Seems i somehow broke dhcp AGAIN, this time it's just for ipv6

i have dnsmasq setup for ipv4(dhcp/dns) and odhcpd for ipv6(slaac/dhcpv6).. and i seem to have lost the ability to get an ipv6 address from my router for some reason..

  • i verified the router itself still has ipv6 connectivity (using the troubleshooting tools i am able to ping6 out to the internet from the router itself).
  • I've ran tcpdump both on my client interface and on the router's interface for icmp6 router solicitations/advertisements (the tcpdump filter used: '(udp port 546 or 547) or icmp6 and (ip6[40] = 134 or ip6[40] = 133)') - the router sees the router solicitations but there's no router advertisements being sent back :-/
  • i made sure there's a firewall rule, since i set the INPUT chain policy for this zone to DROP and created an override for dns/ipv4-dhcp/ntp, there was already fw rules for dhcpv6 and icmpv6, see below)
Here's the specific /etc/config/network section
config interface 'home'
        option proto 'static'  
        option device 'br-lan.2020'
        option ipaddr '172.20.20.1'
        option netmask '255.255.254.0'
        option ip6assign '64'         
        option ip6hint '2020'
        list ip6class 'wan_6'
        option ip6ifaceid '::'
        list dns_search 'lan.home.my.domain'
here's what my /etc/config/firewall looks like

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'DROP'
	option drop_invalid '1'
	option flow_offloading '1'
	option synflood_protect '1'

config zone
	option name 'wan'
	option input 'DROP'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config forwarding
	option src 'lan'
	option dest 'wan'

config zone
	option name 'home'
	option input 'DROP'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'home'

config forwarding
	option src 'home'
	option dest 'wan'

config forwarding
	option src 'home'
	option dest 'lan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option family 'ipv4'
	option target 'ACCEPT'
	list icmp_type 'echo-request'
	option ipset 'allowed_to_ping'

config ipset
	option name 'allowed_to_ping'
	option comment 'sources of icmp echo request that we allow'
	option family 'ipv4'
	list entry 'x.x.x.x'
	list match 'ip'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src '*'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src '*'
	option proto 'icmp'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'
	list icmp_type 'bad-header'
	list icmp_type 'destination-unreachable'
	list icmp_type 'echo-reply'
	list icmp_type 'echo-request'
	list icmp_type 'neighbour-advertisement'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'packet-too-big'
	list icmp_type 'router-advertisement'
	list icmp_type 'router-solicitation'
	list icmp_type 'time-exceeded'
	list icmp_type 'unknown-header-type'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Block-DHCP-DNS-NTP-on-WAN'
	option src 'wan'
	option dest_port '53 67 68 123'
	option target 'DROP'

config rule
	option name 'Allow-DHCP-DNS-NTP-ICMP'
	option src '*'
	option dest_port '53 67 68 123'
	option target 'ACCEPT'
	list proto 'tcp'
	list proto 'udp'
	list proto 'icmp'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'
	option enabled '0'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'
	option enabled '0'

config zone
	option name 'guest'
	option input 'DROP'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'guest'

config forwarding
	option src 'guest'
	option dest 'wan'
here's what my /etc/config/dhcp looks like
config dnsmasq 'home_dns'                
        option domainneeded '1'          
        option localise_queries '1'      
        option rebind_protection '1'     
        option rebind_localhost '1'      
        option local '/wifi.home.my.domain/'
        option domain 'wifi.home.my.domain' 
        option localuse '0'               
        option expandhosts '1'                                   
        option cachesize '1000'           
        option authoritative '1'          
        option readethers '1'             
        option leasefile '/tmp/dhcp.leases.home'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        list interface 'home'                                  
        list notinterface 'loopback'                           
        list server '208.67.222.222'                           
        list server '208.67.220.220'                           
        list rebind_domain '/my.domain/'                         
        option localservice '1'                                
                                                               
config dhcp 'home'                                             
        option instance 'home_dns'                             
        option interface 'home'                                
        option start '100'                                     
        option limit '150'                                     
        option force '1'                                       
        option leasetime '12h'                                 
        option ra 'server'                                     
        option dhcpv6 'server'                                 
        list ra_flags 'managed-config'                         
        list ra_flags 'other-config'  
        list dhcp_option '119,lan.home.my.domain'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
and here's what the generated /tmp/etc/dnsmasq.conf.home_dns looks like
root@router-main:/tmp/etc# cat dnsmasq.conf.home_dns 
# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
dhcp-authoritative
domain-needed
localise-queries
read-ethers
enable-ubus=dnsmasq.home_dns
expand-hosts
bind-dynamic
local-service
cache-size=1000
domain=wifi.home.my.domain
local=/wifi.home.my.domain/
server=208.67.222.222
server=208.67.220.220
interface=br-lan.2020
except-interface=lo
addn-hosts=/tmp/hosts
dhcp-leasefile=/tmp/dhcp.leases.home
resolv-file=/tmp/resolv.conf.d/resolv.conf.auto
stop-dns-rebind
rebind-localhost-ok
rebind-domain-ok=/my.domain/
dhcp-broadcast=tag:needs-broadcast
conf-dir=/tmp/dnsmasq.d
user=dnsmasq
group=dnsmasq

dhcp-ignore-names=tag:dhcp_bogus_hostname
conf-file=/usr/share/dnsmasq/dhcpbogushostname.conf


bogus-priv
conf-file=/usr/share/dnsmasq/rfc6761.conf
dhcp-range=set:home,172.20.20.100,172.20.20.249,255.255.254.0,12h
dhcp-option=home,119,lan.home.my.domain

note: i run multi-instance dnsmasq, but this is also broken for the other instances as well

I have no idea how to troubleshoot odhcpd, i tried to add -l 7 to its init script to increase its logging verbosity but i don't see ANY messages related to odhcpd whatsoever?!

any ideas what else to try/look at? this was working before so i'm not sure what broke it (last thing i did was add a guest wifi network)

What zone is the client in? Or is it all clients/all zones?

client is in the 'home' zone (172.20.20.0/23), i also have a 'lan' zone but that also is not getting any ipv6 addresses assigned either :frowning:

ifstatus home; ifstatus wan_6
1 Like

@vgaetera

attached output of ifstatus home; ifstatus wan-6
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 269,
        "l3_device": "br-lan.2020",
        "proto": "static",
        "device": "br-lan.2020",
        "updated": [
                "addresses"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [
                {
                        "address": "172.20.20.1",
                        "mask": 23
                }
        ],
        "ipv6-address": [

        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [
                {
                        "address": "2xxx:xxxx:xxxx:2020::",
                        "mask": 64,
                        "preferred": 86143,
                        "valid": 86143,
                        "local-address": {
                                "address": "2xxx:xxxx:xxxx:2020::",
                                "mask": 64
                        }
                }
        ],
        "route": [

        ],
        "dns-server": [

        ],
        "dns-search": [
                "lan.home.my.domain"
        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],  
                "route": [

                ],  
                "dns-server": [

                ],  
                "dns-search": [

                ],  
                "neighbors": [

                ]   
        },
        "data": {   

        }
}
{
        "up": true, 
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": true,
        "uptime": 247,
        "l3_device": "pppoe-wan",
        "proto": "dhcpv6",
        "device": "pppoe-wan",
        "updated": [
                "prefixes"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [

        ],
        "ipv6-address": [
                {   
                        "address": "2xxx:xxxx:xxxx:yyyy::1",
                        "mask": 64,
                        "preferred": 604572,
                        "valid": 2591772
                }
        ],
        "ipv6-prefix": [
                {
                        "address": "2xxx:xxxx:xxxx::",
                        "mask": 48,
                        "preferred": 86143,
                        "valid": 86143,
                        "class": "wan_6",
                        "assigned": {
                                "home": {
                                        "address": "2xxx:xxxx:xxxx:2020::",
                                        "mask": 64
                                },
                                "lan": {
                                        "address": "2xxx:xxxx:xxxx:2220::",
                                        "mask": 64
                                },
                                "mgmt": {
                                        "address": "2xxx:xxxx:xxxx:2222::",
                                        "mask": 64
                                },
                                "guest": {
                                        "address": "2xxx:xxxx:xxxx:2424::",
                                        "mask": 64
                                }
                        }
                }
        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::827f:f8ff:fe75:34f3",
                        "metric": 512,
                        "valid": 1572,
                        "source": "2xxx:xxxx:xxxx::/48"
                },  
                {   
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::827f:f8ff:fe75:34f3",
                        "metric": 512,
                        "valid": 1572,
                        "source": "2xxx:xxxx:xxxx:yyyy::1/64"
                }   
        ],
        "dns-server": [
                "2xxx:xxxx:6:0:xx:xx:3:100",
                "2xxx:xxxx:6:0:xx:xx:6:100"
        ],
        "dns-search": [

        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],  
                "ipv6-address": [

                ],  
                "route": [

                ],  
                "dns-server": [

                ],  
                "dns-search": [

                ],  
                "neighbors": [

                ]   
        },
        "data": {   
                "zone": "wan",
                "passthru": "001700202a0280100006000002120023000301002a028010000600000212002300060100",
                "zone": "wan"
        }
}
1 Like

Just for a sanity check, since i track every single change related to my router in git, I rolled these specific changes back (creating a new guest network) and IPv6 started to work on the other networks..

Seems i accidentally had

 config dnsmasq 'guest_dns'
       option domainneeded '1' option localise_queries '1'

merged on one line, when i fixed this and put this on two separate lines, IPV6 seems to work as it previously did! very strange this one instance would break other instances as well?

Just wanna say a sincere thank you just the same for all of you attempting to help, this forum is such a treasure to have such bright folks with an eager willingness to help diagnose people's dumb problems (like mine) :smiley: <3

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.