I have working IPv6 on my wired network. However I don't get an IPv6 address on my android phone or tablet. I have a LEDE router plugged into my AT&T modem then I have my LInksys WRT1200AC plugged into my LEDE router. I have my computer plugged into the WRT1200AC and it gets an IPv6 address. Why aren't my WiFi devices getting IPv6 addresses? Both devices are running 17.01.4
I'm somewhat confused...if the WiFi clients are on the LAN of a downstream device, you must have an IPv6 allocation larger than /48, so you can statically route a block to the LAN of the downstream LEDE device.
Do you have it connected to the VLAN of the upstream...? This all depends on your configs...but I'm not sure how this would work.
You would assign an IPv6 block to the LAN as normal, and you would place an IPv6 static route on the first device, using the IPv6 WAN (i.e. the interface pointing toward the first LEDE) IP as the gateway to this network.
Ensure they are IPv6 capable; and that it's enabled. In my case RA work on my main device and downstream devices with other firmwares. I've never needed to configure DHCPv6 (on downstream devices, this just gives out v6 IPs in a sequential order) - so I wouldn't have much information on that.
Hope this helps.
@lleachii
I have a LAN port on the WRT1200AC connected to a LAN port on the main router so everything is flat.
@riodoro
You are correct. That was the problem. I had stateful DHCPv6 setup. Once I changed it to stateless and rebooted everything my Android clients got IPv6 addresses. I am quite upset with Google about the lack of a DHCPv6 client in android. This is going to make rolling out IPv6 at work much more difficult.
Thank you both for your help.
1 Like
Out of curiosity, why do you say this?
I have stateless setup on my home now and my two computers get multiple IPv6 addresses each. My computer has now has 2 public IPv6 addresses and two ula_prefix addresses. I don't know why I have to have a link local address, two ula_prefix addresses, and two public addresses. Tracking down a single device at home is easy given I only have four, two windows 10 and two android. When I had stateful setup at home my computers only got 1 IPv6 address each. However my android devices did not get any IPv6 addresses because android doesn't support DHCPv6.
I have stateful DHCP setup at work. If each computer at work gets multiple IPv6 addresses it would make it difficult to track down an individual computer. Also one piece of critical software does not properly support IPv6. It works but only on stateful installations. Multiple IPv6 addresses confuse the software. There is an open bug report about this issue but given it has been open for almost 2 years I am not confident they are going to fix it soon. They didn't even want to support IPv6 in the first place, it just started kinda working after an update two years ago. We discovered IPv6 support for the software by accident. The company doesn't officially support IPv6.
Well, of course that makes it hard to deploy IPv6 but has nothing really to do with DHCPv6, it's just that their particular brokenness doesn't show up on DHCPv6 in your environment, but you could easily have a similar piece of server software that only accepts SLAAC because it's broken too...
The fact is, in IPv6 it's totally normal and needs to be expected that machines have multiple IPv6 addresses available to them. Any machine can, if it hears a prefix on the wire, just generate a random number and make itself an IPv6 address that it "statically" assigns, and it can do this thousands of times a second for the rest of your life and there won't be collisions. Sure, your firewall could be set up to exclude any non-DHCPv6 addresses but you'll find that's not viable long term most likely. There's no need to advertise two ula prefixes though, you should figure out why you have two, and turn off advertisement of one of them.
Although many people don't really understand this, IP addresses don't identify machines they identify services they are essentially an endpoint for packets to arrive at or come from. This can even be true in ipv4, for example google's 8.8.8.8 DNS server isn't one enormous beefy machine hidden in a bunker in a hillside somewhere, it's probably 2,000 different machines spread around the world.
If you want to track down an individual computer based on say log files that contain an IPv6 address you ping that address and then "ip -6 neigh" and grep for the address to find the MAC (listed as lladr in the output). If it doesn't respond to ping, there are other methods as well. None of it is any more or less reliable than tracking down ipv4 machines.
You must have Link Locals and the Public IPs, you can remove the ULA. See RFC 3513.
You should complain to the software's developer.
Odd, you didn't receive a Link-Local address or stateless?
This is probably because that network only had DHCPv6 running (without RA/stateless).
If you used all of your /48, any computer would be harder to find. A /48 possesses 2^80 IP addresses...IPv6 was designed to be used with AAAA records for such purposes (in fact, using a seperate hostname for each service you wish to access). IPv6 was designed to heavily use hostnames, not IPs. See: RFC 4472.
I have found ULA config in /etc/config/network and deleted it. After rebooting the router and computer the ULA is gone. I have three public IPv6 addresses, 2 regular, 1 temporary, and 1 link local. With stateful I had one public IPv6 address and 1 link local.
If stateless is supposed to use DNS (dynamic DNS I assume) then Android or LEDE has a problem. Neither of my Android devices show up in LEDE under DHCPv6 leases. Also my windows computers show up with their IP address as their hostname.
@dlakelan
How can a DNS server have multiple random IP address? They have to have a single static IP. Yes I agree that 8.8.8.8 is not one massive computer.
Back in the day when a computer got a virus and started sending spam I had the IP from the firewall logs. I would go to the DNS or DHCP server and lookup that IP and get the hostname. With IPv6 not too many devices have hostnames that make sense. When I look at the IPv4 information Android hostnames make no sense. I can't figure out what device belongs to whom. At least with iPhones I can fix that.
No, the only requirement is that one of the multiple IP addresses it has needs to be the statically assigned one for its DNS server function. It could of course have 2^33 additional addresses if you like.
There's nothing that keeps you from running DHCP and SLAAC together. You just have to set the autoconfig bit in the router advertisements and also turn on a DHCPv6 server. The big reason to use DHCP is for assigning certain fixed IP addresses to certain machines so that those machines can perform services that are advertised through AAAA records as coming from those addresses. In other words, the main "consumer" of DHCPv6 is likely to be servers particularly where you have many similarly configured servers and want to be able to tell them "what to be" from a single source (the DHCP server).
The fact is that in the future you're going to want a crapload of stuff to get on your network without having DHCP issues. That will include android devices, or IP phones or ipv6 enabled thermostats or sprinkler control systems or smart-oscilloscopes or lobby signage machines or printers or smart scanners or security cameras or PA systems or the like. Sure you might well want to have some control over what is allowed on your network. This is what WPA and 802.1x and VLANs and firewalls do for you. DHCP assigning addresses is NOT a form of security though it's often treated like it is. Also, it's not a form of auditability, as there's no reason you can't spoof an IP address. If you need strong auditability you need a network monitoring solution like SNORT or something.
I think @dlakelan covered a lot...
In addition...
I never said that. Also 'Dynamic DNS' is not the technology you're alluding to here. I think you want DHCPv6 to add hostnames automatically to your local DNS. Since odhcpd and dnsmasq are different softwares, that's not possible through automatic means at this time.
If you want easy refrence for IPv6 devices, you add an AAAA records for the PERMANENT IP address.
As I noted, you need the Link Local...and in this case...you do.
I receive a:
- ULA
- Link Local
- Global Temporary (THIS IS AN IPv6 privacy address, only available with stateless configurations and enabling privacy on the client)
- Global Permanent
So...seems about right to me.
Easy, just like an IPv4 DNS server can have multiple address.
Indeed, by default every LEDE router does DNS and has 3 ip addresses:
127.0.0.1
Something associated with the WAN
192.168.0.1 associated with the LAN
There's really no reason you can't also add say 192.168.0.254 on the same box and provide say a monitoring interface there, like netdata....
an IP address is a Layer 3 concept, it is a way of identifying how to route a packet and who should respond to that packet. There's no reason a single device can't respond to packets destined for multiple IPs.
But beyond that, there's no reason why you can't have many devices responding to packets for the same IP, you just need an additional way to load-balance. 8.8.8.8 is a good example, but if you have a datacenter and want to have www.mycompany.com be load balanced across 10 servers... you can put the IPv6 you're publishing for www.mycompany.com on all 10 servers, and then put a load-balancing switch out in front, and have it remember that flows from client A go to port 1 and flows from client B go to port 33 etc so again, many machines one IP. The IP identifies the website service, not a machine.
1 Like