Router not getting an IPv6 prefix from ISP (init7)

I am using an R7800 with openwrt 23.05.4. Trying to get an IPv6 prefix delegated from my ISP (init7). The router is connected to a media converter (TP Link MC220L) which is then connected to the OTO.
Currently, with a fresh install (flashing a sysupgrade.bin file without keeping the config), the router gets a /64 IPv6 address, but no IPv6 prefix, so clients don't get an IPv6 address and don't have IPv6 connectivity. But on the router I have IPv6 connectivity, I can do curl ipv6.icanhazip.com for example.

Here are some things I've tried

  • In Interfaces -> wan6. Set "Request IPv6-address" to force. After restarting wan6, it does not even get an IPv6 /64 anymore.
  • In Interfaces -> wan6. Set "Request IPv6-prefix of length" to /48, because this the IPv6 prefix size my ISP gives.
  • Tried option noserverunicast '1' in /etc/config/network for wan6 (as described https://blog.printk.io/2018/08/ipv6-renew-issue-with-fiber7-and-openwrt/), without success. After restarting the wan6 interface, no IPv6 prefix was obtained
  • I have an R7800 with 23.05.0 at another location with the same ISP, I've tried to downgrade to the same version and directly using the backed up config .tar.gz from that router. But still same thing, a /64 for the router, no IPv6 prefix and no IPv6 connectivity for clients.
  • Weirdly enough enough if I configure the router as a dhcpv6 relay https://openwrt.org/docs/guide-user/network/ipv6/configuration#ipv6_relay, then the clients can obtain IPv6 addresses from the same 2a02:168:yyyy:yyyy subnet, but then the router is still not getting an IPv6 prefix.

Here are some relevant outputs showing that the router isn't getting an IPv6 prefix.

ifstatus wan6

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 145,
	"l3_device": "eth0.2",
	"proto": "dhcpv6",
	"device": "eth0.2",
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "2a02:168:yyyy:yyyy:xxxx:xxxx:xxxx:xxxx",
			"mask": 64,
			"preferred": 604794,
			"valid": 2591994
		}
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "2a02:168:yyyy:yyyy::",
			"mask": 64,
			"nexthop": "::",
			"metric": 256,
			"valid": 2591994,
			"source": "::/0"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::200:f7ff:fef7:256",
			"metric": 384,
			"valid": 1794,
			"source": "2a02:168:yyyy:yyyy:xxxx:xxxx:xxxx:xxxx/64"
		}
	],
	"dns-server": [
		"2001:1620:2777:1::10",
		"2001:1620:2777:2::20"
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		
	}
}

ifstatus wan

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 269,
	"l3_device": "eth0.2",
	"proto": "dhcp",
	"device": "eth0.2",
	"updated": [
		"addresses",
		"routes",
		"data"
	],
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		{
			"address": "85.195.xxx.xxx",
			"mask": 24
		}
	],
	"ipv6-address": [
		
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "0.0.0.0",
			"mask": 0,
			"nexthop": "85.195.240.1",
			"source": "85.195.240.221/32"
		}
	],
	"dns-server": [
		"213.144.129.20",
		"77.109.128.2"
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		"dhcpserver": "82.197.188.234",
		"hostname": "openwrt",
		"leasetime": 4000,
		"ntpserver": "82.197.188.130 82.197.164.46"
	}
}

So why is IPv6 PD not working ? Ultimately, I will want to hand out at least two IPv6 subnets, one for lan and one for a wireguard interface, maybe more in the future. As I understand, IPv6 PD will be needed for this.

What are you requesting from your ISP? Show us this:

$ uci show network.wan6
network.wan6=interface
network.wan6.device='eth0'
network.wan6.proto='dhcpv6'
network.wan6.reqaddress='try'
network.wan6.reqprefix='56'
1 Like
root@OpenWrt:~# uci show network.wan6
network.wan6=interface
network.wan6.device='eth0.2'
network.wan6.proto='dhcpv6'

I've been trying from a fresh install with the stock config to be sure to rule out any config problems

Tested configuration:

I'd add the option reqprefix='56' (or 60) and restart, see what happens...

Thanks both for the suggestions.
Unfortunately the behaviour hasn't changed. The router gets a /64 and can access ipv6 destinations, the clients don't get a global ipv6 and have no ipv6 connectivity.
I've tried reqprefix 64, 60, 56 and 48. I'm supposed to get a /48 prefix from the ISP

/etc/config/network:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdac:4dec:4774::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '64'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'

config interface 'wan6'
	option device '@wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix '48'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '5 0t'

/etc/config/dhcp:

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '101'
	option limit '150'
	option leasetime '24h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option ra_default '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

Did you check what your ISP actually gives out, 48 seems questionable.

I would set reqprefix 'auto', reboot and then check with ifstatus wan6

Still no luck:

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 2,
	"l3_device": "eth0.2",
	"proto": "dhcpv6",
	"device": "eth0.2",
	"updated": [
		"addresses",
		"routes"
	],
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "2a02:168:yyyy:yyyy:xxxx:xxxx:xxxx:xxxx",
			"mask": 64,
			"preferred": 604798,
			"valid": 2591998
		}
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "2a02:168:yyyy:yyyy::",
			"mask": 64,
			"nexthop": "::",
			"metric": 256,
			"valid": 2591998,
			"source": "::/0"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "fe80::200:f7ff:fef7:256",
			"metric": 384,
			"valid": 1798,
			"source": "2a02:168:yyyy:yyyy:xxxx:xxxx:xxxx:xxxx/64"
		}
	],
	"dns-server": [
		"2001:1620:2777:1::10",
		"2001:1620:2777:2::20"
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		
	}
}
root@OpenWrt:~#

Yep, it's mentioned here https://www.init7.net/en/support/faq/Fiber7-IPv6/
And I have the same setup, same ISP, same hardware with openWRT at another site which does indeed get a /48

Ok, so you are now getting a PD? But it's not propagated to the clients (i.e., "lan" is empty)?

$ ifstatus wan6 | jsonfilter -e '$["ipv6-prefix"]'
[ { "address": "2600:blah::", "mask": 56, "preferred": 71419, "valid": 71419, "class": "wan6", "assigned": { "lan": { "address": "2600:blah::", "mask": 56 } } } ]

Still not getting a prefix, see above.
Only a single /64 is given to the router itself. Only the router can ping ipv6 sites

Even try should work, but what does reqaddress = "force" do?
And yes with the plain stock image it should :tm: just work.... :confused:

Run a tcpdump to see how the ISP is answering your DHCPv6 requests. Also do that at the site that works. If you are making the same request but getting a different answer from the ISP, the problem would be at the ISP.

So reqaddress 'try' results in just the /64 for the router, and /48 prefix delegation. While reqaddress 'force' the router doesn't even get the /64 anymore, and neither the router nor clients have any ipv6 connectivity

1 Like

So the ISP have given my the IPv6 /48 I'm supposed to have.
I'm trying to manually specify it in /etc/config/network:

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'
        option ip6prefix '2a02:168:9d5b::/48'

And now clients on the lan get an IPv6 from this prefix. But if I try ping -6 I get Destination unreachable: No route
On the router, ip -6 route show default returns

default from 2a02:168:2000:2e::/64 via fe80::200:f7ff:fef7:256 dev eth0.2  metric 384

On a client, the same command returns

default via fe80::b2b9:8aff:fe73:62a1 dev enp3s0 proto ra metric 1024 expires 1405sec hoplimit 64 pref medium

The routes seem different (fe80::b2b9... vs fe80::200...), is that normal given the router and the client are using different IPv6 subnets for their requests ?

You appear to be conflating things with an assigned and static, see ipv6 wiki

Ask ISP support about "DUID type(s)" they support or expect from clients.

A ping to the Internet initiated from within the router uses the router's WAN IP (a /128 within the WAN /64), which is outside the routed /48. Often all customers of the ISP have their WAN's IP allocated out of the same /64.

A LAN machine should have its GUA taken from the LAN's /64, which is inside the /48. A ping from the LAN machine originates with that address. The LAN machine's default route is the link local of the router, that is normal. When the router receives the ping it will forward it to the Internet. This can be observed using tcpdump on the router's wan. If you see pings going out to a site which you know exists and will answer pings but not being returned, the ISP is probalby not routing the /48 back to you. This could be confirmed by initiating a ping from a test site outside to anywhere in your /48, you should see it come in.

1 Like

Thanks for the explanation. It helps to know the router's WAN IP is not usually within the delegated IPv6 prefix.
I didn't try to do the ping you mentioned, but did try tcpdump on dhcpv6 ports at both sites.

Here is from the site where the prefix correctly gets delegated

root@OpenWrt:~# tcpdump -n -i eth0.2 portrange 546-547
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0.2, link-type EN10MB (Ethernet), snapshot length 262144 bytes
19:45:20.003628 IP6 fe80::b2b9:8aff:fe73:5a5c.546 > ff02::1:2.547: dhcp6 release
19:45:20.018761 IP6 fe80::200:f7ff:fef7:256.547 > fe80::b2b9:8aff:fe73:5a5c.546: dhcp6 reply
19:45:20.353620 IP6 fe80::b2b9:8aff:fe73:5a5c.546 > ff02::1:2.547: dhcp6 solicit
19:45:20.361417 IP6 fe80::200:f7ff:fef7:256.547 > fe80::b2b9:8aff:fe73:5a5c.546: dhcp6 advertise
19:45:22.283262 IP6 fe80::b2b9:8aff:fe73:5a5c.546 > ff02::1:2.547: dhcp6 request
19:45:22.304524 IP6 fe80::200:f7ff:fef7:256.547 > fe80::b2b9:8aff:fe73:5a5c.546: dhcp6 reply
19:45:26.878694 IP6 fe80::7642:7fff:fe21:246b.546 > ff02::1:2.547: dhcp6 relay-fwd
19:46:15.559655 IP6 fe80::f287:56ff:fe05:746c.546 > ff02::1:2.547: dhcp6 relay-fwd
19:46:15.559655 IP6 fe80::f287:56ff:fe05:746c.546 > ff02::1:2.547: dhcp6 relay-fwd
19:46:30.651252 IP6 fe80::20d:b9ff:fe61:5d48.546 > ff02::1:2.547: dhcp6 relay-fwd
19:46:30.674612 IP6 fe80::20d:b9ff:fe61:5d48.546 > ff02::1:2.547: dhcp6 relay-fwd
^C
11 packets captured
11 packets received by filter
0 packets dropped by kernel

And the same tcpdump from the site where it doesn't work:

root@OpenWrt:~# tcpdump -n -i eth0.2 portrange 546-547
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0.2, link-type EN10MB (Ethernet), snapshot length 262144 bytes
19:37:31.378708 IP6 fe80::b2b9:8aff:fe73:62a2.546 > ff02::1:2.547: dhcp6 solicit
19:37:32.492073 IP6 fe80::b2b9:8aff:fe73:62a2.546 > ff02::1:2.547: dhcp6 solicit
19:37:34.602084 IP6 fe80::b2b9:8aff:fe73:62a2.546 > ff02::1:2.547: dhcp6 solicit
19:37:36.539051 IP6 fe80::f287:56ff:fe05:21f8.546 > ff02::1:2.547: dhcp6 relay-fwd
19:37:38.892006 IP6 fe80::b2b9:8aff:fe73:62a2.546 > ff02::1:2.547: dhcp6 solicit
19:37:47.292024 IP6 fe80::b2b9:8aff:fe73:62a2.546 > ff02::1:2.547: dhcp6 solicit
19:38:04.172019 IP6 fe80::b2b9:8aff:fe73:62a2.546 > ff02::1:2.547: dhcp6 solicit
19:38:20.537070 IP6 fe80::f287:56ff:fe05:2624.546 > ff02::1:2.547: dhcp6 renew
19:38:21.565011 IP6 fe80::f287:56ff:fe05:2624.546 > ff02::1:2.547: dhcp6 renew
19:38:22.613566 IP6 fe80::f287:56ff:fe05:21f8.546 > ff02::1:2.547: dhcp6 relay-fwd
19:38:28.687612 IP6 fe80::f287:56ff:fe05:596c.546 > ff02::1:2.547: dhcp6 renew
19:38:28.687612 IP6 fe80::f287:56ff:fe05:596c.546 > ff02::1:2.547: dhcp6 renew
^C
12 packets captured
13 packets received by filter
0 packets dropped by kernel

To me it looks like no DHCPv6 replies are arriving at the second site. Firstly because there is no reply on the 547 server port, and then there are no dhcp6 reply packets. Is this enough to pinpoint the problem as being on the ISP's side ?