Re: Openbsd 5.7: IPv6 autoconf not working

2015-08-19 Thread Giancarlo Razzolini 
Em 18-08-2015 23:34, Alexandre Westfahl escreveu:
 6c00  0020 3aff fe80   

     0001 ff02   

     0001 8600 fa6d 40c0 0708

      0101 fc48 efc3 41fe

  0501   05dc

This seems odd to me. It looks like the packet is mangled. I can see the
multicast address, the link-local address. But I don't see any valid
global prefixes. Check your card and cables?

 I have on my settings sheet the DNS and the prefix I'm delegated.

You know if this router advertises the DNS through SLAAC? It doesn't
seem to be the case.

 I tried wide dhcpv6 and it works but I would like if possible to go without
 it.
 The modem brand is Huawei but i don't have the model here.

I have a huawei here, and it works both through SLAAC and DHCPv6. But,
there is a catch. My ISP can remotely configure which LAN ports works
and which doesn't. In mine, only the 3 first ethernet ports work, the
remaining doesn't. Check if you're using the first port, try changing
them. And ask your provider to enable the other ports if it doesn't.

Cheers,
Giancarlo Razzolini

Re: Openbsd 5.7: IPv6 autoconf not working

2015-08-19 Thread Alexandre Westfahl 
On Wed, Aug 19, 2015 at 10:54 PM, Giancarlo Razzolini grazzol...@gmail.com
wrote:

 Em 18-08-2015 23:34, Alexandre Westfahl escreveu:
  6c00  0020 3aff fe80   
 
      0001 ff02   
 
      0001 8600 fa6d 40c0 0708
 
       0101 fc48 efc3 41fe
 
   0501   05dc

 This seems odd to me. It looks like the packet is mangled. I can see the
 multicast address, the link-local address. But I don't see any valid
 global prefixes. Check your card and cables?

 ​My card and cable are doing well since I have no problem on IPv4 and
IPv6
works if I use wide DHCPv6.
​


  I have on my settings sheet the DNS and the prefix I'm delegated.

 You know if this router advertises the DNS through SLAAC? It doesn't
 seem to be the case.

 ​it doesn't seems to but ​

​I have the information so I can set it in resolv.conf if needed.
​

  I tried wide dhcpv6 and it works but I would like if possible to go
 without
  it.
  The modem brand is Huawei but i don't have the model here.

 I have a huawei here, and it works both through SLAAC and DHCPv6. But,
 there is a catch. My ISP can remotely configure which LAN ports works
 and which doesn't. In mine, only the 3 first ethernet ports work, the
 remaining doesn't. Check if you're using the first port, try changing
 them. And ask your provider to enable the other ports if it doesn't.

 ​The first port is the main one I have to use according to their request
so the port is not faulty. I'm starting to think that they have a
implemented advertisement system which makes dhcpv6 compulsory...​


​Thanks,
Alex​

Cheers,
 Giancarlo Razzolini

Re: Openbsd 5.7: IPv6 autoconf not working

2015-08-18 Thread Martin Pieuchot 
On 18/08/15(Tue) 10:41, Alexandre Westfahl wrote:
 ​Hi,
 
 Thank you for your explanations.
 I activated debug but don't get any output​ anywhere. Since I couldn't find
  anything, I tried a global grep but without success (cat /var/log/* |grep
 inet6 and ipv6).
 
 Since my tcpdump result are not changed, it means I have to install
 dhcpv6client? I need the wide one or another one?

No idea, maybe someone else can share her/his experience.

M.

Re: Openbsd 5.7: IPv6 autoconf not working

2015-08-18 Thread Giancarlo Razzolini 
Em 17-08-2015 22:41, Alexandre Westfahl escreveu:
 I activated debug but don't get any output​ anywhere. Since I couldn't
find
  anything, I tried a global grep but without success (cat /var/log/* |grep
 inet6 and ipv6).

Kernel messages will appear on /var/log/messages, IIRC. And on dmesg and
on the console. So I guess that, if there was any, you'd see them.


 Since my tcpdump result are not changed, it means I have to install
 dhcpv6client? I need the wide one or another one?

Can you try to capture the whole packet? Try setting a snaplen of 1500.
I believe it is too early to give up on SLAAC. But you might need DHCPv6
anyway, if your router don't advertise the dns servers. See if you ain't
getting malformed packets from the router, or if it's advertising, but
with no actual prefixes/routes. Per RFC 7084 [0], a router should stop
advertising when it doesn't have global IPv6 connectivity. But, not
every manufacturer is fond of RFC's.

Cheers,
Giancarlo Razzolini

[0] https://tools.ietf.org/html/rfc7084

Re: Openbsd 5.7: IPv6 autoconf not working

2015-08-18 Thread Alexandre Westfahl 
@Michael: I deactivate PF to make my tests (I want to have IPv6 working
before I think of fw rules)

@Giancarlo: yes, I have no log even with debug

Please find below the new tcpdump:

11:25:26.017135 fe80::200:24ff:fed1:86bc  ff02::2: icmp6: router
solicitation (src lladdr: 00:00:24:d1:86:bc) [icmp6 cksum ok] (len 16, hlim
255)

 6000  0010 3aff fe80   

 0200 24ff fed1 86bc ff02   

    0002 8500 2413  

 0101  24d1 86bc

11:25:26.031216 fe80::1  ff02::1: icmp6: router advertisement(chlim=64, MO
router_ltime=1800, reachable_time=0, retrans_time=0)(src lladdr:
fc:48:ef:c3:41:fe)(mtu: mtu=1500) [icmp6 cksum ok] [class 0xc0] (len 32,
hlim 255)

 6c00  0020 3aff fe80   

    0001 ff02   

    0001 8600 fa6d 40c0 0708

     0101 fc48 efc3 41fe

 0501   05dc

11:26:00.025990 fe80::1  ff02::1: icmp6: router advertisement(chlim=64, MO
router_ltime=1800, reachable_time=0, retrans_time=0)(src lladdr:
fc:48:ef:c3:41:fe)(mtu: mtu=1500) [icmp6 cksum ok] [class 0xc0] (len 32,
hlim 255)

 6c00  0020 3aff fe80   

    0001 ff02   

    0001 8600 fa6d 40c0 0708

     0101 fc48 efc3 41fe

 0501   05dc

11:26:04.025295 fe80::1  ff02::1: icmp6: router advertisement(chlim=64, MO
router_ltime=1800, reachable_time=0, retrans_time=0)(src lladdr:
fc:48:ef:c3:41:fe)(mtu: mtu=1500) [icmp6 cksum ok] [class 0xc0] (len 32,
hlim 255)

 6c00  0020 3aff fe80   

    0001 ff02   

    0001 8600 fa6d 40c0 0708

     0101 fc48 efc3 41fe

 0501   05dc

11:26:26.016515 fe80::200:24ff:fed1:86bc  ff02::2: icmp6: router
solicitation (src lladdr: 00:00:24:d1:86:bc) [icmp6 cksum ok] (len 16, hlim
255)

 6000  0010 3aff fe80   

 0200 24ff fed1 86bc ff02   

    0002 8500 2413  

 0101  24d1 86bc

11:26:26.022949 fe80::1  ff02::1: icmp6: router advertisement(chlim=64, MO
router_ltime=1800, reachable_time=0, retrans_time=0)(src lladdr:
fc:48:ef:c3:41:fe)(mtu: mtu=1500) [icmp6 cksum ok] [class 0xc0] (len 32,
hlim 255)

 6c00  0020 3aff fe80   

    0001 ff02   

    0001 8600 fa6d 40c0 0708

     0101 fc48 efc3 41fe

 0501   05dc




Can you try to capture the whole packet? Try setting a snaplen of 1500. I
 believe it is too early to give up on SLAAC. But you might need DHCPv6
 anyway, if your router don't advertise the dns servers. See if you ain't
 getting malformed packets from the router, or if it's advertising, but with
 no actual prefixes/routes. Per RFC 7084 [0], a router should stop
 advertising when it doesn't have global IPv6 connectivity. But, not every
 manufacturer is fond of RFC's.


I have on my settings sheet the DNS and the prefix I'm delegated.
I tried wide dhcpv6 and it works but I would like if possible to go without
it.
The modem brand is Huawei but i don't have the model here.

Thanks,
Alex





On Wed, Aug 19, 2015 at 2:26 AM, Giancarlo Razzolini grazzol...@gmail.com
wrote:

 Em 17-08-2015 22:41, Alexandre Westfahl escreveu:

 I activated debug but don't get any output​ anywhere. Since I
couldn't find
  anything, I tried a global grep but without success (cat */var/log/**
|grep
 inet6 and ipv6).


 Kernel messages will appear on /var/log/messages, IIRC. And on dmesg and
 on the console. So I guess that, if there was any, you'd see them.


 Since my tcpdump result are not changed, it means I have to install
 dhcpv6client? I need the wide one or another one?


 Can you try to capture the whole packet? Try setting a snaplen of 1500. I
 believe it is too early to give up on SLAAC. But you might need DHCPv6
 anyway, if your router don't advertise the dns servers. See if you ain't
 getting malformed packets from the router, or if it's advertising, but with
 no actual prefixes/routes. Per RFC 7084 [0], a router should stop
 advertising when it doesn't have global IPv6 connectivity. But, not every
 manufacturer is fond of RFC's.

 Cheers,
 Giancarlo Razzolini

 [0] https://tools.ietf.org/html/rfc7084

Re: Openbsd 5.7: IPv6 autoconf not working

2015-08-18 Thread Michael McConville 
Alexandre Westfahl wrote:
 I have a problem with IPv6, I'm not getting public IP but router
 advertisement/solicitations are being exchanged.

Are you sure pf isn't interfering? What does your pf.conf look like?
I've had that problem in the past with IPv6.

Re: Openbsd 5.7: IPv6 autoconf not working

2015-08-17 Thread Martin Pieuchot 
On 17/08/15(Mon) 15:55, Alexandre Westfahl wrote:
 Hello,
 
 I have a problem with IPv6, I'm not getting public IP but router
 advertisement/solicitations are being exchanged.
 
 ​
 ​
 ​My interface has following configuration:
 ​
 
 # ifconfig em0
 em0: flags=208843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,*AUTOCONF6* mtu
 1500
 lladdr 00:0*86:bc
 priority: 0
 groups: egress
 media: Ethernet 1000baseT (1000baseT full-duplex)
 status: active
 inet 118.192 netmask 0xff80 broadcast 118.*255
 
 *inet6* fe80::200:24**86bc%em0 prefixlen 64 scopeid 0x1
 ​
 
 
 
 ​and ​
 tcpdump gives below output:

Are you stripping NDP options (prefix info) from this output?  If not,
you can try bumping net.inet6.icmp6.nd6_debug and see if you get any
useful info in syslog.

 tcpdump -vvnli em0 icmp6
 
 05:09:27.184840 fe80::1  ff02::1: icmp6: router advertisement(chlim=64, MO
  ^^
Otherwise it might be that your router only sends you advertisement to
tell you to use DHCPv6.

 router_ltime=1800, reachable_time=0, retrans_time=0)(src lladdr:
 fc:48:ef:c3:41:fe)(mtu: mtu=1500) [icmp6 cksum ok] [class 0xc0] (len 32,
 hlim 255)

Re: Openbsd 5.7: IPv6 autoconf not working

2015-08-17 Thread Alexandre Westfahl 
​Hi,

Thank you for your explanations.
I activated debug but don't get any output​ anywhere. Since I couldn't find
 anything, I tried a global grep but without success (cat /var/log/* |grep
inet6 and ipv6).

Since my tcpdump result are not changed, it means I have to install
dhcpv6client? I need the wide one or another one?

Thanks,
Alex

On Mon, Aug 17, 2015 at 11:23 PM, Martin Pieuchot m...@openbsd.org wrote:

 On 17/08/15(Mon) 21:42, Alexandre Westfahl wrote:
  Hi Martin,
 
  It's just an ifconfig with char replacement with *. Is NDP available in
  5.7?

 Sorry if I was unclear, I was talking about the tcpdump output.  For
 example:

 15:56:41.186643 fe80::ce05:23ff:feac:4e39  ff02::1: icmp6: router
 advertisement(chlim=255, O router_ltime=1800, reachable_time=0,
 retrans_time=0)(prefix info: LA valid_ltime=7200, preferred_ltime=3600,
 prefix=fd00::/64)[ndp opt] (len 88, hlim 255)

 See the [ndp opt] part?  That means that the output of this RA is
 truncated.
 In your dump there's a MTU and a Source lladdr option:

 router_ltime=1800, reachable_time=0, retrans_time=0)(src lladdr:
 fc:48:ef:c3:41:fe)(mtu: mtu=1500) [icmp6 cksum ok] [class 0xc0] (len 32,
 hlim 255)

 So I justed wanted to know if you edited the output or not :)

  For the router part, I have in tcpdump advertisement and sollicitation so
  it should work out of the box no? I also disabled pf to be sure there is
 no
  impact.

 Did you increase net.inet6.icmp6.nd6_debug and see if you've got any
 error?  What do you mean for the router part?  Are you configuring the
  router sending advertisements too?

 My guess is that your router does not include any prefix information in
 it's advertisement which would explain why you do not get any address.
 This is coherent why the 'M' bit set in the advertisement which indicates
 that address configuration should be retrieve via a stateful protocol
 (DHCPv6).

 Martin

Re: Openbsd 5.7: IPv6 autoconf not working

2015-08-17 Thread Martin Pieuchot 
On 17/08/15(Mon) 21:42, Alexandre Westfahl wrote:
 Hi Martin,
 
 It's just an ifconfig with char replacement with *. Is NDP available in
 5.7?

Sorry if I was unclear, I was talking about the tcpdump output.  For
example:

15:56:41.186643 fe80::ce05:23ff:feac:4e39  ff02::1: icmp6: router 
advertisement(chlim=255, O router_ltime=1800, reachable_time=0, 
retrans_time=0)(prefix info: LA valid_ltime=7200, preferred_ltime=3600, 
prefix=fd00::/64)[ndp opt] (len 88, hlim 255)

See the [ndp opt] part?  That means that the output of this RA is truncated.
In your dump there's a MTU and a Source lladdr option:

router_ltime=1800, reachable_time=0, retrans_time=0)(src lladdr:
fc:48:ef:c3:41:fe)(mtu: mtu=1500) [icmp6 cksum ok] [class 0xc0] (len 32,
hlim 255)

So I justed wanted to know if you edited the output or not :)

 For the router part, I have in tcpdump advertisement and sollicitation so
 it should work out of the box no? I also disabled pf to be sure there is no
 impact.

Did you increase net.inet6.icmp6.nd6_debug and see if you've got any
error?  What do you mean for the router part?  Are you configuring the
 router sending advertisements too?

My guess is that your router does not include any prefix information in
it's advertisement which would explain why you do not get any address.
This is coherent why the 'M' bit set in the advertisement which indicates
that address configuration should be retrieve via a stateful protocol
(DHCPv6).

Martin

Re: Openbsd 5.7: IPv6 autoconf not working

2015-08-17 Thread Alexandre Westfahl 
Hi Martin,

It's just an ifconfig with char replacement with *. Is NDP available in
5.7?

For the router part, I have in tcpdump advertisement and sollicitation so
it should work out of the box no? I also disabled pf to be sure there is no
impact.

Alex

On Mon, Aug 17, 2015 at 6:31 PM, Martin Pieuchot m...@openbsd.org wrote:

 On 17/08/15(Mon) 15:55, Alexandre Westfahl wrote:
  Hello,
 
  I have a problem with IPv6, I'm not getting public IP but router
  advertisement/solicitations are being exchanged.
 
  ​
  ​
  ​My interface has following configuration:
  ​
 
  # ifconfig em0
  em0: flags=208843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,*AUTOCONF6* mtu
  1500
  lladdr 00:0*86:bc
  priority: 0
  groups: egress
  media: Ethernet 1000baseT (1000baseT full-duplex)
  status: active
  inet 118.192 netmask 0xff80 broadcast
 118.*255
 
  *inet6* fe80::200:24**86bc%em0 prefixlen 64 scopeid 0x1
  ​
 
 
 
  ​and ​
  tcpdump gives below output:

 Are you stripping NDP options (prefix info) from this output?  If not,
 you can try bumping net.inet6.icmp6.nd6_debug and see if you get any
 useful info in syslog.

  tcpdump -vvnli em0 icmp6
 
  05:09:27.184840 fe80::1  ff02::1: icmp6: router advertisement(chlim=64,
 MO

 ^^
 Otherwise it might be that your router only sends you advertisement to
 tell you to use DHCPv6.

  router_ltime=1800, reachable_time=0, retrans_time=0)(src lladdr:
  fc:48:ef:c3:41:fe)(mtu: mtu=1500) [icmp6 cksum ok] [class 0xc0] (len 32,
  hlim 255)

Re: Openbsd 5.7: IPv6 autoconf not working

2015-08-17 Thread Stefan Sperling 
On Mon, Aug 17, 2015 at 03:55:09PM +0900, Alexandre Westfahl wrote:
 Hello,
 
 I have a problem with IPv6, I'm not getting public IP but router
 advertisement/solicitations are being exchanged.

I believe your problem is that OpenBSD 5.7 does not accept router
advertisements (RA) if IPv6 forwarding is enabled. Do you have IPv6
forwarding enabled?

Before 5.7, acceptance of RA was controlled by a single flag which
affected all interfaces. So accepting RA on a router was dangerous
since RAs are not authenticated and change the routing tables.

OpenBSD 5.7 moved to a AUTOCONF6 flag per interface.
The second change you need, which is to accept RA with forwarding
enabled, was committed after 5.7. So please try again with a -current
snapshot which at the moment is pretty close to what 5.8 will be.

Re: Openbsd 5.7: IPv6 autoconf not working

2015-08-17 Thread Alexandre Westfahl 
Hello,

Forwarding is not enabled, I have the following sysctl extract:
# sysctl  |grep inet6
net.inet6.ip6.forwarding=0
net.inet6.ip6.redirect=0
net.inet6.ip6.hlim=64
net.inet6.ip6.mrtproto=103
net.inet6.ip6.maxfragpackets=200
net.inet6.ip6.log_interval=5
net.inet6.ip6.hdrnestlimit=10
net.inet6.ip6.dad_count=1
net.inet6.ip6.auto_flowlabel=1
net.inet6.ip6.defmcasthlim=1
net.inet6.ip6.use_deprecated=1
net.inet6.ip6.rr_prune=5
net.inet6.ip6.v6only=1
net.inet6.ip6.maxfrags=200
net.inet6.ip6.mforwarding=0
net.inet6.ip6.multipath=0
net.inet6.ip6.multicast_mtudisc=0
net.inet6.ip6.neighborgcthresh=2048
net.inet6.ip6.maxifprefixes=16
net.inet6.ip6.maxifdefrouters=16
net.inet6.ip6.maxdynroutes=4096
net.inet6.ip6.dad_pending=0
net.inet6.ip6.mtudisctimeout=600
net.inet6.ip6.ifq.len=0
net.inet6.ip6.ifq.maxlen=256
net.inet6.ip6.ifq.drops=0
net.inet6.icmp6.redirtimeout=600
net.inet6.icmp6.nd6_prune=1
net.inet6.icmp6.nd6_delay=5
net.inet6.icmp6.nd6_umaxtries=3
net.inet6.icmp6.nd6_mmaxtries=3
net.inet6.icmp6.errppslimit=100
net.inet6.icmp6.nd6_maxnudhint=0
net.inet6.icmp6.mtudisc_hiwat=1280
net.inet6.icmp6.mtudisc_lowat=256
net.inet6.icmp6.nd6_debug=0
net.inet6.divert.recvspace=65636
net.inet6.divert.sendspace=65636

Thanks,
Alex

On Mon, Aug 17, 2015 at 4:15 PM, Stefan Sperling s...@stsp.name wrote:

 On Mon, Aug 17, 2015 at 03:55:09PM +0900, Alexandre Westfahl wrote:
  Hello,
 
  I have a problem with IPv6, I'm not getting public IP but router
  advertisement/solicitations are being exchanged.

 I believe your problem is that OpenBSD 5.7 does not accept router
 advertisements (RA) if IPv6 forwarding is enabled. Do you have IPv6
 forwarding enabled?

 Before 5.7, acceptance of RA was controlled by a single flag which
 affected all interfaces. So accepting RA on a router was dangerous
 since RAs are not authenticated and change the routing tables.

 OpenBSD 5.7 moved to a AUTOCONF6 flag per interface.
 The second change you need, which is to accept RA with forwarding
 enabled, was committed after 5.7. So please try again with a -current
 snapshot which at the moment is pretty close to what 5.8 will be.