I have Linksys WRT45GL, running latest version of Backfire (trunk, r29337 few days old).
I have native IPv6 connectivity from my provider (/64 address space), and want to have IPv6 in my network. Between provider and LAN sits the WRT54GL router, having Backfire (trunk r29337 few days old). I have followed the Wiki and forums here to set up IPv6 successfully on LAN and WAN. But the problem I have is that my OpenWRT router does not want to forward IPv6 traffic between LAN and WAN.
When I do "ping6 ipv6.google.com" from PC in LAN, the ping times-out. The problem seems to be that traffic from WAN is not forwarded to LAN. I am attaching the TCPDUMP traffic dump for pinging ipv6.google.com from local PC later on. Please note that IPv4 is working without problems. This topic is only about IPv6 issue.
In WAN, I have static IPv6 address and static gateway. Provider routes me whole /64 address space. Communication from router to WAN (to the internet) works fine. Even pinging the router's from the internet works.
In LAN, I have static IPv6 address, and RADVD is set up to advertise /64 address space given by the provider to local network. I have a Windows client (tested Ubuntu as well, no difference), which configures itself by autoconfiguration. Communication between the client and router works perfectly, but client cannot communicate with the IPv6 internet.
The topology:
<Internet>
|
+-------------------+
| provider's router | ------- 2a00:c500:dead:61 (static address)
+-------------------+ |
| Assigned adress range:
| 2a00:c500:dead:60/60
+-------------------+ |
| eth0.1 --- 2a00:c500:dead:68 (static address)
| my router |
| eth0.0 --- 2a00:c500:dead:68:1 (static adress)
+-------------------+ |
| Advertised address range:
| 2a00:c500:dead:68:/64
+-------------------+ |
| local PC | ------- 2a00:c500:dead:68:5:5:5:5 (autoconfiguration)
+-------------------+
Basic TCPDUMP from the router showing both interfaces (eth0.0 and eth0.1) together. I did "ping ipv6.google.com" on local PC. Router sent out the ICMPv6 PING packet ([1] and [2]). But then provider's router asked for the recipient's address ([3], [4] and [5]), but OpenWRT didn't do nothing with these packets (not forwarded, not responded).
[1] 0.00 eth0.0 local-pc.lan > ipv6.google.com
2a00:c500:dead:68:5:5:5:5 > 2a00:1450:4001:c01::69
ICMPv6 echo request
[2] 0.01 eth0.1 local-pc.lan > ipv6.google.com
2a00:c500:dead:68:5:5:5:5 > 2a00:1450:4001:c01::69
ICMPv6 echo request
[3] 0.10 eth0.1 link-local WAN provider's router > link-local local-pc.lan
fe80::20c:42ff:fe1e:4710 > ff02::1:ff5:5
Neighbor solicitation
[4] 1.10 eth0.1 link-local WAN provider's router > link-local local-pc.lan
fe80::20c:42ff:fe1e:4710 > ff02::1:ff5:5
Neighbor solicitation
[5] 2.10 eth0.1 link-local WAN provider's router > link-local local-pc.lan
fe80::20c:42ff:fe1e:4710 > ff02::1:ff5:5
Neighbor solicitation
Follows the OpenWRT router configuration:
cat /etc/config/network:
#### VLAN configuration
config switch eth0
option enable 1
config switch_vlan eth0_0
option device "eth0"
option vlan 0
option ports "0 1 2 3 5"
config switch_vlan eth0_1
option device "eth0"
option vlan 1
option ports "4 5"
#### Loopback configuration
config interface loopback
option ifname "lo"
option proto static
option ipaddr 127.0.0.1
option netmask 255.0.0.0
#### LAN configuration
config interface lan
option type bridge
option ifname "eth0.0"
option proto static
option ipaddr …
option netmask …
option ip6addr "2a00:c500:dead:68::1/64"
#### WAN configuration
config interface wan
option ifname "eth0.1"
option proto static
option ipaddr …
option netmask …
option gateway …
option dns …
option ip6addr "2a00:c500:dead:68::/60"
option ip6gw "2a00:c500:dead:61::"
cat /etc/config/radvd
config interface
option interface 'lan'
option AdvSendAdvert 1
option AdvManagedFlag 0
option AdvOtherConfigFlag 0
list client ''
option ignore 0
config prefix
option interface 'lan'
list prefix '2a00:c500:dead:68::/64
option AdvOnLink 1
option AdvAutonomous 1
option AdvRouterAddr 0
option ignore 0
config route
option interface 'lan'
list prefix ''
option ignore 0
ip6tables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ip -6 addr:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 fe80::c2c1:c0ff:fe99:235f/64 scope link
valid_lft forever preferred_lft forever
5: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
inet6 2a00:c500:dead:68::/60 scope global
valid_lft forever preferred_lft forever
inet6 fe80::c2c1:c0ff:fe99:235f/64 scope link
valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
inet6 2a00:c500:dead:68::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::c2c1:c0ff:fe99:235f/64 scope link
valid_lft forever preferred_lft forever
ip -6 route:
2a00:c500:dead:68::/64 dev br-lan proto kernel metric 256
2a00:c500:dead:60::/60 dev eth0.1 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256
fe80::/64 dev br-lan proto kernel metric 256
fe80::/64 dev eth0.1 proto kernel metric 256
default via 2a00:c500:dead:61:: dev eth0.1 metric 1
ip -6 neigh:
2a00:c500:dead:61:: dev eth0.1 lladdr 00:0c:42:1e:47:10 router STALE
cat /etc/sysctl.conf:
kernel.panic=3
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.tcp_ecn=0
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=0
net.ipv4.netfilter.ip_conntrack_checksum=0
net.ipv4.netfilter.ip_conntrack_max=16384
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
net.ipv4.netfilter.ip_conntrack_udp_timeout=60
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
net.ipv6.conf.all.forwarding=1
net.netfilter.nf_conntrack_checksum=0
net.netfilter.nf_conntrack_max=16384
net.netfilter.nf_conntrack_tcp_timeout_established=3600
net.netfilter.nf_conntrack_udp_timeout=60
net.netfilter.nf_conntrack_udp_timeout_stream=180
# disable bridge firewalling by default
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-iptables=0
ipconfig on local PC in LAN (Windows):
IP address . . . . . . . . . . . . : 192.168.1.100
Network mask . . . . . . . . . . . : 255.255.255.0
IP address . . . . . . . . . . . . : 2a00:c500:dead:68:5:5:5:5
IP address . . . . . . . . . . . . : fe80::21a:74ff:fe17:1776%5
Default gateway . . . . . . . . . : 192.168.1.1
fe80::c2c1:c0ff:fe99:235f%5
I really appreciate any hint where to go next, because I am totally stuck now. I have found another topics regarding this in the forum, but the solution was nowhere. Thank you in advance for any help.
(Last edited by michal.kocarek on 30 Nov 2011, 03:22)