Modify

Opened 4 years ago

Last modified 4 years ago

#14298 assigned defect

Reconnect and IPv6 privacy extensions brake routing

Reported by: anonymous Owned by: cyrus
Priority: high Milestone: Chaos Calmer 15.05
Component: packages Version: Trunk
Keywords: Cc: cyrus@…

Description

In a case in which a client (Mac OS X) with IPv6 privacy extensions enabled is forced to reconnect, the routing gets broken. One has to restart 6relayed to get the connection working again.

Attachments (1)

capture-ipv6.pcapng.gz (2.9 KB) - added by anonymous 4 years ago.
Wireshark capture from working ping over reconnect to not working ping

Download all attachments as: .zip

Change History (11)

comment:1 Changed 4 years ago by cyrus

Can you elaborate please on what breaks / what is not working as expected.
How does the routing table look on the client after the reconnect?

comment:2 Changed 4 years ago by cyrus

  • Cc cyrus@… added
  • Owner changed from developers to cyrus
  • Status changed from new to assigned

comment:3 Changed 4 years ago by cyrus

If possible please also provide a tcpdump / wireshark dump of the RA / DHCPv6 exchange between the client and OpenWrt when the issue occurs.

comment:4 Changed 4 years ago by anonymous

Has there been made progess on that issue? Because I have the same. The routing is simply not working when the client reconnects. Just use a barebone version of Barrier Braker with 6relayed.

comment:5 Changed 4 years ago by anonymous

Before the restart of 6relayd with the routing not working the table on the client looks like this

default                                 fe80::6670:2ff:fe77:dc62%en1    UGc             en1
::1                                     ::1                             UHL             lo0
2a02:908:ee18:ce01::/64                 link#5                          UC              en1
2a02:908:xxxx:xxxx:xxxx:xxxx:b35e:d00b  xx:xx:xx:xx:xx:82               UHL             lo0
2a02:908:xxxx:xxxx:xxxx:xxxx:fe12:f282  xx:xx:xx:xx:xx:82               UHL             lo0
fd08:fc51:82c9:1d21::/64                fe80::d14c:b680:33a5:f624%utun0 Uc            utun0
fd08:fc51:82c9:1d21:d14c:b680:33a5:f624 link#11                         UHL             lo0
fdde:b557:6018::211:32ff:fe21:7b9       0:11:32:21:7:b9                 UHLI            en0
fe80::%lo0/64                           fe80::1%lo0                     UcI             lo0
fe80::1%lo0                             link#1                          UHLI            lo0
fe80::%en0/64                           link#4                          UCI             en0
fe80::211:32ff:fe21:7b9%en0             0:11:32:21:7:b9                 UHLWI           en0
fe80::215:99ff:fe8b:66f5%en0            link#4                          UHLWIi          en0
fe80::2676:7dff:fe56:b6b9%en0           24:76:7d:56:b6:b9               UHLWIr          en0
fe80::2676:7dff:fe56:b6ba%en0           link#4                          UHLWI           en0
fe80::6670:2ff:fe77:dc62%en0            64:70:2:77:dc:62                UHLWIr          en0
fe80::e2f8:47ff:fe12:f282%en0           e0:f8:47:12:f2:82               UHLWI           en0
fe80::%en1/64                           link#5                          UCI             en1
fe80::211:32ff:fe21:7b9%en1             0:11:32:21:7:b9                 UHLWI           en1
fe80::215:99ff:fe8b:66f5%en1            link#5                          UHLWI           en1
fe80::21c:b3ff:fec4:b819%en1            0:1c:b3:c4:b8:19                UHLWI           en1
fe80::129a:ddff:fe6e:33fd%en1           10:9a:dd:6e:33:fd               UHLWI           en1
fe80::2676:7dff:fe56:b6b9%en1           24:76:7d:56:b6:b9               UHLWIr          en1
fe80::6670:2ff:fe77:dc62%en1            64:70:2:77:dc:62                UHLWIir         en1
fe80::7ed1:c3ff:fef5:8daf%en1           7c:d1:c3:f5:8d:af               UHLWI           en1
fe80::ba8d:12ff:fe13:dfe4%en1           b8:8d:12:13:df:e4               UHLWI           en1
fe80::e2f8:47ff:fe12:f282%en1           e0:f8:47:12:f2:82               UHLI            lo0
fe80::%utun0/64                         fe80::d14c:b680:33a5:f624%utun0 UcI           utun0
fe80::d14c:b680:33a5:f624%utun0         link#11                         UHLI            lo0
ff01::%lo0/32                           ::1                             UmCI            lo0
ff01::%en0/32                           link#4                          UmCI            en0
ff01::%en1/32                           link#5                          UmCI            en1
ff01::%utun0/32                         fe80::d14c:b680:33a5:f624%utun0 UmCI          utun0
ff02::%lo0/32                           ::1                             UmCI            lo0
ff02::%en0/32                           link#4                          UmCI            en0
ff02::%en1/32                           link#5                          UmCI            en1
ff02::%utun0/32                         fe80::d14c:b680:33a5:f624%utun0 UmCI          utun0

On the client the routing table after the restart looks like this

default                                 fe80::6670:2ff:fe77:dc62%en1    UGc             en1
::1                                     ::1                             UHL             lo0
2a02:908:xxxx:xxxx::/64                 link#5                          UC              en1
2a02:908:xxxx:xxxx:xxxx:xxxx:fe77:dc62   xx:xx:xx:xx:dc:62                UHLWIi          en1
2a02:908:xxxx:xxxx:xxxx:xxxx:b35e:d00b  xx:xx:xx:xx:xx:82               UHL             lo0
2a02:908:xxxx:xxxx:xxxx:xxxx:fe12:f282  xx:xx:xx:xx:xx:82               UHL             lo0
fd08:fc51:82c9:1d21::/64                fe80::d14c:b680:33a5:f624%utun0 Uc            utun0
fd08:fc51:82c9:1d21:d14c:b680:33a5:f624 link#11                         UHL             lo0
fdde:b557:6018::211:32ff:fe21:7b9       0:11:32:21:7:b9                 UHLI            en0
fe80::%lo0/64                           fe80::1%lo0                     UcI             lo0
fe80::1%lo0                             link#1                          UHLI            lo0
fe80::%en0/64                           link#4                          UCI             en0
fe80::211:32ff:fe21:7b9%en0             0:11:32:21:7:b9                 UHLWI           en0
fe80::215:99ff:fe8b:66f5%en0            link#4                          UHLWIi          en0
fe80::2676:7dff:fe56:b6b9%en0           24:76:7d:56:b6:b9               UHLWIr          en0
fe80::2676:7dff:fe56:b6ba%en0           link#4                          UHLWI           en0
fe80::6670:2ff:fe77:dc62%en0            64:70:2:77:dc:62                UHLWIr          en0
fe80::e2f8:47ff:fe12:f282%en0           e0:f8:47:12:f2:82               UHLWI           en0
fe80::%en1/64                           link#5                          UCI             en1
fe80::211:32ff:fe21:7b9%en1             0:11:32:21:7:b9                 UHLWI           en1
fe80::215:99ff:fe8b:66f5%en1            link#5                          UHLWI           en1
fe80::21c:b3ff:fec4:b819%en1            0:1c:b3:c4:b8:19                UHLWI           en1
fe80::129a:ddff:fe6e:33fd%en1           10:9a:dd:6e:33:fd               UHLWI           en1
fe80::2676:7dff:fe56:b6b9%en1           24:76:7d:56:b6:b9               UHLWIr          en1
fe80::6670:2ff:fe77:dc62%en1            64:70:2:77:dc:62                UHLWIir         en1
fe80::7ed1:c3ff:fef5:8daf%en1           7c:d1:c3:f5:8d:af               UHLWI           en1
fe80::ba8d:12ff:fe13:dfe4%en1           b8:8d:12:13:df:e4               UHLWI           en1
fe80::e2f8:47ff:fe12:f282%en1           e0:f8:47:12:f2:82               UHLI            lo0
fe80::%utun0/64                         fe80::d14c:b680:33a5:f624%utun0 UcI           utun0
fe80::d14c:b680:33a5:f624%utun0         link#11                         UHLI            lo0
ff01::%lo0/32                           ::1                             UmCI            lo0
ff01::%en0/32                           link#4                          UmCI            en0
ff01::%en1/32                           link#5                          UmCI            en1
ff01::%utun0/32                         fe80::d14c:b680:33a5:f624%utun0 UmCI          utun0
ff02::%lo0/32                           ::1                             UmCI            lo0
ff02::%en0/32                           link#4                          UmCI            en0
ff02::%en1/32                           link#5                          UmCI            en1
ff02::%utun0/32                         fe80::d14c:b680:33a5:f624%utun0 UmCI          utun0

What seems to be missing after the reconnect is the route to the router

2a02:908:xxxx:xxxx:xxxx:xxxx:fe77:dc62 64:70:2:77:dc:62 UHLWIi en1

It would be really helpful if you could give me advice where to look for the problem.

comment:6 Changed 4 years ago by anonymous

Also I have added

net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1

to the sysctl.conf, but this did not solve the problem. Disabling the privacy extension on the mac solves the problem, so it is clearly associated with its usage. But I want to keep it activated. Also the my iOS devices are using the privacy extension.

comment:7 Changed 4 years ago by cyrus

Sorry, no updates on this matter so far as noone provided me any information before you did.

The route you mentioned is pretty much irrelevant - it's not even a route it's an NDP-entry (similar to IPv4-ARP) mapping IPs to MAC-addresses. This lookup is done by your client independently and is not really propagated through routing mechanisms.

The important routing and routing and NDP info is this:
default fe80::6670:2ff:fe77:dc62%en1 UGc
fe80::6670:2ff:fe77:dc62%en1 64:70:2:77:dc:62 UHLWIir

This is identical in both routing tables.

The thing is: when you restart 6relayd it sends 2 router advertisements. One that says "I'm not a default router anymore" when it goes down and one that says "I'm a default router now" when it comes up again. I don't really know how this fixes it but this sounds looks like a bug in MacOS to me especially since Privacy Extensions only affect the addresses your client uses which the router doesn't really care about.

So long story short, here is what you could try:
I've heard a few times that the ULA prefix (that fd08::... thing in your addresses) might be the cause for some problems with Apple devices. You could try removing the line "option ula_prefix ..." in your /etc/config/network on the router and reboot it and see if that helps.

Otherwise if you want me to investigate this further I would need a packet capture (using wireshark or tcpdump) of all the stuff that is going on during the reconnect and then the restart of 6relayd afterwards. I'm mainly interested in "icmpv6 or dhcpv6 or dns" packets so you can set this as a filter if you like.

Changed 4 years ago by anonymous

Wireshark capture from working ping over reconnect to not working ping

comment:8 Changed 4 years ago by anonymous

Thank you very much for your help. I've tried to disable the prefix, but it didn't solve the problem. I've attached a Wireshark capture of the IPv6 traffic on the ethernet from a working ping to google.com to a not working ping. May this helps to trace the problem.

comment:9 Changed 4 years ago by willmo

For what it's worth, I haven't had any IPv6 connectivity issues with iOS 6.1/7 and OS X 10.8/10.9 (except when 6relayd was restarting constantly due to Comcast RA spam). All clients are using privacy extensions. I have been pretty vigilant about keeping my config files synced with the defaults, so I have a ULA set and compat_ula == 0 now.

My clients do join and leave the network quite often, but I'm not sure if that's the type of reconnect that the reporter means.

comment:10 Changed 4 years ago by anonymous

Ok, by investigating the problem a bit further. It seems to be the problem that 6relayd is falling back to relay. I think the problem occurs because the OpenWRT router is running behind another router from my ISP.

Add Comment

Modify Ticket

Action
as assigned .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.