Problems with native IPv6 VDSL connection

Hi,

Since moving, my LEDE router no longer works with my DSL connection (1und1, VDSL, germany). I've done quite a bit of troubleshooting, and the reason seems to be that while I had a native IPv4 connection in my previous apartment, the connection in my new place runs over a native IPv6 connection with a DS-Lite tunnel. However, despite my best efforts, I can't seem to get up and running. I have a Netgear r7800 (LEDE Reboot 17.01.4 r3560-79f57e422d / LuCI lede-17.01 branch (git-17.290.79498-d3f0685) )

At the PPPoE layer, everything seems fine. I'm able to authenticate with my ISP on VLAN 7 without issue.

The problem seems to be that my wan6 interface never gets a response to the DHCPv6 solicit request. When running a tcpdump on eth0.7, I am able to see my router sending a solicit message, but no response ever comes, leaving me without a usable WAN connection.

One thing that I did notice, is that the DHCPv6 solicit messages sent by my LEDE router are quite different than the ones sent by my ISP-provided one. I was hoping this would help me configure my router properly, but I've still been unable to find a working configuration on my own, so I'm trying here to see if anyone has any suggestions.

Here's what my LEDE router sends in it's DHCPv6 solicit message:

DHCPv6
    Message type: Solicit (1)
    Transaction ID: 0xa94f62
    Elapsed time
        Option: Elapsed time (8)
        Length: 2
        Value: 012e
        Elapsed time: 3020ms
    Option Request
        Option: Option Request (6)
        Length: 28
        Value: 0015001600170018000c001f00380040004300520053005e...
        Requested Option code: SIP Server Domain Name List (21)
        Requested Option code: SIP Servers IPv6 Address List (22)
        Requested Option code: DNS recursive name server (23)
        Requested Option code: Domain Search List (24)
        Requested Option code: Server unicast (12)
        Requested Option code: Simple Network Time Protocol Server (31)
        Requested Option code: NTP Server (56)
        Requested Option code: Dual-Stack Lite AFTR Name (64)
        Requested Option code: Prefix Exclude (67)
        Requested Option code: SOL_MAX_RT (82)
        Requested Option code: INF_MAX_RT (83)
        Requested Option code: S46 MAP-E Container (94)
        Requested Option code: S46 MAP-T Container (95)
        Requested Option code: S46 Lightweight 4over6 Container (96)
    Client Identifier
        Option: Client Identifier (1)
        Length: 10
        Value: 000300018c3bad1f1dd6
        DUID: 000300018c3bad1f1dd6
        DUID Type: link-layer address (3)
        Hardware type: Ethernet (1)
        Link-layer address: 8c:3b:ad:1f:1d:d6
    Reconfigure Accept
        Option: Reconfigure Accept (20)
        Length: 0
    Fully Qualified Domain Name
        Option: Fully Qualified Domain Name (39)
        Length: 9
        Value: 00066469616c757000
        0000 0... = Reserved: 0x00
        .... .0.. = N bit: Server should perform DNS updates
        .... ..0. = O bit: Server has not overridden client's S bit preference
        .... ...0 = S bit: Server should not perform forward DNS updates
        Client FQDN: dialup
    Identity Association for Non-temporary Address
        Option: Identity Association for Non-temporary Address (3)
        Length: 12
        Value: 000000010000000000000000
        IAID: 00000001
        T1: 0
        T2: 0
    Identity Association for Prefix Delegation
        Option: Identity Association for Prefix Delegation (25)
        Length: 12
        Value: 000000010000000000000000
        IAID: 00000001
        T1: 0
        T2: 0

And here's what my ICP-provided router sends in it's DHCPv6 solicit message:

DHCPv6
    Message type: Solicit (1)
    Transaction ID: 0xc0ecf4
    Elapsed time
        Option: Elapsed time (8)
        Length: 2
        Value: 0000
        Elapsed time: 0ms
    Client Identifier
        Option: Client Identifier (1)
        Length: 10
        Value: 000300013431c4283b99
        DUID: 000300013431c4283b99
        DUID Type: link-layer address (3)
        Hardware type: Ethernet (1)
        Link-layer address: 34:31:c4:28:3b:99
    Rapid Commit
        Option: Rapid Commit (14)
        Length: 0
    Identity Association for Prefix Delegation
        Option: Identity Association for Prefix Delegation (25)
        Length: 41
        Value: c4283b990000000000000000001a00190000000000000000...
        IAID: c4283b99
        T1: 0
        T2: 0
        IA Prefix
            Option: IA Prefix (26)
            Length: 25
            Value: 000000000000000000000000000000000000000000000000...
            Preferred lifetime: 0
            Valid lifetime: 0
            Prefix length: 0
            Prefix address: ::
    Reconfigure Accept
        Option: Reconfigure Accept (20)
        Length: 0
    Option Request
        Option: Option Request (6)
        Length: 22
        Value: 00170038001f00190043004000eb0011005200530056
        Requested Option code: DNS recursive name server (23)
        Requested Option code: NTP Server (56)
        Requested Option code: Simple Network Time Protocol Server (31)
        Requested Option code: Identity Association for Prefix Delegation (25)
        Requested Option code: Prefix Exclude (67)
        Requested Option code: Dual-Stack Lite AFTR Name (64)
        Requested Option code: Unknown (235)
        Requested Option code: Vendor-specific Information (17)
        Requested Option code: SOL_MAX_RT (82)
        Requested Option code: INF_MAX_RT (83)
        Requested Option code: PCP Server (86)
    Vendor Class
        Option: Vendor Class (16)
        Length: 4
        Value: 00000368
        Enterprise ID: AVM GmbH (872)

And here's my config (I don't have the ds-lite interface configured yet since I've been trying to get the wan6 one working first):

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd96:980b:0d1c::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.123.1'
        option ip6assign '64'

config interface 'wan'
       option proto 'pppoe'
        option username 'xxxxx'
        option password 'xxxxx'
        option ipv6 '1'
        option ifname 'eth0.7'

config interface 'wan6'
        option proto 'dhcpv6'
        option ifname 'eth0.7'
        option reqaddress 'try'
        option reqprefix 'auto'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '1 2 3 4 6'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '7'
        option ports '0t 5t'

Thanks!

So while looking through the packet captures again, I noticed something that's quite interesting. On my ISP router, the DHCPv6 solicit request is actually sent to a specific MAC address. However on my openwrt router, the DHCPv6 solicit message is sent to a mulicast address (33:33:00:01:00:02). I'm wondering if this is causing my ISP to simply ignore my solicit messages. Is there a way to configure my router to use a specific MAC address instead of a multicast one (and is such behavior even standards-compliant)? Looking through odhcp's github and the openwrt ipv6 doc page I can't seem to find anything.

It is indeed. That MAC is the ALL ROUTERS broadcast address. Everything seems to be working properly...I'm not certain if that can be changed (without recompiling the software) though.

Yeah, I thought so. Here's the full packet sent by my ISP-provided router:

Frame 294: 185 bytes on wire (1480 bits), 185 bytes captured (1480 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: Apr 15, 2018 20:43:15.985435000 W. Europe Daylight Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1523817795.985435000 seconds
    [Time delta from previous captured frame: 3.287534000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 67.397568000 seconds]
    Frame Number: 294
    Frame Length: 185 bytes (1480 bits)
    Capture Length: 185 bytes (1480 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:vlan:ethertype:pppoes:ppp:ipv6:udp:dhcpv6]
    [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]
Ethernet II, Src: Avm_xx:xx:xx (34:31:c4:xx:xx:xx), Dst: HuaweiTe_83:ba:7d (54:51:1b:83:ba:7d)
    Destination: HuaweiTe_83:ba:7d (54:51:1b:83:ba:7d)
        Address: HuaweiTe_83:ba:7d (54:51:1b:83:ba:7d)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Avm_xx:xx:xx (34:31:c4:xx:xx:xx)
        Address: Avm_xx:xx:xx (34:31:c4:xx:xx:xx)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 7
    000. .... .... .... = Priority: Best Effort (default) (0)
    ...0 .... .... .... = DEI: Ineligible
    .... 0000 0000 0111 = ID: 7
    Type: PPPoE Session (0x8864)
PPP-over-Ethernet Session
    0001 .... = Version: 1
    .... 0001 = Type: 1
    Code: Session Data (0x00)
    Session ID: 0x1609
    Payload Length: 161
Point-to-Point Protocol
    Protocol: Internet Protocol version 6 (0x0057)
Internet Protocol Version 6, Src: fe80::3631:c4ff:fe28:3b99, Dst: ff02::1:2
    0110 .... = Version: 6
    .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
        .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
        .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
    Payload Length: 119
    Next Header: UDP (17)
    Hop Limit: 255
    Source: fe80::3631:c4ff:fe28:3b99
    Destination: ff02::1:2
    [Source SA MAC: Avm_xx:xx:xx (34:31:c4:xx:xx:xx)]
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: 546, Dst Port: 547
    Source Port: 546
    Destination Port: 547
    Length: 119
    Checksum: 0xf834 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 2]
DHCPv6
    Message type: Solicit (1)
    Transaction ID: 0xc0ecf4
    Elapsed time
        Option: Elapsed time (8)
        Length: 2
        Value: 0000
        Elapsed time: 0ms
    Client Identifier
        Option: Client Identifier (1)
        Length: 10
        Value: 000300013431c4283b99
        DUID: 000300013431c4283b99
        DUID Type: link-layer address (3)
        Hardware type: Ethernet (1)
        Link-layer address: 34:31:c4:xx:xx:xx
    Rapid Commit
        Option: Rapid Commit (14)
        Length: 0
    Identity Association for Prefix Delegation
        Option: Identity Association for Prefix Delegation (25)
        Length: 41
        Value: c4283b990000000000000000001a00190000000000000000...
        IAID: c4283b99
        T1: 0
        T2: 0
        IA Prefix
            Option: IA Prefix (26)
            Length: 25
            Value: 000000000000000000000000000000000000000000000000...
            Preferred lifetime: 0
            Valid lifetime: 0
            Prefix length: 0
            Prefix address: ::
    Reconfigure Accept
        Option: Reconfigure Accept (20)
        Length: 0
    Option Request
        Option: Option Request (6)
        Length: 22
        Value: 00170038001f00190043004000eb0011005200530056
        Requested Option code: DNS recursive name server (23)
        Requested Option code: NTP Server (56)
        Requested Option code: Simple Network Time Protocol Server (31)
        Requested Option code: Identity Association for Prefix Delegation (25)
        Requested Option code: Prefix Exclude (67)
        Requested Option code: Dual-Stack Lite AFTR Name (64)
        Requested Option code: Unknown (235)
        Requested Option code: Vendor-specific Information (17)
        Requested Option code: SOL_MAX_RT (82)
        Requested Option code: INF_MAX_RT (83)
        Requested Option code: PCP Server (86)
    Vendor Class
        Option: Vendor Class (16)
        Length: 4
        Value: 00000368
        Enterprise ID: AVM GmbH (872)

So unless there's something wonky with the packet capture going on, it looks like an IPv6 multicast with unicast MAC... strange.

Using ebtables you can rewrite the MAC on the outgoing packet to use the same dst as the ISP hardware uses... Maybe that will work. IMHO the ISP is broken

So I figured out the problem (and it was config-related in the end): my DHCPv6 packets weren't being sent out as PPPoE packets at all, but rather as plain Ethernet packets. I'd had my wan6 interface pointing to 'eth0.7', when it should have actually been '@wan'. While reading the openwrt ipv6 documentation, I thought they were the same; but that's apparently not the case (makes sense though).

So now everything works, but it seems somewhat slow actually. So now to figure out why that's happening :stuck_out_tongue:

If anyone comes across this with the same problem, here's my full config:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fde5:e69d:1fb8::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.123.1'

config interface 'wan'
        option _orig_ifname 'eth0'
        option _orig_bridge 'false'
        option proto 'pppoe'
        option username 'xxxx'
        option password 'xxxx'
        option ifname 'eth0.7'
        option ipv6 '1'
        option mtu '1492'
        option keepalive '10 30'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '1 2 3 4 5 6'

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option ports '0t 5t'
        option vid '7'

config interface 'wan6'
        option proto 'dhcpv6'
        option ifname '@wan'
        option reqaddress 'try'
        option reqprefix 'auto'
        option mtu '1492'
        option iface_dslite 'wan4'

config interface 'wan4'
        option proto 'dslite'
        option peeraddr 'some-auto-added-address-here'
        option auto '0'

My firewall config is simply LEDE default (v17.01.4).