finch
August 31, 2019, 9:16am
1
I'm trying to set up ipv6 address of my raspi running openwrt using dhpcv6. The address should be obtained from another router (running openwrt too). That server has odhcp server running and my laptop has no problem obtaining ipv6.
When I use odhcp6c on raspberry pi, I can see that server is responding (see request and response with tcpdump), but odhcp6c on raspberry pi is just frozen (like waiting for response). I've ran tcpdump on raspi, so it's getting response from odhcp6 server (not blocked by firewall).
In luci overview I see that there no devices configured for IPv6 Upstream .
So network configuration looks like (there is only lan interface on raspi):
config interface 'lan'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.82.192'
option netmask '255.255.255.0'
option gateway '192.168.82.1'
option dns '8.8.8.8'
option ip6assign '64'
Not sure, if it may be the cause (should not be), but I uninstalled odhcp (daemon) and installed dnsmasq-full, because I wanted dnssec. Is daemon necessary for client only scenario? Thanks for help.
1 Like
From the OpenWrt client device:
uci show network; uci show firewall
finch
August 31, 2019, 9:20am
3
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.lan=interface
network.lan.ifname='eth0'
network.lan.proto='static'
network.lan.ipaddr='192.168.82.192'
network.lan.netmask='255.255.255.0'
network.lan.gateway='192.168.82.1'
network.lan.dns='8.8.8.8'
network.lan.ip6assign='64'
network.vpntun=interface
network.vpntun.proto='none'
network.vpntun.ifname='tun0'
network.@route[0]=route
network.@route[0].interface='lan'
network.@route[0].target='192.168.83.0'
network.@route[0].netmask='255.255.255.0'
network.@route[0].gateway='192.168.82.1'
network.@route[1]=route
network.@route[1].interface='lan'
network.@route[1].target='192.168.81.0'
network.@route[1].netmask='255.255.255.0'
network.@route[1].gateway='192.168.82.1'
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='ACCEPT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan wan6'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@zone[2]=zone
firewall.@zone[2].name='vpn'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].network='vpntun'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].masq='1'
firewall.@zone[2].mtu_fix='1'
firewall.@zone[2].input='REJECT'
Try to configure DHCPv6 client as a non-bridge alias lan6:
Also add lan6 network to the firewall lan zone and then check:
ifup lan6; sleep 10; ifstatus lan6
finch
August 31, 2019, 9:39am
5
So I did add alias to network
config interface 'wan6'
option ifname 'eth0'
option proto 'dhcpv6'
ifup wan6; sleep 10; ifstatus wan6
Just saw error in syslog:
Sat Aug 31 11:38:08 2019 daemon.err odhcp6c[8713]: Failed to send RS (Address not available)
Sat Aug 31 11:38:08 2019 user.notice firewall: Reloading firewall due to ifup of lan (eth0)
Sat Aug 31 11:38:09 2019 daemon.err odhcp6c[8713]: Failed to send DHCPV6 message to ff02::1:2 (Address not available)
A similar error:
opened 10:24PM - 12 Nov 17 UTC
closed 08:33PM - 13 Nov 17 UTC
On LEDE 17.01.4 I seem to be getting:
```
Failed to send DHCPV6 message to f… f02::1:2 (Address not available)
```
trying to get a DHCPv6 lease from my provider.
This is the same configuration that worked fine on OpenWRT Chaos Calmer so I'm really not sure why that address would not be available.
Any ideas?
Verify that you are using the latest stable OpenWrt release:
ubus call system board
Restart the firewall and network services:
service firewall restart
service network restart
Check the interface IPv6 configuration and NDP cache:
ip -6 address show dev eth0
ip -6 neigh show
finch
August 31, 2019, 12:05pm
7
Many thanks for you assistence.
{
"kernel": "4.19.42-aufs",
"hostname": "Rasputin",
"system": "ARMv6-compatible processor rev 7 (v6l)",
"model": "Raspberry Pi Model B Rev 1",
"board_name": "brcm,bcm2835",
"release": {
"distribution": "OpenWrt",
"version": "18.06.4",
"revision": "r7808-ef686b7292",
"target": "brcm2708\/bcm2708",
"description": "OpenWrt 18.06.4 r7808-ef686b7292"
}
}
which brought me, to the question if it's not kernel related. I'm using newer kernel (but from raspi org sources).
Any way: ip -6 address show dev eth0 shows:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::ba27:ebff:fe05:598/64 scope link
valid_lft forever preferred_lft forever
And ip -6 neigh show:
fe80::ba27:ebff:fe05:598 dev eth0 lladdr b8:27:eb:05:05:98 used 0/0/0 probes 0 STALE
finch
August 31, 2019, 12:30pm
8
Just rebooted the router (the one with odhcp daemon running) and it's working now. OMG. Not sure why restarting firewall and network was not enough. But thank you so much, the net alias seems to be necessary anyway.
1 Like
system
September 10, 2019, 12:30pm
9
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.