Serving DHCPv6 without IPv4

On wan6 I'm seeing two records for ipv6-address (a /64 and /128) and ipv6-prefix is empty. lan has no ipv6-address nor ipv6-prefix but has an fd10 address in ipv6-prefix-assignment.

Another data point: "ipconfig /renew6" gives a semaphore timeout error, suggesting that nothing's responding. I tried it with the firewall down. The Windows box does have two fd10 addresses and an fe80 address assigned.

1 Like

Automatic prefix delegation won't work in this case.

Make sure that:

  • You are using the latest stable OpenWrt release.
  • Your ISP provides DHCPv6 prefix delegation.
1 Like

I'm not sure how to determine that. It's Comcast residential.

Meanwhile, I re-enabled IPv6 on my ASUS running Merlin firmware, setting it to "passthrough", and that seems to work. So I pulled the source code for that from GitHub to see if I can figure out how that works and will adapt the internal settings to OpenWRT. (The ASUS fronts my backup Comcast account with the cheaper plan and the Merlin support for that model was dropped due to the age of the router.)

For Comcrap, at least where I am, you can request a /60.

The use case of only offering IPv6 addresses from the OpenWrt device seems reasonable. You may be able to accomplish that by disabling the DHCP feature of dnsmasq as I believe that IPv6 is handled by another service under OpenWrt.

I dug down through the Merlin code to see what the passthrough setting does, and it seems to start 6relayd, which has been replaced by odhcpd in OpenWRT. 6relayd is invoked in start_6relayd() here:

It's invoked as "6relayd -drs -Rrelay -Dserver -N -n -v wanifname lanifname".

I found this on how 6relayd was configured before odhcpd superceded it:

https://oldwiki.archive.openwrt.org/doc/uci/6relayd

I'm trying to track down some more detailed documentation on 6relayd to see if I can adapt that command into an odhcpd config.

While looking for 6relayd info, I tripped across this mailing list report about this migration from 2013. Not sure if it's relevant but as a software archaeologist it's interesting seeing the history of this stuff.

https://lists.bufferbloat.net/pipermail/cerowrt-devel/2013-August/006655.html

1 Like

Stop wasting time on those legacy tools, what you need is here:

1 Like

According to that, I should be able to set the requested prefix length to /60 and the delegated one to /64. I can see an address getting assigned to WAN6 but I'm not seeing clients get an address, yet. How do I know if I got a /60 instead of a /64?

1 Like
ifup wan6; sleep 10; ifstatus wan6
1 Like

In /etc/config/network:

config interface 'wan6'
        option ifname 'eth1.2'
        option proto 'dhcpv6'
        option peerdns '0'
        option reqaddress 'try'
        option reqprefix '60'

From ifstatus wan6:

        "ipv6-address": [
                {
                        "address": "2601:644:2:7919:fef5:28ff:fed3:5d07",
                        "mask": 64,
                        "preferred": 323541,
                        "valid": 323541
                },
                {
                        "address": "2601:644:2:7919::a9d8",
                        "mask": 128,
                        "preferred": 600538,
                        "valid": 600538
                }
        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [
                {
                        "target": "2601:644:2:7919::",
                        "mask": 64,
                        "nexthop": "::",
                        "metric": 256,
                        "valid": 323541,
                        "source": "::\/0"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::1ab8:1fff:fe47:c70e",
                        "metric": 512,
                        "valid": 176,
                        "source": "2601:644:2:7919:fef5:28ff:fed3:5d07\/64"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::1ab8:1fff:fe47:c70e",
                        "metric": 512,
                        "valid": 176,
                        "source": "2601:644:2:7919::a9d8\/128"
                }
        ],
uci show network; uci show dhcp
1 Like
root@zyxel:/etc/config# uci show network
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd10:41a8:a3bd::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='10.96.0.253'
network.lan.netmask='255.128.0.0'
network.lan.dns='10.96.0.132'
network.lan.ip6assign='64'
network.wan=interface
network.wan.ifname='eth1.2'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.ifname='eth1.2'
network.wan6.proto='dhcpv6'
network.wan6.peerdns='0'
network.wan6.reqaddress='try'
network.wan6.reqprefix='60'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 3 4 0t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='5 6t'
root@zyxel:/etc/config# uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].nonegcache='0'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcp_option='6,10.96.0.132'
dhcp.lan.ra='relay'
dhcp.lan.dhcpv6='relay'
dhcp.lan.ndp='relay'
dhcp.lan.dns='fe80::200'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
2 Likes

Is your ISP modem in bridge mode?

Not in bridged mode. It's Xfinity's Arris modem and its connection status page shows a delegated prefix with a /64. (I hadn't thought to look at the modem's page, as I hadn't needed to mess with it for quite some time.)

BTW, the main reason I have a router after their modem/router is because their web management doesn't let me disable their DHCP function. I notice they have both IPv4 and IPv6 DHCP servers.

I've got the link between modem and router set to 172.24.0.0/24 with the modem as .1 and the ZyXEL as .2.

1 Like

Your ISP modem is handling the PD'd IPv6 subnet.
If possible, switch to bridge mode and let your router be the gateway.

2 Likes

Damn, I didn't think bridge mode was available on their residential connection. It's a switch in the main Gateway At a Glance page. I'll have to try that once the family is done using the Internet for the day.

1 Like

After switching to bridge mode and restoring the router setting to stock, I'm seeing v6 addresses everywhere, so things seem to be mostly working.

I ran the following v6 connectivity test and it tells me that the large packet ICMP isn't getting through, so it can't do PMTUD. I don't know what to do with that.

http://test-ipv6-vm4.comcast.net/index.html.en_US

Under Network/Firewall/Traffic Rules, I can see Allow ICMPv6-Forward is enabled. So I guess something else must be blocking those packets.

Is the MTU option of the ISP modem set to 1500?
On Windows, try pinging Google with maximum length available:
ping -l 1452 -6 www.google.com

I'm in the process of renumbering my network so I can get access back to the Xfinity modem. I think when I switched it to bridge mode, it set the address back from the 172 address I'd given it to 10.0.0.1, and that's in my LAN's address block, so the router won't route to it. I'm squishing my network into 10.96/16 so their address will be outside that and will be on the WAN side of the router.

Meanwhile, here's the ping result:

f:\devel>ping -l 1452 -6 www.google.com

Pinging www.google.com [2607:f8b0:4005:807::2004] with 1452 bytes of data:
Reply from 2607:f8b0:4005:807::2004: time=14ms 
Reply from 2607:f8b0:4005:807::2004: time=15ms 
Reply from 2607:f8b0:4005:807::2004: time=11ms 
Reply from 2607:f8b0:4005:807::2004: time=12ms 

Ping statistics for 2607:f8b0:4005:807::2004:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 15ms, Average = 13ms

I found that, after switching to bridge mode, the modem had reverted its web administration address to 192.168.100.1, but still accepted my old password. I can't see anything that can be modified now except whether it's in bridge mode. (I don't see a setting which lets me move the admin address, which is annoying, but I can live with that.)

So I think I just have the PMTUD issue now.

I found other sites with the same test setup as the Comcast link and they tell me I'm fine with the big packet test. So that tells me Comcast's test site is broken. So I think I'm golden now.