odhcpd
odhcpd copied to clipboard
openwrt
relay mode does not work
The relay mode does not work on my OpenWRT router. Devices on LAN can get inet6 addr but are unable to ping any public ipv6 address. By Googling odhcpcd and ipv6 relay, I find many similar problems but no one of them are solved. Therefore I think they are due to the bug of odhcpd rather than the configuration problem.
I think issue 15 and 25 are about the same problem but it is closed without actually solving it. I am glad to provide packet capture and other debug information if the developer is still interesting in solving this problem.
Hi I am back.
I made two pcaps. You can download them from https://onedrive.live.com/redir?resid=B1ADCE2F515F326%21336.
- The pcap on my own laptop (running linux) when I try to after I plug in the Ethernet cable to show the environment of our university. I found that M=O=0 in this pcap, which means that our university uses SLAAC to assign ipv6 address. So I disable dhcpv6 in the second pcap. The MAC address of my laptop is
80:fa:5b:0d:80:e9in this pcap. - The pcap on the openwrt router running odhcpc when a client (running windows) connects to the router through WiFi. odhcpc is running in the relay mode. The WAN of router (eth0.2) is able to get its ipv6 address and works correctly. The client can get its ipv6 address but ping to
2001:4860:4860::8888(google dns) timeout (packet no 3649 and later). The pcap is generated bytcpdump -n -i any -vv -w xxxx.pcap. I am not familiar with the relay protocol so I cannot find the problem here.
Let me know if you need additional information.
Client information (ipconfig after connecting to the WiFi):
Wireless LAN adapter WLAN:
Connection-specific DNS Suffix . : lan
IPv6 Address. . . . . . . . . . . : 2402:f000:5:8401:fcd9:efd1:887d:4b56
Link-local IPv6 Address . . . . . : fe80::fcd9:efd1:887d:4b56%4
IPv4 Address. . . . . . . . . . . : 192.168.1.190
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::6eb0:ceff:fe11:57b2%4
192.168.1.1
My /etc/config/dhcp:
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 disabled
option ra relay
option ndp relay
config dhcp wan6
option dhcpv6 disabled
option ra relay
option ndp relay
option master 1
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
router information:
root@WNDR4300:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 1e:4c:98:92:98:de brd ff:ff:ff:ff:ff:ff
inet6 fe80::1c4c:98ff:fe92:98de/64 scope link
valid_lft forever preferred_lft forever
3: ip6tnl0: <NOARP> mtu 1452 qdisc noop state DOWN group default
link/tunnel6 :: brd ::
4: sit0: <NOARP> mtu 1480 qdisc noop state DOWN group default
link/sit 0.0.0.0 brd 0.0.0.0
5: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
link/ether 2a:99:5f:8d:4e:06 brd ff:ff:ff:ff:ff:ff
6: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
link/ether 7e:b6:2f:02:3e:b6 brd ff:ff:ff:ff:ff:ff
7: gre0: <NOARP> mtu 1476 qdisc noop state DOWN group default
link/gre 0.0.0.0 brd 0.0.0.0
8: gretap0: <BROADCAST,MULTICAST> mtu 1476 qdisc noop state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
9: ip6gre0: <NOARP> mtu 1448 qdisc noop state DOWN group default
link/gre6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
10: ipddp0: <BROADCAST,MULTICAST,NOARP> mtu 585 qdisc noop state DOWN group default qlen 1000
link/ip/ddp 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
11: teql0: <NOARP> mtu 1500 qdisc noop state DOWN group default qlen 100
link/void
19: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 6c:b0:ce:11:57:b2 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 2402:f000:5:8401:6eb0:ceff:fe11:57b3/64 scope global dynamic
valid_lft 2591902sec preferred_lft 604702sec
inet6 fda0:52f6:20cb::1/60 scope global
valid_lft forever preferred_lft forever
inet6 fe80::6eb0:ceff:fe11:57b2/64 scope link
valid_lft forever preferred_lft forever
20: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default
link/ether 1e:4c:98:92:98:de brd ff:ff:ff:ff:ff:ff
21: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 6c:b0:ce:11:57:b3 brd ff:ff:ff:ff:ff:ff
inet 183.173.144.118/21 brd 183.173.151.255 scope global eth0.2
valid_lft forever preferred_lft forever
inet6 2402:f000:5:8401:6eb0:ceff:fe11:57b3/64 scope global dynamic
valid_lft 2591902sec preferred_lft 604702sec
inet6 fe80::6eb0:ceff:fe11:57b3/64 scope link
valid_lft forever preferred_lft forever
22: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP group default qlen 1000
link/ether 6c:b0:ce:11:57:b4 brd ff:ff:ff:ff:ff:ff
inet6 fe80::6eb0:ceff:fe11:57b4/64 scope link
valid_lft forever preferred_lft forever
23: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP group default qlen 1000
link/ether 6c:b0:ce:11:57:b2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::6eb0:ceff:fe11:57b2/64 scope link
valid_lft forever preferred_lft forever
Same problem here. It's a 4MB TP-Link MR-13U so no iproute2 and no tcpdump. (Argh!)
/etc/config/dhcp:
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option filterwin2k '1'
option notinterface eth0
config dhcp 'lan'
option interface 'lan'
option leasetime '12h'
option start '1'
option limit '253'
option ra 'relay'
option ndp 'relay'
option dhcpv6 'relay'
config dhcp 'wan6'
option interface 'wan'
option ra 'relay'
option ndp 'relay'
option dhcpv6 'relay'
option master '1'
config dhcp 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
ifconfig on router:
root@dorm-gateway:/etc/config# ifconfig
br-lan Link encap:Ethernet HWaddr 14:CF:92:C7:C1:3C
inet addr:172.16.144.254 Bcast:172.16.144.255 Mask:255.255.255.0
inet6 addr: fdb8:1b93:b960::1/64 Scope:Global
inet6 addr: fe80::16cf:92ff:fec7:c13c/64 Scope:Link
inet6 addr: 2001:250:4000:8138:16cf:92ff:fec7:c13c/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60525 errors:0 dropped:0 overruns:0 frame:0
TX packets:59684 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10018837 (9.5 MiB) TX bytes:37493175 (35.7 MiB)
eth0 Link encap:Ethernet HWaddr 14:CF:92:C7:C1:3C
inet addr:222.20.101.197 Bcast:222.20.101.255 Mask:255.255.255.0
inet6 addr: fe80::16cf:92ff:fec7:c13c/64 Scope:Link
inet6 addr: 2001:250:4000:8138:16cf:92ff:fec7:c13c/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:130445 errors:0 dropped:8 overruns:0 frame:0
TX packets:55875 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:44997783 (42.9 MiB) TX bytes:10494035 (10.0 MiB)
Interrupt:4
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1384 errors:0 dropped:0 overruns:0 frame:0
TX packets:1384 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:105858 (103.3 KiB) TX bytes:105858 (103.3 KiB)
wlan0 Link encap:Ethernet HWaddr 14:CF:92:C7:C1:3C
inet6 addr: fe80::16cf:92ff:fec7:c13c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60855 errors:0 dropped:0 overruns:0 frame:0
TX packets:56043 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10919230 (10.4 MiB) TX bytes:36370304 (34.6 MiB)
ip addr show wlan0 on my laptop:
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 44:85:00:01:7f:25 brd ff:ff:ff:ff:ff:ff
inet 172.16.144.185/24 brd 172.16.144.255 scope global wlan0
valid_lft forever preferred_lft forever
inet6 2001:250:4000:8138:14de:fff8:dc84:5a44/64 scope global temporary dynamic
valid_lft 602274sec preferred_lft 83274sec
inet6 2001:250:4000:8138:4685:ff:fe01:7f25/64 scope global mngtmpaddr dynamic
valid_lft 2591750sec preferred_lft 604550sec
inet6 fe80::4685:ff:fe01:7f25/64 scope link
valid_lft forever preferred_lft forever
Plus, I have these kernel params set, to let system use tempaddr by default (hiding MAC address from the IPv6 world):
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.eth0.use_tempaddr = 2
net.ipv6.conf.wlan0.use_tempaddr = 2
By examining route -A inet6 on router, there are only lines destinated to my mngtmpaddr address (ending with 7f25), no relevant lines related to my temporary address (ending with 5a44), or there is such line with a wrong "Interface" field (eth0, should be br-lan). By doing ping6 <my-temporary-address> -I br-lan on router I can get IPv6 connectivity, but not long after stopping pinging. So I think this problem is due to IPv6 Privacy Extension.
I have noticed somethine interesting and hope it may help.
My laptop has gotten ipv6 address with configuration of @zhou13 . but I could not ping a server at out side of router. but after I ping the server on the router, I could also ping it at my laptop.
I'm not familiar with ipv6 protocal, so I could not explain it. But I hope it could help solving the problem.
@zhou13 @hexchain maybe you could try to test it in your environment.
@sbyx Thanks for your great job.
This behavior is normal as the it does not involve relay operation.
In my environment, the laptop and router can ping each other but laptop cannot ping a global IP address.
I notice that there are no router solicitation in WAN in the relay mode when laptop is connected. Maybe that is the reason that the up link does not make the proper router decision?
On Tue, Mar 17, 2015 at 4:14 PM, huiyiqun [email protected] wrote:
I have noticed somethine interesting and hope it may help.
My laptop has gotten ipv6 address with configuration of @zhou13 https://github.com/zhou13 . but I could not ping a server at out side of router. but after I ping the server on the router, I could also ping it at my laptop.
I'm not familiar with ipv6 protocal, so I could not explain it. But I hope it could help solving the problem.
@zhou13 https://github.com/zhou13 @hexchain https://github.com/hexchain maybe you could try to test it in your environment.
@sbyx https://github.com/sbyx Thanks for your great job.
— Reply to this email directly or view it on GitHub https://github.com/sbyx/odhcpd/issues/37#issuecomment-82195881.
@zhou13 I see the exact same thing: all my machines on the LAN have routable IPv6 addresses (derived from the one I get from my ISP) but from the LAN I cannot reach the WAN.
Which version are you using? OpenWRT uses an outdated version of odhcpd that has an issue with ndp relay. See https://dev.openwrt.org/ticket/18341
@SebastianS90 I'm using the official version (2014-08-23-24452e1e3e9adfd9d8e183db1aa589f77727f5a7). I'm considering updating the version.
I experience the same issue running openwrt trunk (own compilation) on x86 and wdr3800. Clients all get ipv6 global addresses but cannot ping past the router.
One element I should add is that for some reason after turning relay on, both lan and wan interfaces in openwrt get the SAME ipv6 global address. Without relaying, the lan interface obviously does not get any. Maybe the wan and lan getting the same ipv6 address is part of the relaying magic (@sbyx could you let me know?).
I have enables forwarding of ICMPv6 router-advertisment and neighbour-advertisment from wan to lan which is disabled by default in Openwrt but this did not help. @sbyx if you could confirm the rules required for INPUT from wan and FORWARD from wan to lan that could rule out firewall configuration issues.
Configuration is correct as per below:
config dhcp 'lan' option interface 'lan' option leasetime '36h' option start '100' option limit '150' option ra 'relay' option ndp 'relay' option dhcpv6 'relay'
config dhcp 'wan6' option interface 'wan' option ra 'relay' option ndp 'relay' option dhcpv6 'relay' option master '1'
Hi, I'm using OpenWrt Chaos Calmer 15.05 / LuCI (git-15.248.30277-3836b45) my config is:
cat /etc/config/dhcp ..... config dhcp 'lan' option interface 'lan' option start '100' option limit '150' option leasetime '12h' option ra 'relay' option dhcpv6 'relay' option ndp 'relay'
config dhcp 'wan6' option master '1' option interface 'wan' option ra 'relay' option ndp 'relay' option dhcpvp6 'relay' .....
From SSH into the router ping6 works fine ping6 google.com PING google.com (2800:3f0:4004:801::1003): 56 data bytes 64 bytes from 2800:3f0:4004:801::1003: seq=0 ttl=56 time=69.824 ms
My laptops get valid global IPv6 address from relay, but routing is not working. ping6 google.com PING google.com (2800:3f0:4004:801::1005): 56 data bytes ^C --- google.com ping statistics --- 19 packets transmitted, 0 packets received, 100% packet loss
Could you share your firewall config? The icmpv6 lines are relevant.
(sent from iphone)
On 04 Nov 2015, at 13:00, Murilo Pontes [email protected] wrote:
Hi, I'm using OpenWrt Chaos Calmer 15.05 / LuCI (git-15.248.30277-3836b45) my config is:
cat /etc/config/dhcp ..... config dhcp 'lan' option interface 'lan' option start '100' option limit '150' option leasetime '12h' option ra 'hybrid' option dhcpv6 'hybrid' option ndp 'hybrid'
config dhcp 'wan6' option master '1' option interface 'wan6' option ra 'relay' option ndp 'relay' option dhcpvp6 'relay' .....
From SSH into the router ping6 works fine ping6 google.com PING google.com (2800:3f0:4004:801::1003): 56 data bytes 64 bytes from 2800:3f0:4004:801::1003: seq=0 ttl=56 time=69.824 ms
My laptops get valid global IPv6 address from relay, but routing is not working. ping6 google.com PING google.com (2800:3f0:4004:801::1005): 56 data bytes ^C --- google.com ping statistics --- 19 packets transmitted, 0 packets received, 100% packet loss
— Reply to this email directly or view it on GitHub.
Hi @zcecc22
cat /etc/config/firewall
config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4'
config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT'
config rule option name 'Allow-IGMP' option src 'wan' option proto 'igmp' option family 'ipv4' option target 'ACCEPT'
config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option src_ip 'fe80::/10' option src_port '547' option dest_ip 'fe80::/10' option dest_port '546' option family 'ipv6' option target 'ACCEPT'
config rule option name 'Allow-MLD' option src 'wan' option proto 'icmp' option src_ip 'fe80::/10' list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family 'ipv6' option target 'ACCEPT'
config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT'
config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT'
config rule option src 'wan' option dest 'lan' option proto 'esp' option target 'ACCEPT'
config rule option src 'wan' option dest 'lan' option dest_port '500' option proto 'udp' option target 'ACCEPT'
config defaults option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT'
config zone option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' option network 'lan'
config zone option name 'wan' option output 'ACCEPT' option input 'ACCEPT' option forward 'ACCEPT' option masq '1' option mtu_fix '1' option network 'wan wwan6 wwan ipv4wifi ipv6 WAN wan6'
config forwarding option src 'lan' option dest 'wan'
config include option path '/etc/firewall.user'
In my case, adding the following rules to Allow-ICMPv6-Forward was required:
list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement'
BR, Vincent
(sent from iphone)
On 07 Nov 2015, at 14:52, Murilo Pontes [email protected] wrote:
Hi @zcecc22
cat /etc/config/firewall
config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4'
config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT'
config rule option name 'Allow-IGMP' option src 'wan' option proto 'igmp' option family 'ipv4' option target 'ACCEPT'
config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option src_ip 'fe80::/10' option src_port '547' option dest_ip 'fe80::/10' option dest_port '546' option family 'ipv6' option target 'ACCEPT'
config rule option name 'Allow-MLD' option src 'wan' option proto 'icmp' option src_ip 'fe80::/10' list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family 'ipv6' option target 'ACCEPT'
config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT'
config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT'
config rule option src 'wan' option dest 'lan' option proto 'esp' option target 'ACCEPT'
config rule option src 'wan' option dest 'lan' option dest_port '500' option proto 'udp' option target 'ACCEPT'
config defaults option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT'
config zone option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' option network 'lan'
config zone option name 'wan' option output 'ACCEPT' option input 'ACCEPT' option forward 'ACCEPT' option masq '1' option mtu_fix '1' option network 'wan wwan6 wwan ipv4wifi ipv6 WAN wan6'
config forwarding option src 'lan' option dest 'wan'
config include option path '/etc/firewall.user'
— Reply to this email directly or view it on GitHub.
Hi @zcecc22 , I'm experiencing the same problem, adding those rules does not solve it. Is anyway I can debug it to see if it's firewall issue?
It seems that upstream router just ignores all the neighbor advertisement my router sends...When I ping a computer in my LAN from a remote server, I get the following on my router:
00:55:14.453214 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) 2001:da8:207:e132::1 > ff02::1:ff02:f47c: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2001:da8:207:e132:3602:86ff:fe02:f47c 00:55:14.454657 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 8) 2001:da8:207:e132:286:33ff:fe50:53c6 > 2001:da8:207:e132:3602:86ff:fe02:f47c: [icmp6 sum ok] ICMP6, echo request, seq 0 00:55:14.454687 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 8) 2001:da8:207:e132:286:33ff:fe50:53c6 > 2001:da8:207:e132:3602:86ff:fe02:f47c: [icmp6 sum ok] ICMP6, echo request, seq 0 00:55:14.457539 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 8) 2001:da8:207:e132:3602:86ff:fe02:f47c > 2001:da8:207:e132:286:33ff:fe50:53c6: [icmp6 sum ok] ICMP6, echo reply, seq 0 00:55:14.457577 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 8) 2001:da8:207:e132:3602:86ff:fe02:f47c > 2001:da8:207:e132:286:33ff:fe50:53c6: [icmp6 sum ok] ICMP6, echo reply, seq 0 00:55:14.581173 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) 2001:da8:207:e132:286:33ff:fe50:53c6 > 2001:da8:207:e132::1: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:da8:207:e132:3602:86ff:fe02:f47c, Flags [solicited]
But no echo reply is routed here..
I finally made clients get IPv6 addresses in relay mode. However after any client finishes dhcpv6 requests, the router is unable to make IPv6 connections any more. And no clients can make IPv6 connections either. :cry:
I've encountered similar issue under SLAAC netowork, after observing the packets on br-lan and iface of wan, I noticed that the router only queried iface of wan about LAN device's address (neighbor solicitation), but not to br-lan. This means the router could not discover the LAN device on br-lan.
So I checked the README and added:
config dhcp 'lan'
option ndproxy_slave '1'
After restarting odhcpd and reconnect LAN devices, everything just works.
However I still have no idea what external slave is. Maybe it is an necessary option, yet we neglect it because we don't understand the terminology.
I have the same problem that I'm able to get an ipv6 address but cannot access to ipv6. Is there any solution?
Same problem here root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq option domainneeded '1' option boguspriv '1' option filterwin2k '0' option localise_queries '1' option rebind_protection '1' option rebind_localhost '1' option local '/lan/' option domain 'lan' option expandhosts '1' option nonegcache '0' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.auto' option localservice '1'
config dhcp 'lan' option interface 'lan' option start '100' option limit '150' option leasetime '12h' option ra 'relay' option dhcpv6 'relay' option ndp 'relay' option ndproxy_slave '1'
config dhcp 'wan' option interface 'wan' option ignore '1'
config dhcp wan6 option dhcpv6 relay option ra relay option ndp relay option master 1
config odhcpd 'odhcpd' option maindhcp '0' option leasefile '/tmp/hosts/odhcpd' option leasetrigger '/usr/sbin/odhcpd-update'
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0'
config globals 'globals'
config interface 'lan' option ifname 'eth1' option force_link '1' option type 'bridge' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.0.1' option igmp_snooping '1' option ip6assign '64'
config interface 'wan' option ifname 'eth0' option proto 'dhcp' option hostname 'Lenovo' option macaddr '68:f7:28:6f:c9:ee'
config interface 'wan6' option ifname 'eth0' option proto 'dhcpv6' option reqaddress 'try' option reqprefix 'auto'
config switch option name 'switch0' option reset '1' option enable_vlan '1'
config switch_vlan option device 'switch0' option vlan '1' option ports '0 1 2 3 4'
root@OpenWrt:~# cat /etc/config/firewall
config defaults option syn_flood '1' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT'
config zone option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' option network 'lan'
config zone option name 'wan' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1' option network 'wan wan6'
config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4'
config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT'
config rule option name 'Allow-IGMP' option src 'wan' option proto 'igmp' option family 'ipv4' option target 'ACCEPT'
config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option src_ip 'fe80::/10' option src_port '547' option dest_ip 'fe80::/10' option dest_port '546' option family 'ipv6' option target 'ACCEPT'
config rule option name 'Allow-MLD' option src 'wan' option proto 'icmp' option src_ip 'fe80::/10' list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family 'ipv6' option target 'ACCEPT'
config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT'
config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT'
config include option path '/etc/firewall.user'
config rule option src 'wan' option dest 'lan' option proto 'esp' option target 'ACCEPT'
config rule option src 'wan' option dest 'lan' option dest_port '500' option proto 'udp' option target 'ACCEPT'
config redirect option enabled '1' option target 'DNAT' option src 'wan' option dest 'lan' option proto 'tcp' option src_dport '22' option dest_ip '192.168.0.245' option dest_port '22' option name '22'
config rule option target 'ACCEPT' option name 'IGMP TV' option proto 'igmp' option src 'wan' option dest '*'
config rule option enabled '1' option target 'ACCEPT' option name 'IPVT multicast' option proto 'udp' option src 'wan' option dest 'lan' option dest_ip '224.0.0.0/4' option family 'ipv4'
config forwarding option dest 'wan' option src 'lan'
Linux OpenWrt 3.18.23 #1 Sun Jan 31 18:39:35 CET 2016 mips GNU/Linux
root@OpenWrt:~# ifconfig
br-lan Link encap:Ethernet HWaddr 30:B5:C2:C0:C5:A4
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: 2001:67c:1220:c1a3:6af7:28ff:fe6f:c9ee/64 Scope:Global
inet6 addr: fe80::32b5:c2ff:fec0:c5a4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3356 errors:0 dropped:0 overruns:0 frame:0
TX packets:3293 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:738660 (721.3 KiB) TX bytes:1178727 (1.1 MiB)
eth0 Link encap:Ethernet HWaddr 68:F7:28:6F:C9:EE
inet addr:147.229.220.110 Bcast:147.229.223.255 Mask:255.255.252.0
inet6 addr: 2001:67c:1220:c1a3:6af7:28ff:fe6f:c9ee/64 Scope:Global
inet6 addr: fe80::6af7:28ff:fe6f:c9ee/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28308 errors:0 dropped:13 overruns:0 frame:0
TX packets:3795 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4398832 (4.1 MiB) TX bytes:864020 (843.7 KiB)
Interrupt:4
eth1 Link encap:Ethernet HWaddr 30:B5:C2:C0:C5:A4
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:5
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:427 errors:0 dropped:0 overruns:0 frame:0
TX packets:427 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:38347 (37.4 KiB) TX bytes:38347 (37.4 KiB)
wlan0 Link encap:Ethernet HWaddr 30:B5:C2:C0:C5:A4
inet6 addr: fe80::32b5:c2ff:fec0:c5a4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3447 errors:0 dropped:0 overruns:0 frame:0
TX packets:3128 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:795903 (777.2 KiB) TX bytes:1229653 (1.1 MiB)
root@OpenWrt:~# ping6 google.com PING google.com (2a00:1450:4014:80d::200e): 56 data bytes 64 bytes from 2a00:1450:4014:80d::200e: seq=0 ttl=55 time=12.744 ms 64 bytes from 2a00:1450:4014:80d::200e: seq=1 ttl=55 time=12.661 ms ^C
[john@localhost ~] $ ping6 2001:67c:1220:c1a3:6af7:28ff:fe6f:c9ee PING 2001:67c:1220:c1a3:6af7:28ff:fe6f:c9ee(2001:67c:1220:c1a3:6af7:28ff:fe6f:c9ee) 56 data bytes 64 bytes from 2001:67c:1220:c1a3:6af7:28ff:fe6f:c9ee: icmp_seq=1 ttl=64 time=2.51 ms
[john@localhost ~] $ ping6 google.com PING google.com(prg03s06-in-x0e.1e100.net (2a00:1450:4014:80d::200e)) 56 data bytes ^C --- google.com ping statistics --- 8 packets transmitted, 0 received, 100% packet loss, time 7202ms
please help
I tried lede 17.01.2 , still broken.
On terça, 19/09/2017, 21:46 Stijn Tintel [email protected] wrote:
@JohnyGemityg https://github.com/johnygemityg please try LEDE 17.01.2.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/openwrt/odhcpd/issues/37#issuecomment-330668525, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAWXXKaHgN6M2SXwgCPyTZuHrea6qzxks5skCg9gaJpZM4DnsWz .
@murix Then try a snapshot from master, and if it still doesn't work, make sure your ISP router actually supports DHCPv6 relay, by running tcpdump on the wan interface of the LEDE device. The ISP router at my parents' place in Belgium does not support it, it silently ignores the DHCPv6 relay packets.
Instead, I am using just ndp and ra relay:
config dhcp 'lan'
option interface 'lan'
option ignore '0'
option start '100'
option limit '100'
option dhcpv6 'disabled'
option ndp 'relay'
option ra 'relay'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option dhcpv6 'disabled'
option ndp 'relay'
option ra 'relay'
option master '1'
Not ideal, as this is similar to proxy ARP, which imo is just nasty, but in my case it's the only option.
@stintel I tried nightly build but still no result. IPv6 for downstream is broken. I can't able downstream ipv6 like ipv4. I deployed up to nine levels of Nat with IPv4.
@murix Log an issue in flyspray (https://bugs.lede-project.org/) if this is not working on Lede snapshot. As a prerequisite to investigate the issue following info is required (take https://bugs.lede-project.org/index.php?do=details&task_id=595 as example): -the network and dhcp config -the setup clearly documenting the devices in use and their IPv6 addresses -contents of IPv6 routing table -odhcpd traces (set odhcpd loglevel to 7)
It works now. It looks like the problem was that the config should not be just in wan6 section but also in wan section.
My current config.
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option dhcpv6 'disabled'
option ndp 'relay'
option ra 'relay'
option master '1'
config dhcp 'wan6'
option dhcpv6 'disabled'
option ra 'relay'
option ndp 'relay'
option master '1'
Small advice. After router reboot I have to reconnect lan interface (in Luci) to get an IPv6 address for router and then for PC.
Thank you @stintel for a hint ;)
Thanks dude @JohnyGemityg , but setting dhcpv6 to 'disabled' in wan6 will cause router having no v6 address. Set it back to relay makes it perfect.
It works now. It looks like the problem was that the config should not be just in wan6 section but also in wan section.
Works for me to only use the wan section. The wan6 section wasn't there by default, but was mentioned in the wiki (https://openwrt.org/docs/user-guide/basic-ipv6-configuration#router_advertisement_dhcpv6 just updated).
No problem with dhcpv6 relay with my upstream router (SpeedPort W921V), I do get an IPv6 addresses (SLAAC) without DHCPv6 though.
It seems that DHCPv6 is needed to get an ULA address and a ULA IPv6 address for OpenWrt's DNS server. (not working after reboot)
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option dhcpv6 'relay'
option ndp 'relay'
option ra 'relay'
option master '1'
# no wan6 section
