You are not logged in.

#1 2014-09-20 00:20:53

tech10
Member
Registered: 2013-04-14
Posts: 3

Solved: IPV6 routing failure with DHCPV6

Hello, everyone.
I've attempted to set up my Arch Linux system as a router. I've succeeded as far as the IPV4 routing goes, but have failed in routing IPV6. The linux system itself is unable to access the internet over IPV6.

I have followed the guide posted at https://wiki.archlinux.org/index.php/router to try and get it working. Here is my setup as it is now. Iptables is currently set to accept all packages on IPV4 and IPV6, so we'll say for the purposes of explanations that I have no firewall, which is close enough. I have added a portforward chain for IPV4 and forwarded one port to a computer of mine, which I'm assuming worked, as IPV4 routing works. Dnsmasq is set up and configured, and working almost how I want, though I'm sure I'll be able to fix the one issue I'm having on my own, assuming I even want to worry about that. IPV6 is not configured to forward in the kernel at the moment, as the router guide didn't mentioning enabling that. I am using dhcpcd, and as netctl didn't seem to use it properly for my purposes, I've enabled the dhcpcd@eth0 service in systemctl. It seems to properly hand the subnet off to eth1, my internal lan card. Here is the routing configuration from ip.

# ip -6 route show
unreachable 2601:b:59c0:21::/64 dev lo  metric 1024  error -101
2601:b:59c0:321::/72 dev eth1  proto kernel  metric 203
2601:b:59c0:321::/72 dev eth1  proto kernel  metric 256  expires 86397sec
fe80::/64 dev eth1  proto kernel  metric 256
fe80::/64 dev eth0  proto kernel  metric 256
default via fe80::201:5cff:fe63:a046 dev eth0  proto ra  metric 1024  expires 1799sec

I assume the error -101 might have something to do with the IPV6 issue, but it seems to be on the loopback interface, I'm not sure why.

Here is my dhcpcd configuration file.

# cat /etc/dhcpcd.conf
# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.

# Inform the DHCP server of our hostname for DDNS.
hostname

# Use the hardware address of the interface for the Client ID.
#clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
duid

# Persist interface configuration when dhcpcd exits.
persistent

# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit

# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Most distributions have NTP support.
option ntp_servers
# Respect the network MTU.
# Some interface drivers reset when changing the MTU so disabled by default.
#option interface_mtu

# A ServerID is required by RFC2131.
require dhcp_server_identifier

# A hook script is provided to lookup the hostname if not set by the DHCP
# server, but it should not be run by default.
nohook lookup-hostname
noipv4ll
noipv6rs
interface eth0
ia_pd 1 eth1

This is my radvd configuration, which I assume will work for me correctly once IPV6 routing is working.

# cat /etc/radvd.conf
interface eth1 {
IgnoreIfMissing on;
AdvSendAdvert on;
  MinRtrAdvInterval 3;
  MaxRtrAdvInterval 10;
prefix ::/72 {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
    DeprecatePrefix on;
        };
#route ::/0 {
#AdvRoutePreference high;
#};
#RDNSS 2001:4860:4860::8888 2001:4860:4860::8844 {
#AdvRDNSSPreference 15;
#};
};

I'm using comcast as my internet provider, and I'm almost certain my setup on my computer is preventing IPV6 from working, as I've used routers to rout IPV6 traffic in the past when I was living with my parents, but am using an old router without that functionality now, and have little luck getting IPV6 to work on it period.

Does anyone know how I might fix IPV6 routing and internet access on my Arch system? Remember, things will be dynamic, not static.

Blake

Last edited by tech10 (2014-09-20 14:52:45)

Offline

#2 2014-09-20 06:40:41

branch
Member
Registered: 2014-03-16
Posts: 196

Re: Solved: IPV6 routing failure with DHCPV6

I assume the error -101 might have something to do with the IPV6 issue, but it seems to be on the loopback interface, I'm not sure why.

This is ok, dhcpcd installs an unreachable route for the entire delegated prefix so that unused subnets within the prefix are "unreachable". The routes for the used portions of the prefix will still work. Conveniently, this also tells us what the actual delegated prefix is.

It is the second and third routes listed which make no sense. They should fall within the delegated prefix, but they do not. Did dhcpcd create these? Also, advertising a /72 for slaac (without "AdvManagedFlag on" in radvd.conf) does not make sense because slaac needs a /64.

Maybe try replacing your ia_pd line in dhcpcd.conf with something like:

ia_pd 1/::/64 eth1/0/64

If it still does not work, it would be helpful to see the output of "ip -6 addr" in addition to the routes.

Offline

#3 2014-09-20 11:54:04

tech10
Member
Registered: 2013-04-14
Posts: 3

Re: Solved: IPV6 routing failure with DHCPV6

Hi,
Thanks for getting back to me, much appreciated.

I assume dhcpcd created the mentioned routes. When I use my default profile with netctl which currently uses dhclient for dhcpv6, here is the routing table.

# ip -6 route
2001:558:6008:43::/64 dev wan  proto kernel  metric 256
fe80::/64 dev lan0  proto kernel  metric 256
fe80::/64 dev wan  proto kernel  metric 256
default via fe80::201:5cff:fe63:a046 dev wan  proto ra  metric 1024  expires 1797sec

I have just tried what you suggested in the dhcpcd config file, the line now looking like this:

ia_pd 1/::/64 lan0/0/64

I've changed my interface names as well, lan0 is the internal, wan is the external interface, they make more sense to me that way. In any case, your suggestion did seem to work for me in terms of the router having IPV6 internet access. Here is the new routing table.

# ip -6 route
2601:b:59c0:21::/64 dev lan0  proto kernel  metric 256  expires 86399sec
unreachable 2601:b:59c0:21::/64 dev lo  metric 1024  error -101
fe80::/64 dev lan0  proto kernel  metric 256
fe80::/64 dev wan  proto kernel  metric 256
default via fe80::201:5cff:fe63:a046 dev wan  proto ra  metric 1024  expires 1798sec

Here is the ipv6 addresses if that will help.

# ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fe80::92f6:52ff:fe03:502f/64 scope link
       valid_lft forever preferred_lft forever
3: lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2601:b:59c0:21:ca60:ff:fe99:851/64 scope global mngtmpaddr dynamic
       valid_lft 85539sec preferred_lft 13539sec
    inet6 2601:b:59c0:21::1/64 scope global noprefixroute dynamic
       valid_lft 302069sec preferred_lft 302069sec
    inet6 fe80::ca60:ff:fe99:851/64 scope link
      valid_lft forever preferred_lft forever

Here is ipconfig from Windows. There doesn't seem to be any type of gateway address assigned for non local IPV6 routing, which is perhaps where the problem comes from, though there's an IPV6 address that seems to exist.

>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : BlakeDesktop
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : archlinux.router.local

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : archlinux.router.local
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D8-50-E6-4B-3F-F4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:b:59c0:21:c13e:fa32:af3d:1f6(Preferred)
   Link-local IPv6 Address . . . . . : fe80::c13e:fa32:af3d:1f6%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, September 20, 2014 05:38:11
   Lease Expires . . . . . . . . . . : Saturday, September 20, 2014 17:38:10
   Default Gateway . . . . . . . . . : fe80::ca60:ff:fe99:851%3
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 64508134
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-70-92-60-D8-50-E6-4B-3F-F4

   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:2c20:2ab:cd57:15f2(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2c20:2ab:cd57:15f2%5(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 134217728
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-70-92-60-D8-50-E6-4B-3F-F4

   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.archlinux.router.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : archlinux.router.local
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

I have tried changing the prefix in radvd to ::/64 and also
sysctl -w net.ipv6.conf.wan.accept_ra=2
That didn't seem to help. Any ideas? I assume it might have something to do with the current radvd configuration, but I'm not sure.

Blake

Last edited by tech10 (2014-09-20 15:11:38)

Offline

#4 2014-09-20 15:05:30

tech10
Member
Registered: 2013-04-14
Posts: 3

Re: Solved: IPV6 routing failure with DHCPV6

Hi,
I have solved the issue I was having. Apparently, I needed to enable IPV6 forwarding on all interfaces, and set accept_ra to 2 on all interfaces. So, to summarize everything for those having a similar problem:

My interfaces are lan0 for the internal network and wan for the internet, yours may be different.

Put this in a file like /etc/sysctl.d/60-forwarding.conf

# Enable packet forwarding
net.ipv4.ip_forward=1
# Enable ipv6 forwarding
net.ipv6.conf.all.forwarding=1
# Accept router advertisements.
net.ipv6.conf.all.accept_ra=2
net.ipv6.conf.default.accept_ra=2
net.ipv6.conf.wan.accept_ra=2
net.ipv6.conf.lan0.accept_ra=2

Set up dhcpcd in /etc/dhcpcd.conf as the router guide indicates, but change the following line.

ia_pd 1 lan0

Make it this instead.

ia_pd 1/::/64 lan0/0/64

Use systemd instead of a netctl profile for the internet connection. Alternatively, you might be able to use dhcpcd for the internet profile, though I've not tried this yet.

# systemctl enable dhcpcd@wan

The rest of the router guide should get anyone else up and running, and after rebooting, IPV4 and IPV6 forwarding should work correctly. Be sure to make sure it works properly after a reboot. If it doesn't, you may have to manually intervene with scripts or commands to make everything work correctly.

Blake

Offline

Board footer

Powered by FluxBB