[solved] IPv6 not working after upgrade / DSA migration

Situation: 4040 running 22.03.4 upgraded to 23.05.0, including manual migration to DSA; that is, I did NOT keep the configuration during the flashing and only adapted the old config manually afterwards, partly via GUI, partly editing the files.

Before the upgrade, I had unbound running as main DNS server, with dnsmasq as "link" for local addresses and dhcpv4; IPv6 upstream via he.net tunnel with /48 prefix; main ("casa"), guest, and vpn networks receiving each a /64 and all was well: both Android devices and PCs with DHCPv6 clients could get full IPV6 connectivity. Reasonably complete dual-stack, in short.

After the upgrade, IPV6 is only partially working: the router interfaces all have IPV6 addresses but the clients do not, only those connecting via vpn get a /64 address whereas those on main and guest networks do not.

I attempted to do some further config cleanup, removing obsolete keywords, such as ra_management for example, but the clients still won't get an IPV6 address. One thing I noticed is that enabling SLAAC for guest via the gui causes ra_slaac to disappear from the dhcp config file, some kind of default value detection?

Here are the relevant config files, if you need runtime checks just ask me:

/etc/config/dhcp (abridged, left out the lease definitions):

config dnsmasq            
        option authoritative '1'
        option domain 'bamberlan' 
        option domainneeded '1'
        option expandhosts '1'        
        option leasefile '/tmp/dhcp.leases'
        option local '/bamberlan/'
        option localise_queries '1'
        option localservice '1'
        option nonegcache '1'                     
        option nonwildcard '0'
        option noresolv '1'      
        option port '1053'                      
        option rebind_localhost '1'               
        option rebind_protection '1'
                       
config odhcpd 'odhcpd'         
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
        option maindhcp '0'           
                                      
config dhcp 'wan'
        option ignore '1'
        option interface 'wan' 
                                        
config dhcp 'casa'
        list dhcp_option 'option:domain-search,bamberlan,dummy.nodomain'
        list dhcp_option 'option:dns-server,0.0.0.0'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'  
        option dhcpv4 'server'
        option dhcpv6 'server'
        option force '1'
        option interface 'casa'     
        option leasetime '24h'
        option limit '100'                                
        option ra 'server'  
        option ra_slaac '1'   
        option ra_useleasetime '1'
        option start '11'

config dhcp 'guest'                                 
        list dhcp_option 'option:domain-search,bamberlan,dummy.nodomain'
        list dhcp_option 'option:dns-server,0.0.0.0'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option dhcpv4 'server'
        option dhcpv6 'server'    
        option force '1' 
        option interface 'guest'    
        option leasetime '30m'
        option limit '100'                                              
        option ra 'server'                          
        option ra_useleasetime '1'
        option start '11'         

/etc/config/network:

config globals 'globals'
        option ula_prefix '.../48'

config interface 'loopback'
        option device 'lo'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
        option proto 'static'

config device
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        option name 'br-casa' <----- aka "main"
        option stp '1'
        option type 'bridge'

config interface 'casa'
        list ip6class 'he_2_fra'
        list ip6class 'local'
        option device 'br-casa'
        option ip6assign '64'
        option ip6hint '2'
        option ip6ifaceid '::00c0:fefe'
        option ipaddr '192.168.2.1'
        option ipv6 '1'
        option netmask '255.255.255.0'
        option proto 'static'

config device
        list ports 'lan4'
        option name 'br-guest'
        option stp '1'
        option type 'bridge'

config interface 'guest'
        list ip6class 'he_2_fra'
        list ip6class 'local'
        option device 'br-guest'
        option ip6assign '64'
        option ip6hint '3'
        option ip6ifaceid '::00c0:fefe'
        option ipaddr '192.168.3.1'
        option ipv6 '1'
        option netmask '255.255.255.0'
        option proto 'static'

config interface 'wan'                 
        option device 'wan'            
        option ipv6 'auto'             
        option keepalive '6 5'         
        option password 'password' 
        option peerdns '0'             
        option proto 'pppoe'           
        option username 'username'
                                                   
config interface 'wan6'                            
        option device 'wan'                        
        option proto 'dhcpv6'                      
                                                   
config interface 'modem'                           
        option device 'wan'                        
        option ipaddr '192.168.178.2'              
        option netmask '255.255.255.0'             
        option proto 'static'                      
                                                   
config interface 'he_1_nyc'  <---- long unused and inactive
        option auto '0'                            
        option ip6addr '...2/64'              
        option ip6prefix '...::/48'                 
        option peeraddr '209.51.161.14'                       
        option proto '6in4'                                   
        option tunnelid '...'                              
        option updatekey '...'                   
        option username '...'                            
                                                              
config interface 'he_2_fra'                                   
        list ip6prefix '.../48'                   
        option ip6addr '...2/64'              
        option peeraddr '216.66.80.30'                        
        option proto '6in4'                                   
        option tos 'inherit'                                  
        option tunnelid '...'                              
        option updatekey '...'                   
        option username '...'                            

There was another user with a similar issue recently. In their case, it was a bug in the switch - try disabling IGMP snooping. Ignore this message if it is disabled already.

Another possible option to toggle is multicast_to_unicast_all (set it to 1).

2 Likes

Hi, thanks for the answer.

I did see the post you're referring to, in the main release announcement thread. I had high hopes but then I noticed I did not use IGMP snooping so no dice.

Also, the "multicast to unicast" option relies on isolation mode for the wireless interface: first I am not using it, secondly I have at least one wired client not getting IPV6 (actually, that's how I discovered the issue... this client is configured to require IPV6 and the connection setup would take so long and eventually time out, that I started digging!)

Update: I suspect something is wrong with the tunnel itself because I cannot ping the remote endpoint from the router itself AND the he.net control panel shows the wrong IPV4 local endpoint address.
I am not entirely clear how that would still allow for the router interfaces to have IPV6 addresses, however.

Anyway, after force updating the endpoint, restarting the interfaces... still no go.

I am not entirely clear how that would still allow for the router interfaces to have IPV6 addresses, however.

Very easy. They just exist no matter what, like any other static addresses. The only problem is that traffic for this subnet is not routed to your machine.

2 Likes

Ok, so the tunnel was a false hope. I have now confirmed that the control panel shows the correct endpoint and I can ping ipv6 hosts (for example ipv6.google.com) directly from the router.

Check the output:

ifstatus he_1_nyc; ifstatus he_2_fra; ifstatus casa; ifstatus guest
1 Like

he_1_nyc is offline and kept for historical reasons, the rest follows (redacted):

HE_2_FRA:

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 56702,
	"l3_device": "6in4-he_2_fra",
	"proto": "6in4",
	"updated": [
		"addresses",
		"routes",
		"prefixes"
	],
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		{
			"address": "...::2",
			"mask": 64
		}
	],
	"ipv6-prefix": [
		{
			"address": "...::",
			"mask": 48,
			"class": "he_2_fra",
			"assigned": {
				"casa": {
					"address": "...:2::",
					"mask": 64
				},
				"guest": {
					"address": "...:3::",
					"mask": 64
				}
			}
		}
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "::",
			"mask": 0,
			"nexthop": "::",
			"source": "...::/48"
		},
		{
			"target": "::",
			"mask": 0,
			"nexthop": "::",
			"source": "...::2/64"
		}
	],
	"dns-server": [
		
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		
	}
}

CASA

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 56405,
	"l3_device": "br-casa",
	"proto": "static",
	"device": "br-casa",
	"updated": [
		"addresses"
	],
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		{
			"address": "192.168.2.1",
			"mask": 24
		}
	],
	"ipv6-address": [
		
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		{
			"address": "...:2::",
			"mask": 64,
			"local-address": {
				"address": "...::c0:fefe",
				"mask": 64
			}
		},
		{
			"address": "...:2::",
			"mask": 64,
			"local-address": {
				"address": "...:c0:fefe",
				"mask": 64
			}
		}
	],
	"route": [
		
	],
	"dns-server": [
		
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		
	}
}

GUEST

{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 56405,
	"l3_device": "br-guest",
	"proto": "static",
	"device": "br-guest",
	"updated": [
		"addresses"
	],
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		{
			"address": "192.168.3.1",
			"mask": 24
		}
	],
	"ipv6-address": [
		
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		{
			"address": "...:3::",
			"mask": 64,
			"local-address": {
				"address": "...::c0:fefe",
				"mask": 64
			}
		},
		{
			"address": "...:3::",
			"mask": 64,
			"local-address": {
				"address": "...::c0:fefe",
				"mask": 64
			}
		}
	],
	"route": [
		
	],
	"dns-server": [
		
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		
	}
}

1 Like

Test ping using your downstream interface IPs:

NET_PFX="$(uci -q get network.he_2_fra.ip6prefix)"
ping -c 3 -I ${NET_PFX%::*}:2::c0:fefe example.org
ping -c 3 -I ${NET_PFX%::*}:3::c0:fefe example.org
1 Like

Both work just fine... but still no IPV6 addresses for the clients :frowning:

1 Like

Going to reboot the router to see if something got stuck... EDIT: that was definitely the case.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.