R7000 lost Comcast IPv6 WAN recently

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
View previous topic :: View next topic  
Author Message
fatalhalt
DD-WRT Novice


Joined: 29 Oct 2015
Posts: 39
PostPosted: Wed Apr 20, 2022 4:51    Post subject: R7000 lost Comcast IPv6 WAN recently Reply with quote
Hello,

I have recently lost WAN IPv6 address on my router, it happened recently when I rebooted the router and power cycled the modem. In the past whenever ddwrt has troubles acquiring ipv6 all I had to do is power cycle the modem and that would fix it.

I recently noticed that my public/WAN IPv4 address changed as well, that was a surprise, I used to have my old IP for years, I'm still running the same R7000 router so my MAC address hasn't changed. I'm on v3.0-r46446 std (04/24/21) firmware if that matters.

tcpdump -i vlan2 -vvv ip6 and port 546
Code:

23:28:53.843305 IP6 (flowlabel 0x26e10, hlim 63, next-header UDP (17) payload length: 125) 2001:558:4040:63::10.547 > fe80::deef:9ff:fe97:2218.546: [udp sum ok] dhcp6 advertise (xid=a6f262 (client-ID hwaddr type 1 dcef09972217) (server-ID hwaddr/time type 1 time 494532553 40a8f03479cc) (IA_PD IAID:0 T1:1800 T2:2880 (IA_PD-prefix 2601:244:4180:696e::/64 pltime:3600 vltime:3600)) (DNS-server cdns01.comcast.net cdns02.comcast.net))


/var/log/messages
Code:

Apr 19 23:36:58 R7000 daemon.debug radvd[9872]: timer_handler called for br0
Apr 19 23:36:58 R7000 daemon.debug radvd[9872]: sending RA to ff02::1 on br0 (fe80::deef:9ff:fe97:2219), 4 options (using 88/1210 bytes)
Apr 19 23:36:58 R7000 daemon.debug radvd[9872]: br0 next scheduled RA in 9.02707 second(s)
Apr 19 23:36:58 R7000 daemon.debug radvd[9872]: polling for 9.027 second(s), next iface is br0
Apr 19 23:36:58 R7000 daemon.debug radvd[9872]: br0 recvmsg len=88
Apr 19 23:36:58 R7000 daemon.debug radvd[9872]: br0 received a packet
Apr 19 23:36:58 R7000 daemon.debug radvd[9872]: br0 received RA from: fe80::deef:9ff:fe97:2219 (myself)
Apr 19 23:36:58 R7000 daemon.debug radvd[9872]: polling for 9.026 second(s), next iface is br0
Apr 19 23:37:02 R7000 daemon.debug radvd[9872]: vlan2 recvmsg len=288
Apr 19 23:37:02 R7000 daemon.debug radvd[9872]: vlan2 received a packet
Apr 19 23:37:02 R7000 daemon.warn radvd[9872]: vlan2 received icmpv6 RS/RA packet on an unknown interface with index 5
Apr 19 23:37:02 R7000 daemon.debug radvd[9872]: polling for 5.213 second(s), next iface is br0
Apr 19 23:37:07 R7000 daemon.debug radvd[9872]: timer_handler called for br0


From the tcpdump, if I understand correctly, comcast is advertising me 2601:244:4180:696e::/64 prefix, but ddwrt for some reason isn't taking it. I tried forcing it with custom Radvd config but no dice:

cat /tmp/radvd.conf
Code:
interface br0
{
 IgnoreIfMissing on;
 AdvSendAdvert on;
 MinRtrAdvInterval 3;
 MaxRtrAdvInterval 10;
 AdvHomeAgentFlag off;
 AdvManagedFlag off;
 AdvOtherConfigFlag on;
 AdvLinkMTU 1500;
 prefix 2601:244:4180:696e::/64
 {
  AdvOnLink on;
  AdvAutonomous on;
  AdvValidLifetime 30;
  AdvPreferredLifetime 20;
 };
 RDNSS 2001:558:feed::1 {};
};


In the past I was running the same Radvd config as above, only the /64 prefix was different back when IPv6 was working for me.

Any ideas? Thanks.

ipv6-settings.jpg
 Description:
 Filesize:  80.4 KB
 Viewed:  2543 Time(s)

ipv6-settings.jpg
Back to top View user's profile Send private message
Sponsor
hellf
DD-WRT Novice


Joined: 16 Apr 2010
Posts: 44
Location: Metavira
PostPosted: Wed Apr 20, 2022 10:28    Post subject: Reply with quote
Not sure if it will help you, but you are not alone and maybe this thread will have some pointers to debug further https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1254898
Back to top View user's profile Send private message
fatalhalt
DD-WRT Novice


Joined: 29 Oct 2015
Posts: 39
PostPosted: Wed Apr 20, 2022 20:21    Post subject: Reply with quote
No luck with /56 prefix either

Also tried infamous 3 IPv6 Comcast hotfixes (none helped)
-run ifconfig eth0 promisc
-Services->Dnsmasq, check "Add Requestor MAC to DNS Query"
-(uncheck) "Filter Multicast" on Security/Firewall page

Didn't try 'Dhcp6 custom' yet that @Wildlion recommended but I doubt it would help.
Back to top View user's profile Send private message
PaulGo
DD-WRT User


Joined: 01 Dec 2021
Posts: 289
Location: Maryland, United States
PostPosted: Wed Apr 20, 2022 21:19    Post subject: Reply with quote
Comcast is deploying vCMTS in some locations. Since Comcast switched to vCMTS in my area with the original Netgear firmware I lost IPv6 after an hour or two. Using DD-WRT with Comcast vCMTS so far I have (as stated in the thread I started) I have been unable to obtain IPv6. I hope you fine a solution I can try!
Back to top View user's profile Send private message
fatalhalt
DD-WRT Novice


Joined: 29 Oct 2015
Posts: 39
PostPosted: Wed Apr 20, 2022 23:52    Post subject: Reply with quote
Got IPv6 back guys after 'ip6tables -F INPUT', problem seemed to be in ip6tables INPUT chain, I wonder why it's an issue now, my ip6tables rules are stock to my knowledge:
Code:
root@R7000:~# ip6tables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED
   86 11672 ACCEPT     icmpv6    *      *       ::/0                 ::/0
    0     0 ACCEPT     all      *      *       fe80::/64            ::/0
    0     0 ACCEPT     all      br0    *       ::/0                 ::/0
    6   990 DROP       all      *      *       ::/0                 ::/0


I wonder what was getting dropped there, and what kind of rule I need to add to allow it.
Back to top View user's profile Send private message
fatalhalt
DD-WRT Novice


Joined: 29 Oct 2015
Posts: 39
PostPosted: Thu Apr 21, 2022 0:13    Post subject: Reply with quote
Seems that I was missing:
ip6tables -A INPUT -p udp --dport 546 -j ACCEPT

Fix (added this to startup Firewall Commands):
ip6tables -F
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -A INPUT -s fe80::/64 -j ACCEPT
ip6tables -A INPUT -p udp --dport 546 -j ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -i br0 -j ACCEPT
ip6tables -A INPUT -j DROP
Back to top View user's profile Send private message
PaulGo
DD-WRT User


Joined: 01 Dec 2021
Posts: 289
Location: Maryland, United States
PostPosted: Thu Apr 21, 2022 15:33    Post subject: Reply with quote
I applied your settings and now I can get IPv6 on the WAN on my R6300 with Comcast. However I do not have IPv6 on the LAN. Did you modify anything to enable the LAN?
Back to top View user's profile Send private message
fatalhalt
DD-WRT Novice


Joined: 29 Oct 2015
Posts: 39
PostPosted: Fri Apr 22, 2022 18:12    Post subject: Reply with quote
No, I would look into radvd if I was you. FYI I don't enable dhcp6s, dhcp6s is just a complementary service to radvd, radvd on its own gets everything done.

radvd sends IPv6 address advertisements to your local hosts/devices so they can automatically assign IPv6 addresses
Back to top View user's profile Send private message
PaulGo
DD-WRT User


Joined: 01 Dec 2021
Posts: 289
Location: Maryland, United States
PostPosted: Sat Apr 23, 2022 1:12    Post subject: Reply with quote
I already had it set up they way you suggested but I do not get a LAN IPv6. Does any else have any suggestions on how to obtain a LAN IPv6 since my computer does not recognize IPv6 from the router.
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway
PostPosted: Sat Apr 23, 2022 8:39    Post subject: Reply with quote
Use dnsMasq for the LAN (additional dnsmasq options):

quiet-dhcp
quiet-dhcp6
quiet-ra
enable-ra
dhcp-range=::10,::1ff,constructor:br0,ra-names,slaac,64,24h

No need for either radvd or dhcp6s.
Back to top View user's profile Send private message
PaulGo
DD-WRT User


Joined: 01 Dec 2021
Posts: 289
Location: Maryland, United States
PostPosted: Sat Apr 23, 2022 16:07    Post subject: Reply with quote
[quote="Per Yngve Berg"]Use dnsMasq for the LAN (additional dnsmasq options):

quiet-dhcp
quiet-dhcp6
quiet-ra
enable-ra
dhcp-range=::10,::1ff,constructor:br0,ra-names,slaac,64,24h

No need for either radvd or dhcp6s.[/quote]

Your setting worked! I now have IPv6 on the LAN. Thank you!
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum