Stateful IPv6 broken on LEDE 17.01.2 - stateless functional

Hi guys,

I've just switched from OpenWRT Chaos Calmer to LEDE 17.01.2 (yay for frequent updates!!), and in the process IPv6 has imploded. With Chaos Calmer, I had stateful DHCPv6 working, and devices assigned addresses by the router from my /48 block. However, in LEDE 17, IPv6 only seems to work when it's set to stateless. I've tried hybrid, server and relay mode, and with anything but server mode and stateless I get no IPv6 addresses on the clients.

I have followed the configuration here to no avail. The router gets a v6 IP, but nothing more.

I suspected that something my ISP has done has broken v6, though they claim nothing's changed their end.

I was getting

A default route is present but there is no public prefix on br-lan thus we don't announce a default route!

in the system log, though that seems to have vanished now. I noticed too that one of the compile-time options for dnsmasq is no-DHCPv6.

My /etc/config/network looks like this:

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd64:xxx:xxx::/48'

config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '10.0.0.1'

config interface 'wan'
option ifname 'eth0.2'
option _orig_ifname 'eth0.2'
option _orig_bridge 'false'
option proto 'pppoe'
option username 'xxx'
option password 'xxx'
option ipv6 'auto'

config interface 'wan6'
option proto 'dhcpv6'
option _orig_ifname 'eth0.2'
option _orig_bridge 'false'
option ifname '@wan'
option reqaddress 'try'
option reqprefix 'auto'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 5t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 5t'

and /etc/config/dhcp:

config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'

config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '1h'
option dhcpv6 'server'
option ra 'server'
option ra_management '2'

config dhcp 'wan'
option interface 'wan'
option ignore '1'

config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'

br-lan looks like this:

br-lan Link encap:Ethernet HWaddr 64:70:02:40:8F:DA
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fd64:xxx:xxx::1/60 Scope:Global
inet6 addr: 2a02:xxx:xxx::1/60 Scope:Global
inet6 addr: fe80::6670:2ff:fe40:8fda/64 Scope:Link

and pppoe-wan:

pppoe-wan Link encap:Point-to-Point Protocol
inet addr:82.xx.xx.xx P-t-P:xxx Mask:255.255.255.255
inet6 addr: fe80::1/10 Scope:Link
inet6 addr: 2a02:xxxx:xxxx:7::1/64 Scope:Global

On a client Mac:

 en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether a4:5e:60:da:9c:93
inet6 fe80::188b:294e:9490:cea9%en0 prefixlen 64 secured scopeid 0x4
inet6 2a02:xxxx:xxxx::1081:612d:b52e:5f5a prefixlen 64 autoconf secured
inet6 2a02:xxxx:xxxx::d1b:c02a:6715:f854 prefixlen 64 autoconf temporary
inet6 fd64:xxxx:xxxx::140f:d90c:7384:5142 prefixlen 64 autoconf secured
inet6 fd64:xxxx:xxxx::24e8:b9be:5b6a:f932 prefixlen 64 autoconf temporary
inet 10.0.0.213 netmask 0xffffff00 broadcast 10.0.0.255

I'm experienced with v4, but v6 is fairly new to me. Any pointers would be much appreciated.

Many thanks!

I've done a bit more debugging with Wireshark, and it appears when stateful is set and macOS sends out a router solicitation, the router replies shortly after with a packet whose flags have the managed address configuration bit set - which presumably is correct. It replies with a few other things such as DNS address, and MTU size, but never replies with an address for the client... Hopefully that sheds a bit more light on the situation and someone can point me in the right direction!

Set ipv6 to 1 iso auto for the wan interface config as auto will create a dynamic interface wan_6 meaning you will have 2 DHCPv6 clients running (wan6 and wan_6).
This can cause problems; therefore set ipv6 to 1 so only one DHCPv6 client is active started by the wan6 interface.
Also display the output of ifstatus wan6 if you still have issues.

Hi Dedeckeh, thanks for your reply! I set the wan interface (which is PPPoE) to "option ipv6 1" and no IPv6 address is obtained by the router at all. Only by setting it to auto do I get a v6 address on the router.

Removing "option ipv6 'auto'" from the wan section, and putting it in the wan6 section instead still results in no v6 IP on the router or elsewhere.

I have discovered by deleting the wan6 interface entirely, I do get a v6 address on the PPPoE link, but again nothing on the clients except a Raspberry Pi, which gets a stateful address from the router. However, no Macs, iPhones or Win 7 devices do.

ifstatus wan6 prior to deletion:

root@LEDE:~# ifstatus wan6
{
	"up": false,
	"pending": true,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"proto": "dhcpv6",
	"device": "eth0.2",
	"data": {
		
	}
}

wan_6:

root@LEDE:~# ifstatus wan_6
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": true,
"uptime": 434,
"l3_device": "pppoe-wan",
"proto": "dhcpv6",
"device": "pppoe-wan",
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [

],
"ipv6-address": [
{
"address": "2a02:xxxx:xxxx:7::1",
"mask": 64,
"preferred": 1711,
"valid": 17911
}
],
"ipv6-prefix": [
{
"address": "2a02:xxxx:xxxx::",
"mask": 48,
"class": "wan_6",
"assigned": {
"lan": {
"address": "2a02:xxxx:xxxx::",
"mask": 60
}
}
}
],
"ipv6-prefix-assignment": [

],
"route": [
{
"target": "2a02:xxxx:xxxx:7::",
"mask": 64,
"nexthop": "::",
"metric": 256,
"valid": 17911,
"source": "::/0"
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::d2f0:dbff:fe6c:e000",
"metric": 512,
"valid": 1111,
"source": "2a02:xxxx:xxxx::/48"
},
{
"target": "::",
"mask": 0,
"nexthop": "fe80::d2f0:dbff:fe6c:e000",
"metric": 512,
"valid": 1111,
"source": "2a02:xxxx:xxxx:7::1/64"
}
],
"dns-server": [

],
"dns-search": [

],
"inactive": {
"ipv4-address": [

  ],
  "ipv6-address": [
  	
  ],
  "route": [
  	
  ],
  "dns-server": [
  	"2a02:xxxx:1::212:23:3:100"
  ],
  "dns-search": [
  	
  ]

},
"data": {
"passthru": "001700102a0280xxxxxxxxxxx"
}
}

After setting option ipv6 to 1 did you do a network reload ?

Further in your config you need to set ra_management to 0 in the dhcp lan config; setting the value to 2 results into the autonomous bit not being set in the ra prefix option. As such devices not supporting statefull DHCPv6 are unable to do stateless autoconfiguration for the received public prefix in the RA message.

Unfortunately this still isn't working, Including with Dedckeh's help. Even more strangely, it appears devices connected to the router's built-in wireless do get a stateful v6 IP. Which implies to me there's something being ditched by the firewall. ...but if that was the case, why would a Pi be able to get an address over Ethernet? Perhaps a different advertisement port that's permitted through the firewall? No idea.

With manual wan6 setup - with DHCPv6 - I get the same symptoms as the auto-setup.

I've fixed the problem! It turned out to be a Time Capsule downstream of the LEDE router was blocking IPv6 broadcasts - but nothing else IPv6 or v4 related - despite being setup as a dumb AP. I reset the TC and now everything gets a stateful IP. Really weird. Thanks for your help Dedeckeh on this one sorry to be leading you up the wrong path.