Hello,
My ISP having deployed ipv6 I decided to deploy it internally at home.
Here is my setup :
|
2a02:xxxx:yyyy:zz00::/56 ipv6 prefix and CGNAT ipv4
ISP router (redbox nb6vac)
lan interface : 2a02:xxxx:yyyy:zz01::1/64 & 192.168.1.1
|
---------------------------------------------------------------
| |
wan interface (vlan2) : 2a02:xxxx:yyyy:zz01::2/64 & 192.168.1.2 guest/friend end clients
DDWRT (v3.0-45073) router (archer C9v1) dont have acces to my private network
lan interface (br0) 2a02:xxxx:yyyy:zz02::a/64 & 192.168.2.1 that is firewalled by DDWRT
| this is the dmz network
--------------------------------------------------------------
| |
wwan_ipv4 interface (wlan5ghzclient) 192.168.2.100 end clients (ethernet or wireless)
wwan_ipv6 interface (wlan5ghzclient) 2a02:xxxx:yyyy:zz02::a/64 Desktops, Laptops, Phones, printer 1,
OPENWRT (19.07.5) wifi repeater (re450v1) TV1, Thermostats Working fine, game consoles
lan interface (br-lan)
|
|
end clients (wireless)
Laptops, Phones, printer2, TV2, game consoles
ISP only provides 2 /64 prefixes from a /56 prefix... what a waste...
- 2a02:xxxx:yyyy:zz01::/64 is the prefx of the default lan side network of the ISP router
- 2a02:xxxx:yyyy:zz02::/64 is the DMZed network of the ISP router (I can provide my DDWRT wan ip as the gateway to it in the ISP router interface)
On DDWRT RA with SLAAC and DHCPV6 is done by dnsmasq with the following configuration (on top of ipv4 configuration) :
server=2620:fe::fe
server=2620:fe::fe:9
server=2606:4700:4700::1111
dhcp-option=option6:dns-server,[fd00::]
dhcp-option=option6:domain-search,xxxxxx.fr,myds.me,dyndns.org,no-ip.com
dhcp-option=option6:nis-domain,xxxxxx.fr
dhcp-option=option6:information-refresh-time,6h
dhcp-range=::2,::104,constructor:br0,slaac,ra-names,ra-advrouter,64,24h
dhcp-hostsfile=/tmp/dhcp-hosts.dnsmasq.conf
enable-ra
I also have radvd advertising specific routes (didn't figure out how to do it in dnsmasq ) for wireguard and openvpn globaly routable subnets with :
interface br0 {
AdvSendAdvert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;
AdvReachableTime 1800;
route 2a02:xxxx:yyyy:zz02::1:0/112 { };
route 2a02:xxxx:yyyy:zz02::2:0/112 { };
};
Among others, the OPENWRT wifi repeater receives these route notifications and adds them correctly to its routing table.
I configured the OPENWRT wifi repeater per https://openwrt.org/docs/guide-user/network/wifi/relay_configuration
- ipv4 : relayd
- ipv6 : odcpdrelay for ra, dhcpv6 and ndp with wan6 as master and lan as slave (see below)
- dnsmasq as local dns which forwards to my DDWRT server (see below)
>cat /etc/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0'
option htmode 'VHT80'
option legacy_rates '0'
option country 'FR'
option txpower '23'
option channel '36' #as per DDWRT configuration
option rts '2347' #as per DDWRT configuration
option frag '2346' #as per DDWRT configuration
option beacon_int '100' # as per DDWRT configuration
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'platform/qca955x_wmac'
option txpower '20'
option country 'FR'
option channel '1'
option rts '2347'
option frag '2346'
option beacon_int '100'
option htmode 'HT40'
config wifi-iface 'wifinet0'
option ssid 'myssid_5GHz'
option device 'radio0'
option mode 'sta'
option key 'xxmykeyxx'
option encryption 'psk2+ccmp'
option ifname 'wlan5ghzclient'
option bssid 'XX:XX:XX:XX:XX:XX'
option short_preamble '0'
option dtim_period '1'
option network 'WWAN_IPV6 WWAN_IPV4'
config wifi-iface 'wifinet1'
option key 'xxmykeyxx'
option ssid 'myssid_5GHz'
option encryption 'psk2+ccmp'
option device 'radio0'
option mode 'ap'
option macfilter 'deny'
list maclist 'YY:YY:YY:YY:YY:YY' #non mobile client that should only connect to DDWRT router
list maclist 'YY:YY:YY:YY:YY:YY' #non mobile client that should only connect to DDWRT router
option ifname 'wlan5ghzap'
option network 'lan'
option dtim_period '1'
option short_preamble '0'
config wifi-iface 'wifinet2'
option ifname 'wlan24ghzap'
option ssid 'myssid'
option encryption 'psk2+ccmp'
option device 'radio1'
option mode 'ap'
option macfilter 'deny'
option key 'xxxmykeyxxx'
option network 'lan'
list maclist 'YY:YY:YY:YY:YY:YY' #non mobile client that should only connect to DDWRT router
list maclist 'YY:YY:YY:YY:YY:YY' #non mobile client that should only connect to DDWRT router
list maclist 'YY:YY:YY:YY:YY:YY' #non mobile client that should only connect to DDWRT router
option dtim_period '1'
option short_preamble '0'
>cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fddd::/64'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.3.1'
option gateway '192.168.2.1'
option type 'bridge'
option ifname 'eth0'
list dns '192.168.2.1'
list dns 'fddd::a
option ip6ifaceid '::110'
config interface 'WWAN_IPV4'
option proto 'dhcp'
option force_link '1'
option hostname 're450v1'
config interface 'REPEATER_5GHZ'
option proto 'relay'
option ipaddr '192.168.2.100'
option force_link '1'
list network 'WWAN_IPV4'
list network 'lan'
config interface 'WWAN_IPV6'
option ifname 'wlan5ghzclient'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option force_link '1'
>cat /etc/config/dhcp
config dnsmasq
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option expandhosts '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
option strictorder '1'
option domain 'xxxxxx.fr'
option domainneeded '1'
option local '/none.none/'
list server '192.168.2.1'
list server 'fddd::a' #ULA of the DDWRT router which is the main dns server of my domain
config dhcp 'lan'
option ignore '1'
option interface 'lan'
option ra 'relay'
list dns 'fddd::100' #rewrite dns to point to dnsmasq on this server (commenting this doesn't change the wifi dropping issue)
option dhcpv6 'relay'
option ndp 'relay'
config dhcp 'wan'
option ignore '1'
config dhcp 'wan6'
option ignore '1'
option interface 'WWAN_IPV6'
option ra 'relay'
option ndp 'relay'
option master '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
Everything Works fine for clients connected directly to the DDWRT router.
However for clients connected to the OPENWRT wifi repeater :
- all but 2 clients have absolutely no issues
- 2 devices drop wifi connection (wlan0 goes down after a few seconds to a few minutes before being brought back up, the phone reconnecting and cycling again)
Those are my LineageOS 17.1 Android phones (nexus 6 and OnePlus 6T). The miss' Oneplus 6 running OOS 10.3.7 does not have the issue...
So I played around with ra dhcpv6 and ndp between disabling, relay and server modes... the tables below shows the results and the workaround solution I found.
Conclusion is : odhcp ra relaying is what triggers the wifi dropping issue on the 2 android phones running LOS 17.1
My interrogations are :
- Could odhcpd be introducing a modification (other than DNS rewritting) to the relayed Advertizements or their frequency or... ?
- Modification that only LineageOS 17.1 (maybe other versions too) is "sensitive to" ?
- Does anyone have a clue or ideas of tests to due (I have logcats of the phone dropping wifi) and I can test parameter variations on the OPENWRT wifi repeater ?
Regards,
Dwardor