PPPoe issue 19.0 wdr3600

Installing and Using OpenWrt
1

Hello, i have a wdr3600 and set it as pppoe. It was working correctly, but the last days it random loose the connection, it tries many times with Network device 'pppoe-wan' link is down. The solution that i found is that If i reboot the ISP's modem/router, the openwrt starts a valid wan connection again, until the next time that will fail again. I read in the forum about the keepalive, do i have to use it? If so what value should i use?
Also i have try numerous times to set the ipv6 to work,throught the wiki, but i can not.
My current set up is
<----ISP/modem/router/voip---> openwrt(pppoe)---> openwrt(dummy access point)
This set up was working for many years, without any trouble.
Finally i can not set the ISP'S router (vendor: speedport) in bridge mode, because the voip then it will stop working, so i have set it to ppppoe passthrought mode.

Here is my network file:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
	option ifname 'eth0.1'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.2.1'
	option igmp_snooping '1'
	#option ip6assign '64'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'pppoe'
	option peerdns '0'
	option password ''
	option username ''
	option ipv6 '1'
	option force_link '1'
	#option vid '835'
	option pppd_options 'debug'
	list dns '208.67.222.222'
	list dns '208.67.220.220'
	
config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option auto '0'

config interface 'modem'
	option proto 'static'
	option auto '0'
	list ipaddr '192.168.1.254'
	option ifname 'eth0.2'
	option netmask '255.255.255.0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 2 3 4 5'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 1'

config interface 'tun0'
	option proto 'none'
	option ifname '@tun0'
	option auto '0'

dhcp:


config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option localservice '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option nonwildcard '0'
	option serversfile '/tmp/adb_list.overall'
	option rebind_protection '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '24h'
	option force '1'
	option ra 'server'
	option dhcpv6 'server'
	option ra_management '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '3'
2

Given the age of the router, are you sure it is not faulty hardware, such as a failing power adapter (bad capacitor) if router is shutting down and restarting ?

Where you see 'No response to 5 echo-requests', in the system log, and the PPPoE session reconnecting later, this may be fixed be editing the ‘LCP echo failure threshold’ (ie. keepalive) setting. It is unlikely to explain why your router is shutting down/rebooting imho.

3

If it is not coming up on boot, no wonder. Also you want to change the ifname to @wan and not eth0.2

You can use keepalive 6 10 to restart the connection after a minute of failed attempts.

Are you using by any chance any watchdog/watchcat? Usually these are rebooting the router after some time of internet inactivity.

4

Slightly offtopic, but what is the advantage of this?
If eth0.2 is the correct interface, is there a difference?

5

I think that for pppoe this will make sure that IPv6 is uped and downed when pppoe goes up or down (conceptually, pppoe interfaces as far as I understand do not go up and down but appear and disappear, but the idea is the same).

2 Likes
6

I am not sure if it will work indeed or not, but:
eth0.2 is an ethernet going to the ISP modem. The latter has PPPoE passthrough, so wan should be forwarded. However the wan6 being dhcp6 will hit the router as there isn't something similar to passthrough. So the OpenWrt should use the pppoe-wan for dhcp6, not just broadcast to eth0.2

1 Like
7

OK, so more relevant in the PPPoE case. Thanks!

8

I just change the config and added

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
	option ifname 'eth0.1'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option igmp_snooping '1'
	option ipaddr '192.168.3.1'
	option peerdns '1'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'pppoe'
	option peerdns '1'
	option password ''
	option username '@pote'
	option ipv6 'auto'
	option force_link '1'
	option pppd_options 'debug'
	list dns '208.67.222.222'
	list dns '208.67.220.220'
	option keepalive '6 10'
 
config interface 'wan6'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option auto '1'
	option ifname '@wan'
	option peerdns '1'

config interface 'modem'
	option proto 'static'
	option auto '0'
	list ipaddr '192.168.1.254'
	option ifname 'eth0.2'
	option netmask '255.255.255.0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 2 3 4 5'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 1'

config interface 'tun0'
	option proto 'none'
	option ifname '@tun0'
	option auto '0'```

I now have a different issue. When i do

$ logread | grep odhcp6c | tail -n 10

i get

Thu Apr 23 15:30:31 2020 daemon.err odhcp6c[2030]: Failed to send DHCPV6 message to ff02::1:2 (Permission denied)
Thu Apr 23 15:38:17 2020 daemon.err odhcp6c[7393]: Failed to send RS (Operation not permitted)

9

Verify that wan6 interface is in wan firewall zone. In any case post here the firewall configuration.

10

/etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan modem wan6'
	list device 'tun0'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'udp'
	option dest_port '547'
	option name 'Allow DHCPv6 (546-to-547)'
	option family 'ipv6'
	option src_port '546'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option name 'Allow DHCPv6 (547-to-546)'
	option family 'ipv6'
	option src_port '547'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'
11

That looks correct.
You can verify that it is there in the actual firewall:
ip6tables-save | grep pppoe-wan
Also make sure the wan and wan6 have some ipv6 ifstatus wan; ifstatus wan6

Other than that the disconnection could be because of degraded hardware in either your router or modem, or maybe some issue in the xDSL line. Provided that your ISP doesn't see and problems in the circuit and the modem or the router don't show any errors on the line, I would check the power supplies as a first step.
Then try to terminate the ppp on the ISP router to see if this behaviour continues.

12

$ ip6tables-save | grep pppoe-wan

-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject

$ ifstatus wan; ifstatus wan6

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 8709,
	"l3_device": "pppoe-wan",
	"proto": "pppoe",
	"device": "eth0.2",
	"updated": [
		"addresses",
		"routes"
	],
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		{
			"address": "x.x.x.x",
			"mask": 32,
			"ptpaddress": "x.x.x.x"
		}
	],
	"ipv6-address": [
		{
			"address": "fe80::c182:xxxx:46e4:c34e",
			"mask": 128
		}
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "0.0.0.0",
			"mask": 0,
			"nexthop": "80.106.125.100",
			"source": "0.0.0.0/0"
		}
	],
	"dns-server": [
		"208.67.222.222",
		"208.67.220.220",
		"212.205.212.205",
		"195.170.0.1"
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		
	}
}
{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 8701,
	"l3_device": "pppoe-wan",
	"proto": "dhcpv6",
	"device": "pppoe-wan",
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "2a02:587:80fe:ad9:cxxx:d90e:46e4:c34e",
			"mask": 64,
			"preferred": 604646,
			"valid": 2591846
		}
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "2a02:587:80xx:ad9::",
			"mask": 64,
			"nexthop": "::",
			"metric": 256,
			"valid": 2591846,
			"source": "::/0"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::e2ac:f1ff:fe20:fc0c",
			"metric": 512,
			"valid": 1646,
			"source": "2a02:587:80fe:xxx:c182:d90e:46e4:c34e/64"
		}
	],
	"dns-server": [
		
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		
	}
}
13

ip6tables is fine.
I cannot understand from the addresses in ifstatus if these are ULA of GUA.
Better change some characters in the middle to the end of the ipv6 address.
Also put the console output inside 3 The 3 must be in a line alone both at top and bottom.