Modify

Opened 6 years ago

Closed 6 years ago

#10678 closed defect (fixed)

native ipv6 static config not working

Reported by: anonymous Owned by: developers
Priority: high Milestone: Bugs Paradise
Component: kernel Version: 10.03.1
Keywords: native, ipv6, static Cc:

Description

i have global addresses set on LAN and WAN:

root@dir825:~# ifconfig br-lan
              inet6 addr: 2a00:e78:xxxxx/64 Scope:Global
              inet6 addr: fe80::218:e7ff:xxxxxx/64 Scope:Link
root@dir825:~# ifconfig eth1
              inet6 addr: 2a00:e78:1:51d:xxxxxxxx/64 Scope:Global
              inet6 addr: fe80::218:e7ff:xxxxxxx/64 Scope:Link

ISP's gateway set:

root@dir825:~# ip -6 route
2000::/3 via 2a00:e78:1:51d::1 dev eth1  metric 1024  mtu 1500 advmss 1440 hoplimit 0

but no traffic:

root@dir825:~# ping6 -c 4 starlink.ru
PING starlink.ru (2a00:e78::7): 56 data bytes

--- starlink.ru ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

something strange:

root@dir825:~# ip -6 neigh
2a00:e78:1:51d::1 dev eth1  FAILED

IPv4 still works flawlessly.

on Backfire 10.03 the same setup worked fine though.

Attachments (0)

Change History (18)

comment:1 Changed 6 years ago by jow

Attach your current /etc/config/network, as well as the output of the routing table.

comment:2 Changed 6 years ago by anonymous

/etc/config/network:

config 'interface' 'loopback'
	option 'ifname' 'lo'
	option 'proto' 'static'
	option 'ipaddr' '127.0.0.1'
	option 'netmask' '255.0.0.0'

config 'interface' 'lan'
	option 'ifname' 'eth0'
	option 'type' 'bridge'
	option 'proto' 'static'
	option 'ipaddr' '192.168.1.1'
	option 'netmask' '255.255.255.0'
	option 'ip6addr' '2a00:e78:4:2::1/64'

config 'interface' 'wan'
	option 'ifname' 'eth1'
	option '_orig_ifname' 'eth1'
	option '_orig_bridge' 'false'
	option 'proto' 'static'
	option 'ipaddr' '77.50.xxx:xxx'
	option 'netmask' '255.255.255.192'
	option 'gateway' '77.50.121.129'
	option 'broadcast' '77.50.121.191'
	option 'dns' '77.50.0.3 77.50.1.3'
	option 'ip6addr' '2a00:e78:1:51d:xxx:xxx:xxx:xxx/64'
	option 'ip6gw' '2a00:e78:1:51d::1'
	option 'macaddr' 'xx:xx:xx:xx:xx:EB'

config 'switch'
	option 'name' 'rtl8366s'
	option 'reset' '1'
	option 'enable_vlan' '1'

config 'switch_vlan'
	option 'device' 'rtl8366s'
	option 'vlan' '1'
	option 'ports' '0 1 2 3 5'

IPv6 routing table:

root@dir825:~# route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
2a00:e78:1:51d::/64                         ::                                      U     256    0        0 eth1    
2a00:e78:4:2::/64                           ::                                      U     256    0        0 br-lan  
fe80::/64                                   ::                                      U     256    0        0 eth0    
fe80::/64                                   ::                                      U     256    0        0 br-lan  
fe80::/64                                   ::                                      U     256    0        0 eth1    
::/0                                        2a00:e78:1:51d::1                       UG    1      4        0 eth1    
::1/128                                     ::                                      U     0      0        1 lo      
2a00:e78:1:51d::/128                        ::                                      U     0      0        1 lo      
2a00:e78:1:51d:xxx:xxx:xxx:xxx/128            ::                                      U     0      10       1 lo      
2a00:e78:4:2::/128                          ::                                      U     0      0        1 lo      
2a00:e78:4:2::1/128                         ::                                      U     0      0        1 lo      
fe80::/128                                  ::                                      U     0      0        1 lo      
fe80::/128                                  ::                                      U     0      0        1 lo      
fe80::218:xxxx:xxxx:xxeb/128                ::                                      U     0      7        1 lo      
fe80::218:xxxx:xxxx:xxec/128                ::                                      U     0      0        1 lo      
ff02::fb/128                                ff02::fb                                UC    0      4        0 br-lan  
ff02::1:ff2c:c77e/128                       ff02::1:ff2c:c77e                       UC    0      3        0 eth1    
ff02::1:ffc0:1235/128                       ff02::1:ffc0:1235                       UC    0      4        0 eth1    
ff02::1:ffff:fffe/128                       ff02::1:ffff:fffe                       UC    0      3        0 eth1    
ff00::/8                                    ::                                      U     256    0        0 eth0    
ff00::/8                                    ::                                      U     256    0        0 br-lan  
ff00::/8                                    ::                                      U     256    0        0 eth1    

comment:3 Changed 6 years ago by anonymous

i don't know what exactly that means but i think it has something to do with the problem:

root@dir825:~# ip -6 neigh show
2a00:e78:1:51d::1 dev eth1  FAILED
fe80::221:1cff:fe93:2c55 dev eth1  FAILED

comment:4 follow-up: Changed 6 years ago by jow

Is ip6tables installed?

comment:5 in reply to: ↑ 4 Changed 6 years ago by anonymous

Replying to jow:

Is ip6tables installed?

yes

comment:6 follow-up: Changed 6 years ago by jow

Do you have appropriate rules to allow ICMPv6 traffic?

comment:7 in reply to: ↑ 6 Changed 6 years ago by anonymous

Replying to jow:

Do you have appropriate rules to allow ICMPv6 traffic?

just default rules:

config 'rule'
	option 'name' 'Allow-DHCPv6'
	option 'src' 'wan'
	option 'proto' 'udp'
	option 'src_ip' 'fe80::/10'
	option 'src_port' '547'
	option 'dest_ip' 'fe80::/10'
	option 'dest_port' '546'
	option 'family' 'ipv6'
	option 'target' 'ACCEPT'

config 'rule'
	option 'name' 'Allow-ICMPv6-Input'
	option 'src' 'wan'
	option 'proto' 'icmp'
	list 'icmp_type' 'echo-request'
	list 'icmp_type' 'destination-unreachable'
	list 'icmp_type' 'packet-too-big'
	list 'icmp_type' 'time-exceeded'
	list 'icmp_type' 'bad-header'
	list 'icmp_type' 'unknown-header-type'
	list 'icmp_type' 'router-solicitation'
	list 'icmp_type' 'neighbour-solicitation'
	option 'limit' '1000/sec'
	option 'family' 'ipv6'
	option 'target' 'ACCEPT'

config 'rule'
	option 'name' 'Allow-ICMPv6-Forward'
	option 'src' 'wan'
	option 'dest' '*'
	option 'proto' 'icmp'
	list 'icmp_type' 'echo-request'
	list 'icmp_type' 'destination-unreachable'
	list 'icmp_type' 'packet-too-big'
	list 'icmp_type' 'time-exceeded'
	list 'icmp_type' 'bad-header'
	list 'icmp_type' 'unknown-header-type'
	option 'limit' '1000/sec'
	option 'family' 'ipv6'
	option 'target' 'ACCEPT'

comment:8 follow-up: Changed 6 years ago by jow

Can you paste the output of "ip6tables -nvL" ?

comment:9 in reply to: ↑ 8 Changed 6 years ago by anonymous

Replying to jow:

Can you paste the output of "ip6tables -nvL" ?

root@dir825:~# ip6tables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      *       ::/0                 ::/0                state INVALID 
    4   608 ACCEPT     all      *      *       ::/0                 ::/0                state RELATED,ESTABLISHED 
    0     0 ACCEPT     all      lo     *       ::/0                 ::/0                
    0     0 syn_flood  tcp      *      *       ::/0                 ::/0                tcp flags:0x17/0x02 
  267 17336 input_rule  all      *      *       ::/0                 ::/0                
  267 17336 input      all      *      *       ::/0                 ::/0                

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      *       ::/0                 ::/0                state INVALID 
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                state RELATED,ESTABLISHED 
    0     0 forwarding_rule  all      *      *       ::/0                 ::/0                
    0     0 forward    all      *      *       ::/0                 ::/0                
    0     0 reject     all      *      *       ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      *       ::/0                 ::/0                state INVALID 
    4   608 ACCEPT     all      *      *       ::/0                 ::/0                state RELATED,ESTABLISHED 
    0     0 ACCEPT     all      *      lo      ::/0                 ::/0                
  412 36480 output_rule  all      *      *       ::/0                 ::/0                
  412 36480 output     all      *      *       ::/0                 ::/0                

Chain forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 zone_lan_forward  all      br-lan *       ::/0                 ::/0                
    0     0 zone_wan_forward  all      eth1   *       ::/0                 ::/0                

Chain forwarding_lan (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain forwarding_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain forwarding_wan (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   37  2120 zone_lan   all      br-lan *       ::/0                 ::/0                
  230 15216 zone_wan   all      eth1   *       ::/0                 ::/0                

Chain input_lan (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain input_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain input_wan (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  412 36480 zone_lan_ACCEPT  all      *      *       ::/0                 ::/0                
  412 36480 zone_wan_ACCEPT  all      *      *       ::/0                 ::/0                

Chain output_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain reject (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     tcp      *      *       ::/0                 ::/0                reject-with tcp-reset 
  174 11184 REJECT     all      *      *       ::/0                 ::/0                reject-with icmp6-port-unreachable 

Chain syn_flood (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     tcp      *      *       ::/0                 ::/0                tcp flags:0x17/0x02 limit: avg 25/sec burst 50 
    0     0 DROP       all      *      *       ::/0                 ::/0                

Chain zone_lan (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   37  2120 input_lan  all      *      *       ::/0                 ::/0                
   37  2120 zone_lan_ACCEPT  all      *      *       ::/0                 ::/0                

Chain zone_lan_ACCEPT (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all      *      br-lan  ::/0                 ::/0                
   37  2120 ACCEPT     all      br-lan *       ::/0                 ::/0                

Chain zone_lan_DROP (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      br-lan  ::/0                 ::/0                
    0     0 DROP       all      br-lan *       ::/0                 ::/0                

Chain zone_lan_REJECT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     all      *      br-lan  ::/0                 ::/0                
    0     0 reject     all      br-lan *       ::/0                 ::/0                

Chain zone_lan_forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 zone_wan_ACCEPT  all      *      *       ::/0                 ::/0                
    0     0 forwarding_lan  all      *      *       ::/0                 ::/0                
    0     0 zone_lan_REJECT  all      *      *       ::/0                 ::/0                

Chain zone_wan (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp      *      *       fe80::/10            fe80::/10           udp spt:547 dpt:546 
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                ipv6-icmp type 128 limit: avg 1000/sec burst 5 
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                ipv6-icmp type 1 limit: avg 1000/sec burst 5 
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                ipv6-icmp type 2 limit: avg 1000/sec burst 5 
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                ipv6-icmp type 3 limit: avg 1000/sec burst 5 
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                ipv6-icmp type 4 code 0 limit: avg 1000/sec burst 5 
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                ipv6-icmp type 4 code 1 limit: avg 1000/sec burst 5 
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                ipv6-icmp type 133 limit: avg 1000/sec burst 5 
   56  4032 ACCEPT     icmpv6    *      *       ::/0                 ::/0                ipv6-icmp type 135 limit: avg 1000/sec burst 5 
    0     0 ACCEPT     2        *      *       ::/0                 ::/0                
  174 11184 input_wan  all      *      *       ::/0                 ::/0                
  174 11184 zone_wan_REJECT  all      *      *       ::/0                 ::/0                

Chain zone_wan_ACCEPT (2 references)
 pkts bytes target     prot opt in     out     source               destination         
  412 36480 ACCEPT     all      *      eth1    ::/0                 ::/0                
    0     0 ACCEPT     all      eth1   *       ::/0                 ::/0                

Chain zone_wan_DROP (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      eth1    ::/0                 ::/0                
    0     0 DROP       all      eth1   *       ::/0                 ::/0                

Chain zone_wan_REJECT (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     all      *      eth1    ::/0                 ::/0                
  174 11184 reject     all      eth1   *       ::/0                 ::/0                

Chain zone_wan_forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                ipv6-icmp type 128 limit: avg 1000/sec burst 5 
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                ipv6-icmp type 1 limit: avg 1000/sec burst 5 
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                ipv6-icmp type 2 limit: avg 1000/sec burst 5 
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                ipv6-icmp type 3 limit: avg 1000/sec burst 5 
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                ipv6-icmp type 4 code 0 limit: avg 1000/sec burst 5 
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                ipv6-icmp type 4 code 1 limit: avg 1000/sec burst 5 
    0     0 forwarding_wan  all      *      *       ::/0                 ::/0                
    0     0 zone_wan_REJECT  all      *      *       ::/0                 ::/0

comment:10 Changed 6 years ago by Roman <nightspotlight@…>

is there a fix available yet?

comment:11 Changed 6 years ago by jow

No since we haven't even identified the problem yet. The configuration is obviously correct.

comment:12 Changed 6 years ago by Roman <nightspotlight@…>

how else can we identify the problem?

i wrote to my ISP tech support, they pinged my router via IPv6 from their "L3 router". pinging my router's WAN interface's link-local address fe80:...:1aeb from their side was successful, but pinging my WAN interface's global IPv6 2a00:e78:1:51d:...131 failed

comment:13 Changed 6 years ago by tomashnyk@…

(BTW: can I register on trac here?)

I think I have the same issue, if I do

ip6tables -F

traffic starts flowing. See also https://forum.openwrt.org/viewtopic.php?id=36877

Does the OP see the same behvaiour?

comment:14 Changed 6 years ago by nbd

  • Resolution set to worksforme
  • Status changed from new to closed

should be fixed in latest trunk

comment:15 Changed 6 years ago by Tomáš Hnyk <tomashnyk@…>

  • Resolution worksforme deleted
  • Status changed from closed to reopened

If I have the same issue as the OP, this is not solved with trunk. I just reflashed a new image and it did not help. Well, I kept my configuration, has there been any changes to default /etc/config/firewall ? In the forum thread I linked to above, we have collected some more debugging info, look at it please.

comment:16 Changed 6 years ago by Tomáš Hnyk <tomashnyk@…>

As suggested by forum user swalker, adding

list icmp_type router-advertisement
list icmp_type neighbour-advertisement

into Allow-ICMPv6-Input rule fixes the issue.

comment:17 Changed 6 years ago by Tomáš Hnyk <tomashnyk@…>

Ha, so it has been included already: /changeset/32127.html

comment:18 Changed 6 years ago by jow

  • Resolution set to fixed
  • Status changed from reopened to closed

See r32127

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.