No internet access over IPv6 on Netgear R7800

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2, 3, 4, 5  Next
Author Message
probity
DD-WRT Novice


Joined: 02 Aug 2018
Posts: 25

PostPosted: Thu Aug 02, 2018 10:02    Post subject: No internet access over IPv6 on Netgear R7800 Reply with quote
Hello,

I'm a newbie on DD-WRT. I have Netgear R7800 router with last DD-WRT firmware. This firmware is perfect for me. But I've faced with issues during setting IPv6 up.

There are next parameters from my ISP:
    IPv6 Type: DHCPv6 with Prefix Delegation.
    SLAAC: enabled
    DHCP PD Mode: stateless
    Prefix lenght: 64.
    RA Interval:200-600
    RA Delay: 3
    RA Lifetime:1800


I have the next settings:
1. On Setup → IPV6 page
    IPv6 - enabled
    IPv6 Type - DHCPv6 with Prefix delegation
    Prefix Lenght - 64
    Dccp6c custom - disabled
    Dhcp6c - disabled
    Ravid - disabled

2. On Services → DNSMasq
    DNSMasq - enabled
    Encrypt DNS - disabled
    Cache DNSSEC data - disabled
    Validate DNS Replies (DNSSEC) - disabled
    Check unsigned DNS replies - disabled
    Local DNS - enabled
    No DNS Rebind - enabled
    Query DNS in Strict Order - enabled
    Add Requestor MAC to DNS Query - enabled


Here is my Additional DNSMasq Options:

Code:
local=/local/
expand-hosts
interface=br0
dhcp-range=::,constructor:br0,ra-stateless,1400
enable-ra
quiet-ra
quiet-dhcp
quiet-dhcp6


It seems I'm getting IPV6 from my ISP correctly:



And I have DHCP IPv6 address, gateway and DNS server set up on clients (Windows, MacOS, Android):



As for me, everything looks not bad and probably should work. But it's not true. When I'm trying to reach some IPv6 resource I'm always getting fail:

Code:
C:\Users\Probity>ping google.com -6

Pinging google.com [2a00:1450:4011:80e::1003] with 32 bytes of data:
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.

Ping statistics for 2a00:1450:4011:80e::1003:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


An I can see the next state of my adapter settings:




I've checked on other devices (my laptop with Win10, wife's MacBook Pro with MacOs HighSierra, my Android phone with Android 8 ) and got the same issue.

Also, I've tried to connect the internet cable directly to my computer and set a new WAN connection up. And Ipv6 works perfectly.

Well, it seems something wrong with my settings on DD-WRT. I've tried to do a lot of experiments, but I'm only getting similar results.


Dear DD-WRT gurus, could you help me, please? What I did wrong?

Thanks!
Sponsor
eugene1973
DD-WRT User


Joined: 21 May 2017
Posts: 186

PostPosted: Thu Aug 02, 2018 19:20    Post subject: Reply with quote
In short, you must setup dhcpv6 properly. Publishing the ipv6 addresses is important. Depending on the dhcpv6 scheme you are using you must have all the dhcpv6 initiatives in place. SLAAC, etc. I'm looking for answers too. Publishing to the external network is the trick.
probity
DD-WRT Novice


Joined: 02 Aug 2018
Posts: 25

PostPosted: Thu Aug 02, 2018 19:51    Post subject: Reply with quote
eugene1973 wrote:
In short, you must setup dhcpv6 properly.

Yes, I do understand that.

For example, I tried to add SLAAC as a parameter according to the DNSMask's manual here:

Code:
dhcp-range=::,constructor:br0,ra-stateless,slaac,1400


But I got no significant positive changes.

Well, it seems I should try on anв on until finding a "magic combination", shouldn't I?
eugene1973
DD-WRT User


Joined: 21 May 2017
Posts: 186

PostPosted: Thu Aug 02, 2018 21:25    Post subject: Reply with quote
You have to find out what your service provider uses, or recommends. IA-PD, etc. is among the other topics. You must setup dhcpv6 server options as well. As far as I know, you must setup the main dhcpv6 connection settings properly, with ra ,etc, . So,

Setup dhcpv6 server settings,(to your clients).

Setup, SLAAC, IA-PD, or whatever protocol
the ISP uses. (Part I need to learn)
Some like Comcast use all or most ways.

Allow a client on your network to use dhcpv6 as a client. For starters.
eugene1973
DD-WRT User


Joined: 21 May 2017
Posts: 186

PostPosted: Thu Aug 02, 2018 21:35    Post subject: Reply with quote
I am using my dd-wrt boxes as AP's. So my base gateway(non dd-wrt) does the dhcp stuff. I want to match what I'm doing on my dd-wrt boxes. I have only setup dhcpv6 server to my client settings. This means the DNS servers(ISP), with base prefixes, provided by the ISP. 2001, 2601, etc. Also the group of servers that communicate the dhcpv6 signals. It seems to communicate better with this set but you must be careful with dhcp because my gateway knows how to send dhcp even to static hosts. Dd-wrt doesn't do this, and the client I think handles this. This is why client and server are separate modules. Dd-wrt stuff like --dhcp-host aren't static.
eugene1973
DD-WRT User


Joined: 21 May 2017
Posts: 186

PostPosted: Thu Aug 02, 2018 21:37    Post subject: Reply with quote
Don't quote me. but you can still consider what I'm saying about client and server, and static and dynamic(client).
eugene1973
DD-WRT User


Joined: 21 May 2017
Posts: 186

PostPosted: Thu Aug 02, 2018 21:41    Post subject: Reply with quote
I have found that you can still enable Radvd even if you have scripts. YOU NEED Radvd to run in the gui settings. They say to turn it off but I think it's because it is temporary.
eugene1973
DD-WRT User


Joined: 21 May 2017
Posts: 186

PostPosted: Thu Aug 02, 2018 21:46    Post subject: Reply with quote
So do you have any info on lldp by command? Telnet? I know it is in the gui. I want telnet lldp. I have posts going. If you get a chance.
probity
DD-WRT Novice


Joined: 02 Aug 2018
Posts: 25

PostPosted: Fri Aug 03, 2018 7:34    Post subject: Reply with quote
eugene1973, many thanks for your responding.

Unfortunately, I'm on the road now and far away from my router. I'll get back to you with the answers next Monday.

Thanks!
eugene1973
DD-WRT User


Joined: 21 May 2017
Posts: 186

PostPosted: Fri Aug 03, 2018 20:28    Post subject: Reply with quote
I have also found that turning on the firewall with no settings at all is acceptable. It's required to make the network run good. Your upper and lower net boundaries are controlled this way. Doesn't mean not to use settings, just means that it MUST be enabled.
eugene1973
DD-WRT User


Joined: 21 May 2017
Posts: 186

PostPosted: Fri Aug 03, 2018 20:45    Post subject: Reply with quote
I'm pretty sure you must add ipv6 addressing to get the route/gateway to advertise properly. This is what you are wondering about. I am using my dd-wrt as passthroughs. This means that vlan, eth0, etc,,, can reside anywhere and still send a signal that gets pruned. To set it up right you must setup the vlan address fe80::/x . The eth0 as 2001::/x .The eth0 also as 2601::/x . The last two are per Comcast, so you may have differently. Your fe80 is already calculated for you. ping it. You can convert the main br0 Mac to this fe80 - 2001 - 2601. It's using the fe80 already. Because there is a bridge it confuses me and I haven't tried to do this yet. My gateway got no bridge. The point is to make it pass all traffic including dhcp traffic.
eugene1973
DD-WRT User


Joined: 21 May 2017
Posts: 186

PostPosted: Fri Aug 03, 2018 20:52    Post subject: Reply with quote
I assume you will have to use the dev st and put addressing there to. As well as the dev lo . It must all be addressed properly.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6856
Location: Romerike, Norway

PostPosted: Sat Aug 04, 2018 21:56    Post subject: Reply with quote
What happend you do "tracert google.com -6"?
probity
DD-WRT Novice


Joined: 02 Aug 2018
Posts: 25

PostPosted: Mon Aug 06, 2018 6:05    Post subject: Reply with quote
Per Yngve Berg wrote:
What happend you do "tracert google.com -6"?


The same result as for ping:

Code:

C:\Users\Probity>tracert -6 www.google.com

Tracing route to www.google.com [2a00:1450:4011:80e::1013]
over a maximum of 30 hops:

  1  Destination net unreachable.

Trace complete.




eugene1973
I'm not sure how it's possible to answer you without quoting (you've asked me don't quote you), but I'll try.
1. All the IPv6 parameters I've got from my ISP are in my first post. There are no additional parameters. They said that these parameters must be enough. And they not aware of DD-WRT at all.
2. telnet lldp - I can enable it. Which commands should I perform for getting the data you are interested in?
3. Radvd - I've enabled it, but I've got no significant positive result. Should I enable "Radvd custom" and something to the configuration for that?
Moreover, when I enable Radvd I stop getting IPv6 from ISP.
4. Firewall - it's on. Moreover, added next parameters here:
Code:
ip6tables -I INPUT 3 -i br0 -j ACCEPT
ip6tables -I FORWARD 2 -p icmpv6 --icmpv6-type echo-request -j ACCEPT

5. About IPv6 addressing - that's interesting. How is possible to set it up? I would appreciate you for step-by-step instruction, as I said I'm not an expert with DD-WRT. Or, at least, could you inform me about links where I can read more about that.

Thanks.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6856
Location: Romerike, Norway

PostPosted: Mon Aug 06, 2018 15:04    Post subject: Reply with quote
Are you using the Kong Build -r36375M?

Looks like the client cannot reach the router.

Does "ifconfig" show an address on br0?
Goto page 1, 2, 3, 4, 5  Next Display posts from previous:    Page 1 of 5
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum