You are not logged in.
Hello, everyone.
I've attempted to set up my Arch Linux system as a router. I've succeeded as far as the IPV4 routing goes, but have failed in routing IPV6. The linux system itself is unable to access the internet over IPV6.
I have followed the guide posted at https://wiki.archlinux.org/index.php/router to try and get it working. Here is my setup as it is now. Iptables is currently set to accept all packages on IPV4 and IPV6, so we'll say for the purposes of explanations that I have no firewall, which is close enough. I have added a portforward chain for IPV4 and forwarded one port to a computer of mine, which I'm assuming worked, as IPV4 routing works. Dnsmasq is set up and configured, and working almost how I want, though I'm sure I'll be able to fix the one issue I'm having on my own, assuming I even want to worry about that. IPV6 is not configured to forward in the kernel at the moment, as the router guide didn't mentioning enabling that. I am using dhcpcd, and as netctl didn't seem to use it properly for my purposes, I've enabled the dhcpcd@eth0 service in systemctl. It seems to properly hand the subnet off to eth1, my internal lan card. Here is the routing configuration from ip.
# ip -6 route show
unreachable 2601:b:59c0:21::/64 dev lo metric 1024 error -101
2601:b:59c0:321::/72 dev eth1 proto kernel metric 203
2601:b:59c0:321::/72 dev eth1 proto kernel metric 256 expires 86397sec
fe80::/64 dev eth1 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256
default via fe80::201:5cff:fe63:a046 dev eth0 proto ra metric 1024 expires 1799secI assume the error -101 might have something to do with the IPV6 issue, but it seems to be on the loopback interface, I'm not sure why.
Here is my dhcpcd configuration file.
# cat /etc/dhcpcd.conf
# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.
# Inform the DHCP server of our hostname for DDNS.
hostname
# Use the hardware address of the interface for the Client ID.
#clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
duid
# Persist interface configuration when dhcpcd exits.
persistent
# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit
# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Most distributions have NTP support.
option ntp_servers
# Respect the network MTU.
# Some interface drivers reset when changing the MTU so disabled by default.
#option interface_mtu
# A ServerID is required by RFC2131.
require dhcp_server_identifier
# A hook script is provided to lookup the hostname if not set by the DHCP
# server, but it should not be run by default.
nohook lookup-hostname
noipv4ll
noipv6rs
interface eth0
ia_pd 1 eth1This is my radvd configuration, which I assume will work for me correctly once IPV6 routing is working.
# cat /etc/radvd.conf
interface eth1 {
IgnoreIfMissing on;
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix ::/72 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
DeprecatePrefix on;
};
#route ::/0 {
#AdvRoutePreference high;
#};
#RDNSS 2001:4860:4860::8888 2001:4860:4860::8844 {
#AdvRDNSSPreference 15;
#};
};I'm using comcast as my internet provider, and I'm almost certain my setup on my computer is preventing IPV6 from working, as I've used routers to rout IPV6 traffic in the past when I was living with my parents, but am using an old router without that functionality now, and have little luck getting IPV6 to work on it period.
Does anyone know how I might fix IPV6 routing and internet access on my Arch system? Remember, things will be dynamic, not static.
Blake
Last edited by tech10 (2014-09-20 14:52:45)
Offline
I assume the error -101 might have something to do with the IPV6 issue, but it seems to be on the loopback interface, I'm not sure why.
This is ok, dhcpcd installs an unreachable route for the entire delegated prefix so that unused subnets within the prefix are "unreachable". The routes for the used portions of the prefix will still work. Conveniently, this also tells us what the actual delegated prefix is.
It is the second and third routes listed which make no sense. They should fall within the delegated prefix, but they do not. Did dhcpcd create these? Also, advertising a /72 for slaac (without "AdvManagedFlag on" in radvd.conf) does not make sense because slaac needs a /64.
Maybe try replacing your ia_pd line in dhcpcd.conf with something like:
ia_pd 1/::/64 eth1/0/64If it still does not work, it would be helpful to see the output of "ip -6 addr" in addition to the routes.
Offline
Hi,
Thanks for getting back to me, much appreciated.
I assume dhcpcd created the mentioned routes. When I use my default profile with netctl which currently uses dhclient for dhcpv6, here is the routing table.
# ip -6 route
2001:558:6008:43::/64 dev wan proto kernel metric 256
fe80::/64 dev lan0 proto kernel metric 256
fe80::/64 dev wan proto kernel metric 256
default via fe80::201:5cff:fe63:a046 dev wan proto ra metric 1024 expires 1797secI have just tried what you suggested in the dhcpcd config file, the line now looking like this:
ia_pd 1/::/64 lan0/0/64I've changed my interface names as well, lan0 is the internal, wan is the external interface, they make more sense to me that way. In any case, your suggestion did seem to work for me in terms of the router having IPV6 internet access. Here is the new routing table.
# ip -6 route
2601:b:59c0:21::/64 dev lan0 proto kernel metric 256 expires 86399sec
unreachable 2601:b:59c0:21::/64 dev lo metric 1024 error -101
fe80::/64 dev lan0 proto kernel metric 256
fe80::/64 dev wan proto kernel metric 256
default via fe80::201:5cff:fe63:a046 dev wan proto ra metric 1024 expires 1798secHere is the ipv6 addresses if that will help.
# ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 fe80::92f6:52ff:fe03:502f/64 scope link
valid_lft forever preferred_lft forever
3: lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2601:b:59c0:21:ca60:ff:fe99:851/64 scope global mngtmpaddr dynamic
valid_lft 85539sec preferred_lft 13539sec
inet6 2601:b:59c0:21::1/64 scope global noprefixroute dynamic
valid_lft 302069sec preferred_lft 302069sec
inet6 fe80::ca60:ff:fe99:851/64 scope link
valid_lft forever preferred_lft foreverHere is ipconfig from Windows. There doesn't seem to be any type of gateway address assigned for non local IPV6 routing, which is perhaps where the problem comes from, though there's an IPV6 address that seems to exist.
>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : BlakeDesktop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : archlinux.router.local
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : archlinux.router.local
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : D8-50-E6-4B-3F-F4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:b:59c0:21:c13e:fa32:af3d:1f6(Preferred)
Link-local IPv6 Address . . . . . : fe80::c13e:fa32:af3d:1f6%3(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 20, 2014 05:38:11
Lease Expires . . . . . . . . . . : Saturday, September 20, 2014 17:38:10
Default Gateway . . . . . . . . . : fe80::ca60:ff:fe99:851%3
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 64508134
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-70-92-60-D8-50-E6-4B-3F-F4
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:2c20:2ab:cd57:15f2(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c20:2ab:cd57:15f2%5(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 134217728
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-70-92-60-D8-50-E6-4B-3F-F4
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.archlinux.router.local:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : archlinux.router.local
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : YesI have tried changing the prefix in radvd to ::/64 and also
sysctl -w net.ipv6.conf.wan.accept_ra=2
That didn't seem to help. Any ideas? I assume it might have something to do with the current radvd configuration, but I'm not sure.
Blake
Last edited by tech10 (2014-09-20 15:11:38)
Offline
Hi,
I have solved the issue I was having. Apparently, I needed to enable IPV6 forwarding on all interfaces, and set accept_ra to 2 on all interfaces. So, to summarize everything for those having a similar problem:
My interfaces are lan0 for the internal network and wan for the internet, yours may be different.
Put this in a file like /etc/sysctl.d/60-forwarding.conf
# Enable packet forwarding
net.ipv4.ip_forward=1
# Enable ipv6 forwarding
net.ipv6.conf.all.forwarding=1
# Accept router advertisements.
net.ipv6.conf.all.accept_ra=2
net.ipv6.conf.default.accept_ra=2
net.ipv6.conf.wan.accept_ra=2
net.ipv6.conf.lan0.accept_ra=2Set up dhcpcd in /etc/dhcpcd.conf as the router guide indicates, but change the following line.
ia_pd 1 lan0Make it this instead.
ia_pd 1/::/64 lan0/0/64Use systemd instead of a netctl profile for the internet connection. Alternatively, you might be able to use dhcpcd for the internet profile, though I've not tried this yet.
# systemctl enable dhcpcd@wanThe rest of the router guide should get anyone else up and running, and after rebooting, IPV4 and IPV6 forwarding should work correctly. Be sure to make sure it works properly after a reboot. If it doesn't, you may have to manually intervene with scripts or commands to make everything work correctly.
Blake
Offline