disabled in all interfaces option delegate '0'?

EDIT: Also, try setting prefix request to auto, instead of 56 option reqprefix '56'

1 Like

I seem to remember I needed to use this on the WAN and LAN interfaces when I set this up - so that the IPv6 addresses delegated to the WAN interface can be used on the LAN interface.

Do you remember what value you have set here?

Can you set up a DHCPv6 sniffer so we have an idea of what's happening (odhcp6c bug or bad configured ISP)?

I'll try to read up on it. However, I've already had the connection checked by my ISP and everything seems to be ok so far...

Why do you've prefix delegation disabled in all interfaces option delegate '0'?

Because this is a hint in the troubleshooting guide:

“Delegate IPv6 prefixes”: enable on wan6, disable everywhere else

EDIT: Also, try setting prefix request to auto, instead of 56 option reqprefix '56'

I have already tried this, but unfortunately it does not change the result...

Did you actually try a clean config (as they are generated directly after installation) instead of following that guide?

The guide seems pretty bad in some regards, and goes against the default values of some of the options, like RDP-Proxy relay instead of disabled.

Did you actually try a clean config (as they are generated directly after installation) instead of following that guide?

No, I haven't tried that yet. Since I use the router mentioned above, I would have to flash the RPI every time I reinstall it, which is always quite a lot of work while everything is offline here. I was hoping to manage the configuration without this step...

The guide seems pretty bad in some regards, and goes against the default values of some of the options, like RDP-Proxy relay instead of disabled.

Oh, really? Is there a better guide?

I seem to remember I needed to use this on the WAN and LAN interfaces when I set this up - so that the IPv6 addresses delegated to the WAN interface can be used on the LAN interface.

Do you remember what value you have set here?

I think it doesn't matter what the value is, as long as the string matches in both places.

In your setup I would try putting
list ip6class 'wan6'
under both config interface 'lan' and config interface 'wan6' sections.

I tried that, but unfortunately it didn't help

Try removing these:

/etc/config/network

config interface 'lan'
	option ip6hint '10'
	option delegate '0'

config interface 'wan'
	option delegate '0'

config interface 'wan6'
    option norelease '1'

/etc/config/dhcp

config dhcp 'lan'
	option ra_management '1'
	option ndp 'relay'

And add these (one of them replaces ra_management, which is deprecated):

config dhcp 'lan'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

Also, just because your ISP says it's working, doesn't mean you are not hitting a odhcp6c bug triggered by badly configured DHCPv6 servers, see: Odhcp6c issue with my ISP's configuration
I literally had to manually patch and recompile odhcp6c.

This may or may not be relevant to your situation, but some ISPs have recently started having issues with maintaining IPv6 connectivity to older DOCSIS 3 devices. I mention this because I recently went through an issue that looked very similar. The ISP insisted they were issuing a range and everything appeared correct from their end, but either the provisioning or the firmware in the modem itself was blocking the incoming responses. The end result is that the router would never get any IPv6 address or prefix via DHCPv6. If everything was working previously but it has recently stopped and your connection is made via a DOCSIS 3.0 modem that is more than a few years old, replacing said modem might solve the issue as it did for me.

@Cthulhu88 I have adjusted my configurations accordingly, but unfortunately my LAN interface still does not have an IPv6 address.

Also, just because your ISP says it's working, doesn't mean you are not hitting a odhcp6c bug triggered by badly configured DHCPv6 servers, see: Odhcp6c issue with my ISP's configuration 3
I literally had to manually patch and recompile odhcp6c.

Uff, I think I'd rather continue to live without IPv6 :smiley:


@grauerfuchs Thanks for your hint, but I have a fiber connection, so that's out.
And my problem is not that I am not getting an IPv6 address, but that it is not being delegated to my LAN interface.

Lets see if you have a PD from your provider, please show output of:
ifstatus wan6

A few things to point out in no specific order.

  1. I've noticed you don't have an odhcp entry in your dhcp config. Are you actually running a DHCPv6/RA server? If you're, your LAN clients should at least get an ULA address through DHCPv6/SLAAC.
  2. Did you try plugging your PC directly into your modem to see if your ISP's prefix delegation is working correctly? If your ISP isn't actually delegating a prefix, you need to change your DHCPv6 server to relay mode (both DHCPv6 service and RA service) and designate your main router's LAN interface as master.
  3. Can you post the contents of the "delegation" and "ipv6-prefix" from ifstatus?

If all fails, plugging your PC directly to the modem and running something like Wireshark is a good way to debug the exchange, that's how I figured out my issue with odhcp6c.

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 42956,
	"l3_device": "pppoe-wan",
	"proto": "dhcpv6",
	"device": "pppoe-wan",
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "2a0f:ff00:1338:76b:f403:ac41:67ab:67d8",
			"mask": 64,
			"preferred": 3062,
			"valid": 85862
		}
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::6aab:9ff:fe9a:c001",
			"metric": 512,
			"valid": 3962,
			"source": "2a0f:ff00:1338:76b:f403:ac41:67ab:67d8/64"
		}
	],
	"dns-server": [
		"2001:4860:4860::8888",
		"2001:4860:4860::8844"
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		"passthru": "002700202001486048600000000000000000888810020860491000000000000000008844"
	}
}

nope :confused:

I've noticed you don't have an odhcp entry in your dhcp config. Are you actually running a DHCPv6/RA server? If you're, your LAN clients should at least get an ULA address through DHCPv6/SLAAC.

yes i've disabled the ULA but if I enable it, my lan clients gets an IPv6 address.

Did you try plugging your PC directly into your modem to see if your ISP's prefix delegation is working correctly? If your ISP isn't actually delegating a prefix, you need to change your DHCPv6 server to relay mode (both DHCPv6 service and RA service) and designate your main router's LAN interface as master.

My ISP (Greenfiber, Germany) delegates a /56 Prefix and is supporting dhcp6 and slaac. Until now i haven't tried to connect my pc directly to the modem, but if nothing will help I will try this. Maybe this issue is related to my router hardware or a bug in my openwrt installation...

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	list ipaddr '192.168.0.1/24'
	option ip6assign '64'
	option ip6hint '10'
	option delegate '0'
	list ip6class 'wan6' #<---missing this

(also, removed the DNS setting form the LAN interface)