#17992: IPv6 with IPv6-PD does not work on BB-RC3/CC
-------------------------+-----------------------------------
Reporter: jostein | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone: Barrier Breaker 14.07
Component: base system | Version: Barrier Breaker 14.07
Keywords: |
-------------------------+-----------------------------------
I was running an earlier trunk-version of BB (from may?) where 6relayd was
an option to get IPv6 with ISP-provided prefix delegation working.
After updating to BB-RC3 (and also trying in trunk/CC), where 6relayd has
been "deprecated" in favour of odhcpd, I can't get IPv6 working at all.
I've also modified my /etc/config/network according to the guides here:
http://wiki.openwrt.org/doc/uci/network6#native.ipv6.connection
There is a multitude of failures across the line, and I'm certain they're
linked somehow, but I'm not sure where to start.
I've tried the most basic test there is:
{{{
root@OpenWrt:~# ping6 www.google.com
PING www.google.com (2a00:1450:4010:c04::63): 56 data bytes
ping6: sendto: Operation not permitted
}}}
In the overview of the Luci Web-UI, the "wan" interface has an IPv4
address, while the "wan6" interface is listed as "not connected" in the
overview.
Checking the interfaces section lists the "wan" interface as having both a
IPv4 and a IPv6 address, while the "wan6" interface has an blank/zeroed
MAC address and no IP addresses at all.
Checking my interfaces in the shell confirms I have been assigned at least
a IPv6 address:
{{{
root@OpenWrt:~# ifconfig
br-lan Link encap:Ethernet HWaddr 00:24:A5:D8:7D:37
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::224:a5ff:fed8:7d37/64 Scope:Link
inet6 addr: 2a02:fe0:c310:830::1/60 Scope:Global
inet6 addr: fddd:9c60:e47d::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:67715 errors:0 dropped:0 overruns:0 frame:0
TX packets:74617 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8280689 (7.8 MiB) TX bytes:52801652 (50.3 MiB)
eth0 Link encap:Ethernet HWaddr 00:24:A5:D8:7D:37
inet6 addr: fe80::224:a5ff:fed8:7d37/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:69961 errors:0 dropped:0 overruns:2396 frame:0
TX packets:74690 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9696995 (9.2 MiB) TX bytes:53107697 (50.6 MiB)
Interrupt:4
eth0.1 Link encap:Ethernet HWaddr 00:24:A5:D8:7D:37
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:69882 errors:0 dropped:0 overruns:0 frame:0
TX packets:74670 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8428090 (8.0 MiB) TX bytes:52806170 (50.3 MiB)
eth1 Link encap:Ethernet HWaddr 00:24:A5:D8:7D:38
inet addr:84.215.73.196 Bcast:84.215.127.255
Mask:255.255.192.0
inet6 addr: fe80::224:a5ff:fed8:7d38/64 Scope:Link
inet6 addr: 2a02:fe0:c300:1:3d44:9a12:dcc8:89dd/128 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:74101 errors:0 dropped:0 overruns:0 frame:0
TX packets:53694 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:50643643 (48.2 MiB) TX bytes:7408853 (7.0 MiB)
Interrupt:5
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:213 errors:0 dropped:0 overruns:0 frame:0
TX packets:213 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16496 (16.1 KiB) TX bytes:16496 (16.1 KiB)
}}}
So I have been assigned at least one IPv6 address.
Checking the logical interfaces manually yields information conflicting
with what Luci reports: It says "wan" has an IPv4 address, while "wan6"
has an IPv6 address (as expected):
{{{
root@OpenWrt:~# ifstatus wan
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"uptime": 6660,
"l3_device": "eth1",
"proto": "dhcp",
"device": "eth1",
"updated": [
"addresses",
"routes"
],
"metric": 0,
"delegation": true,
"ipv4-address": [
{
"address": "84.215.73.196",
"mask": 18
}
],
"ipv6-address": [
],
"ipv6-prefix": [
],
"ipv6-prefix-assignment": [
],
"route": [
{
"target": "0.0.0.0",
"mask": 0,
"nexthop": "84.215.64.1",
"source": "0.0.0.0\/0"
}
],
"dns-server": [
"84.208.20.110",
"84.208.20.111"
],
"dns-search": [
"getinternet.no"
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
]
},
"data": {
}
}
root@OpenWrt:~# ifstatus wan6
{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"uptime": 6676,
"l3_device": "eth1",
"proto": "dhcpv6",
"device": "eth1",
"updated": [
"addresses",
"prefixes",
"data"
],
"metric": 0,
"delegation": true,
"ipv4-address": [
],
"ipv6-address": [
{
"address": "2a02:fe0:c300:1:3d44:9a12:dcc8:89dd",
"mask": 128,
"preferred": 598124,
"valid": 1202924
}
],
"ipv6-prefix": [
{
"address": "2a02:fe0:c310:830::",
"mask": 60,
"preferred": 598124,
"valid": 1202924,
"class": "wan6",
"assigned": {
"lan": {
"address": "2a02:fe0:c310:830::",
"mask": 60
}
}
}
],
"ipv6-prefix-assignment": [
],
"route": [
],
"dns-server": [
"2a02:fe0:1:2:1:0:1:110",
"2a02:fe0:1:2:1:0:1:111"
],
"dns-search": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
]
},
"data": {
"passthru":
"001700202a020fe00001000200010000000101102a020fe0000100020001000000010111"
}
}
}}}
As can be seen there, it even lists my IPv6 subnet-prefix!
That doesn't seem to ''translate'' into any advertised routes though:
{{{
root@OpenWrt:~# route -A inet6
Kernel IPv6 routing table
Destination Next Hop
Flags Metric Ref Use Iface
2a02:fe0:c310:830::/64 ::
U 1024 0 0 br-lan
fddd:9c60:e47d::/64 ::
U 1024 0 0 br-lan
fe80::/64 ::
U 256 0 0 eth0
fe80::/64 ::
U 256 0 0 br-lan
fe80::/64 ::
U 256 0 0 eth1
::1/128 ::
U 0 0 1 lo
2a02:fe0:c300:1:3d44:9a12:dcc8:89dd/128 ::
U 0 3 1 lo
2a02:fe0:c310:830::/128 ::
U 0 0 1 lo
2a02:fe0:c310:830::1/128 ::
U 0 2 1 lo
fddd:9c60:e47d::/128 ::
U 0 0 1 lo
fddd:9c60:e47d::1/128 ::
U 0 2 1 lo
fe80::/128 ::
U 0 0 1 lo
fe80::/128 ::
U 0 0 1 lo
fe80::/128 ::
U 0 0 1 lo
fe80::224:a5ff:fed8:7d37/128 ::
U 0 2 1 lo
fe80::224:a5ff:fed8:7d37/128 ::
U 0 0 1 lo
fe80::224:a5ff:fed8:7d38/128 ::
U 0 4 1 lo
ff02::1/128 ::
UC 0 1 0 br-lan
ff02::c/128 ::
UC 0 5016 0 br-lan
ff00::/8 ::
U 256 0 0 eth0
ff00::/8 ::
U 256 0 2 br-lan
ff00::/8 ::
U 256 0 0 eth1
}}}
As far as I can tell, no default route has been added nor advertised.
Checking the logs for any activity from odchpd doesn't really yield much
information either:
{{{
root@OpenWrt:~# logread | grep odhcpd
Sat Sep 27 11:30:19 2014 daemon.info dnsmasq[1749]: read /tmp/hosts/odhcpd
- 0 addresses
Sat Sep 27 11:56:41 2014 daemon.warn odhcpd[1909]: DHCPV6 REBIND IA_NA
from 000100011aa3810f54ae2798e681 on br-lan: ok
Sat Sep 27 11:56:42 2014 daemon.warn odhcpd[1909]: DHCPV6 SOLICIT IA_NA
from 000100011aa3810f54ae2798e681 on br-lan: ok 2a02:fe0:c310:830::3af/128
fddd:9c60:e47d::3af/128
Sat Sep 27 11:56:43 2014 daemon.warn odhcpd[1909]: DHCPV6 REQUEST IA_NA
from 000100011aa3810f54ae2798e681 on br-lan: ok 2a02:fe0:c310:830::3af/128
fddd:9c60:e47d::3af/128
}}}
Not sure what the normal or "expected" log-data for this daemon should be
though.
I've tried flushing iptables and doing a ping. The result is the same.
ip6tables doesn't seem to have much of a ruleset anyway:
{{{
root@OpenWrt:~# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
delegate_input all anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
delegate_forward all anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
delegate_output all anywhere anywhere
Chain MINIUPNPD (0 references)
target prot opt source destination
Chain delegate_forward (1 references)
target prot opt source destination
forwarding_rule all anywhere anywhere /*
user chain for forwarding */
ACCEPT all anywhere anywhere ctstate
RELATED,ESTABLISHED
zone_lan_forward all anywhere anywhere
zone_wan6_forward all anywhere anywhere
reject all anywhere anywhere
Chain delegate_input (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere
input_rule all anywhere anywhere /* user
chain for input */
ACCEPT all anywhere anywhere ctstate
RELATED,ESTABLISHED
syn_flood tcp anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/SYN
zone_lan_input all anywhere anywhere
zone_wan6_input all anywhere anywhere
Chain delegate_output (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere
output_rule all anywhere anywhere /* user
chain for output */
ACCEPT all anywhere anywhere ctstate
RELATED,ESTABLISHED
zone_lan_output all anywhere anywhere
zone_wan6_output all anywhere anywhere
Chain forwarding_lan_rule (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
Chain forwarding_wan6_rule (1 references)
target prot opt source destination
Chain input_lan_rule (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan6_rule (1 references)
target prot opt source destination
Chain output_lan_rule (1 references)
target prot opt source destination
Chain output_rule (1 references)
target prot opt source destination
Chain output_wan6_rule (1 references)
target prot opt source destination
Chain reject (1 references)
target prot opt source destination
REJECT tcp anywhere anywhere reject-with
tcp-reset
REJECT all anywhere anywhere reject-with
icmp6-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
DROP all anywhere anywhere
Chain zone_lan_dest_ACCEPT (3 references)
target prot opt source destination
ACCEPT all anywhere anywhere
Chain zone_lan_forward (1 references)
target prot opt source destination
forwarding_lan_rule all anywhere anywhere /*
user chain for forwarding */
zone_wan6_dest_ACCEPT all anywhere anywhere
/* forwarding lan -> wan6 */
zone_lan_dest_ACCEPT all anywhere anywhere
Chain zone_lan_input (1 references)
target prot opt source destination
input_lan_rule all anywhere anywhere /* user
chain for input */
zone_lan_src_ACCEPT all anywhere anywhere
Chain zone_lan_output (1 references)
target prot opt source destination
output_lan_rule all anywhere anywhere /*
user chain for output */
zone_lan_dest_ACCEPT all anywhere anywhere
Chain zone_lan_src_ACCEPT (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere
Chain zone_wan6_dest_ACCEPT (3 references)
target prot opt source destination
ACCEPT all anywhere anywhere
Chain zone_wan6_forward (1 references)
target prot opt source destination
forwarding_wan6_rule all anywhere anywhere
/* user chain for forwarding */
zone_lan_dest_ACCEPT all anywhere anywhere
/* forwarding wan6 -> lan */
zone_wan6_dest_ACCEPT all anywhere anywhere
Chain zone_wan6_input (1 references)
target prot opt source destination
input_wan6_rule all anywhere anywhere /*
user chain for input */
zone_wan6_src_ACCEPT all anywhere anywhere
Chain zone_wan6_output (1 references)
target prot opt source destination
output_wan6_rule all anywhere anywhere /*
user chain for output */
zone_wan6_dest_ACCEPT all anywhere anywhere
Chain zone_wan6_src_ACCEPT (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere
}}}
Manually resetting the firewall lists a few errors though:
{{{
root@OpenWrt:~# /etc/init.d/firewall restart
Warning: Unable to locate ipset utility, disabling ipset support
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv4 raw table
* Flushing IPv6 filter table
* Flushing IPv6 mangle table
* Flushing IPv6 raw table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Zone 'lan'
* Zone 'wan'
* Zone 'VPN'
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'OpenVPN / HTTPS'
...
* Forward 'lan' -> 'wan'
* Forward 'wan6' -> 'lan'
! Skipping due to different family of zone
* Forward 'lan' -> 'wan6'
! Skipping due to different family of zone
* Forward 'VPN' -> 'lan'
* Forward 'VPN' -> 'wan'
* Forward 'lan' -> 'VPN'
* Forward 'wan' -> 'VPN'
* Populating IPv4 nat table
* Zone 'lan'
* Zone 'wan'
* Zone 'VPN'
...
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Zone 'VPN'
* Populating IPv4 raw table
* Zone 'lan'
* Zone 'wan'
* Zone 'VPN'
* Populating IPv6 filter table
* Zone 'lan'
* Zone 'wan6'
* Rule 'Allow-DHCPv6'
! Skipping due to different family of zone
* Rule 'Allow-ICMPv6-Input'
! Skipping due to different family of zone
* Rule 'Allow-ICMPv6-Forward'
! Skipping due to different family of zone
...
* Forward 'lan' -> 'wan'
! Skipping due to different family of zone
* Forward 'wan6' -> 'lan'
* Forward 'lan' -> 'wan6'
* Forward 'VPN' -> 'lan'
! Skipping due to different family of zone
* Forward 'VPN' -> 'wan'
! Skipping due to different family of zone
* Forward 'lan' -> 'VPN'
! Skipping due to different family of zone
* Forward 'wan' -> 'VPN'
! Skipping due to different family of zone
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan6'
* Populating IPv6 raw table
* Zone 'lan'
* Zone 'wan6'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
* Running script '/usr/share/miniupnpd/firewall.include'
ip6tables: No chain/target/match by that name.
}}}
Is there something more I need to do or install? To me this looks like a
defect in odhcpd, but it's kinda hard to tell.
If needed to further debug this issue, I can provide a tcpdump of the IPv6
negotiation process too. Just let me know.
--
Ticket URL: <https://dev.openwrt.org/ticket/17992>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
