IPV6 Delegation - Made it work on stock, but failing with DD

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
lfventura
DD-WRT Novice


Joined: 29 Jun 2022
Posts: 1

PostPosted: Wed Jun 29, 2022 9:36    Post subject: IPV6 Delegation - Made it work on stock, but failing with DD Reply with quote
Hi,
My provider (Oi) enables me for IPv6 prefix delegation (with the modem in routing mode, they block bridge mode).

I tried several ways and read a lot of topics in the past 24h but I did not managed to actually make it work, besides my clients are now receiving IPV6 addressing.

Code:
Router: Netgear R7000
Firmware: DD-WRT v3.0-r49392 std (06/29/22)


My router gets IPv6 on its WAN interface, from the router terminal I can ping IPV6 addresses and IPs, but nothing for the LAN.

To give some background: I made it work with the Stock Netgear firmware, in the Stock I had to set the IPV6 configuration as "Pass-through" and no extra configuration was needed. Everything worked with the same topology I will show in the next lines.


My network topology is like this:

Provider Router (Oi) -> Netgear R7000 (Router mode) -> Clients

My provider blocks their router when I put it in Bridge mode (Well known problem for Oi users) so my Provider Router has a DMZ configuration that forwards all WAN Ports to Netgear and this avoids Double NAT issues in my internal network.

So for the Netgear (DD-WRT) it gets a private IPV4 along with an IPV6

This is my current situation:


From Netgear DDWRT Router:
Code:
0;root@R7000: ~root@R7000:~# ping6 www.google.com
PING www.google.com (2800:3f0:4004:80b::2004): 56 data bytes
64 bytes from 2800:3f0:4004:80b::2004: seq=0 ttl=116 time=6.346 ms
64 bytes from 2800:3f0:4004:80b::2004: seq=1 ttl=116 time=4.776 ms
64 bytes from 2800:3f0:4004:80b::2004: seq=2 ttl=116 time=4.686 ms
--- www.google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 4.686/5.269/6.346 ms


Custom DHCPV6 Client Daemon:
(When I set this up, my clients started to get the Google DNS Server, not my provider DNS, what is kind odd):

Code:
interface vlan2 {
 send ia-pd 0;
 send rapid-commit;
 request domain-name-servers;
 script "/sbin/dhcp6c-state";
};
id-assoc pd 0 {
 prefix-interface br0 {
  sla-id 0;
  sla-len 0;
 };
};
id-assoc na 0 { };


radv custom config:
Ps: My prefix is dynamic, but for now I am putting the one that is currently assigned to me to make it easier to create this setup and troubleshoot it. It should not be an immediate problem, as my provider takes months before switching my IPV4 or IPV6 addresses.

To hide sensitive information I replaced the addresses on al snippets, but I did not messed it up. Everything was replaced by a fake but exact match on each line it appears

Code:
interface br0 {
   AdvSendAdvert on;
   prefix aaaa:bbb:cccc:dddd::/64 {
    AdvOnLink on;
    AdvAutonomous on;
    AdvRouterAddr on;
   };
};



Quick note over here: I first tried without setting radv customization (Just enabled) and without enabling dhcpv6 client. Unfortunately, this way I was only getting a local IPv6 in my client. After I made this configuration, my client started to get some IPV6 addressing.

In my provider router, under IPV6 this is the info I have:
Code:
IPv6 address
aaaa:bbb:31e:19c9::1
IPv6 Prefix
aaaa:bbb:cccc:dddd::/56
IPv6 Gateway
fe80::ea4:2ff:fed4:395b
Primary DNS
2804:d41::4
Second DNS
2804:d45:400::7



And this is what I get in my client:
Code:
IPAddress         : fe80::84e6:f7de:e7ec:1051%13
InterfaceIndex    : 13
InterfaceAlias    : Wi-Fi
AddressFamily     : IPv6
Type              : Unicast
PrefixLength      : 64
PrefixOrigin      : WellKnown
SuffixOrigin      : Link
AddressState      : Preferred
ValidLifetime     : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource      : False
PolicyStore       : ActiveStore

IPAddress         : aaaa:bbb:cccc:dddd:f0f1:e153:107a:b126
InterfaceIndex    : 13
InterfaceAlias    : Wi-Fi
AddressFamily     : IPv6
Type              : Unicast
PrefixLength      : 128
PrefixOrigin      : RouterAdvertisement
SuffixOrigin      : Random
AddressState      : Preferred
ValidLifetime     : 23:55:30
PreferredLifetime : 03:55:30
SkipAsSource      : False
PolicyStore       : ActiveStore

IPAddress         : aaaa:bbb:cccc:dddd:84a1:a1ba:b3bd:2162
InterfaceIndex    : 13
InterfaceAlias    : Wi-Fi
AddressFamily     : IPv6
Type              : Unicast
PrefixLength      : 64
PrefixOrigin      : RouterAdvertisement
SuffixOrigin      : Link
AddressState      : Preferred
ValidLifetime     : 23:55:30
PreferredLifetime : 03:55:30
SkipAsSource      : False
PolicyStore       : ActiveStore


And from this client I can't ping any IPV6 address or tracepath to any IPV6 address, it fails without any line in the traceroute.
Code:
C:\Users\lfven>tracert -6 www.google.com

Rastreando a rota para www.google.com [2800:3f0:4004:80b::2004]
com no máximo 30 saltos:

  1     *        *        *     Esgotado o tempo limite do pedido.
  2  ^C


In this same client, if I connect it directly to the provider router, the IPV6 connection works, and this is the output of the very same command with this computer connected directly to the provider router:

Code:
IPAddress         : fe80::84e6:f7de:e7ec:1051%13
InterfaceIndex    : 13
InterfaceAlias    : Wi-Fi
AddressFamily     : IPv6
Type              : Unicast
PrefixLength      : 64
PrefixOrigin      : WellKnown
SuffixOrigin      : Link
AddressState      : Preferred
ValidLifetime     : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource      : False
PolicyStore       : ActiveStore

IPAddress         : aaaa:bbb:cccc:dddd:9cf0:a473:bd9b:b1db
InterfaceIndex    : 13
InterfaceAlias    : Wi-Fi
AddressFamily     : IPv6
Type              : Unicast
PrefixLength      : 128
PrefixOrigin      : RouterAdvertisement
SuffixOrigin      : Random
AddressState      : Preferred
ValidLifetime     : 00:59:54
PreferredLifetime : 00:59:54
SkipAsSource      : False
PolicyStore       : ActiveStore

IPAddress         : aaaa:bbb:cccc:dddd:84a1:a1ba:b3bd:2162
InterfaceIndex    : 13
InterfaceAlias    : Wi-Fi
AddressFamily     : IPv6
Type              : Unicast
PrefixLength      : 64
PrefixOrigin      : RouterAdvertisement
SuffixOrigin      : Link
AddressState      : Preferred
ValidLifetime     : 00:59:54
PreferredLifetime : 00:59:54
SkipAsSource      : False
PolicyStore       : ActiveStore


And as I am connected to the provider router directly, it does ping and traceroute

Code:
C:\Users\lfven>tracert -6 www.google.com

Rastreando a rota para www.google.com [2800:3f0:4004:80a::2004]
com no máximo 30 saltos:

  1     1 ms     1 ms     1 ms  aaaa:bbb:cccc:dddd::1
  2     3 ms    11 ms     9 ms  aaa:bbc:0:8000::6
  3     *        *        *     Esgotado o tempo limite do pedido.
  4     4 ms     4 ms     8 ms  2001:4860:1:1:0:1e3a:0:16
  5    23 ms    10 ms    12 ms  2001:4860:0:75::1
  6     5 ms     4 ms     5 ms  2001:4860:0:1::5171
  7     4 ms     4 ms     4 ms  2800:3f0:4004:80a::2004

Rastreamento concluído.


Any hints would be highly appreciated. Thank you in advance. I am on this for the past 2 days and I do not understand where is my mistake. Embarassed Laughing
Sponsor
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Wed Aug 03, 2022 14:39    Post subject: Reply with quote
Bumping thread for visibility. I cant hep you, no experience whatsoever with IPv6 and DD-WRT.

But the provider isnt blocking based on the WAN MAC address is it? In DD-WRT you can spoof it.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6855
Location: Romerike, Norway

PostPosted: Wed Aug 03, 2022 15:21    Post subject: Reply with quote
With a /56 prefix, should have sla-len 8;. You have set it to zero.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum