DD-WRT v3 beta - IPv6 ISP with multiple Prefix Delegations

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page 1, 2, 3  Next
Author Message
fdumont
DD-WRT Novice


Joined: 23 Apr 2012
Posts: 21

PostPosted: Wed Jun 02, 2021 13:44    Post subject: DD-WRT v3 beta - IPv6 ISP with multiple Prefix Delegations Reply with quote
Hello everyone,

I have read many posts about IPv6 DD-WRT support but nothing helps me to solve my issue about IPv6 native implementation.

Currently my Internet Provider provides IPv6 with multiple Prefix Delegation. On modem side, I have options to configure 8 subnets : 2a01:e0a:abcd:xxx0::/64 >> 2a01:e0a:abcd:xxx7::/64. For each subnet/prefix I should indicate a Next hop.

However provider advice to not use first subnet (xxx0).
So I configure 2nd subnet (xxx1) : 2a01:e0a:abcd:xxx1::/64 with Next hop to eth0 DD-WRT ipv6 address (fe80::1e88:1abc:ab12:a468).

On DD-WRT side I configure IPv6 with these settings :
**DHCPv6 with Prefix Delegation (not sure about this setting)
**Prefix Length 64
**Assigned Router Prefix : 2a01:e0a:abcd:xxx1::
**Radvd disabled

Ping ipv6 works fine from DD-WRT router ; but not from workstations or devices behind DD-WRT (iOS/Android).

All devices behind DD-WRT router receive an IPV6 but ipv6 ping not working... I don't understand why ?

I noticed that devices receive two ip v6 addresses (on subnet xxx1) (checked on Windows 10 & iOS devices) : Normal situation ?

Should I add a specific route on DD-WRT ? I see some posts about it but not sure what should I do.

Should I use "DHCPv6 Prefix Delegation" and not "Native IPV6" ?

Thank for you help,

Regards


Last edited by fdumont on Sat Jun 05, 2021 11:18; edited 6 times in total
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6168
Location: Romerike, Norway

PostPosted: Wed Jun 02, 2021 17:48    Post subject: Reply with quote
Does the dd-wrt router have a global scope address on br0?
fdumont
DD-WRT Novice


Joined: 23 Apr 2012
Posts: 21

PostPosted: Wed Jun 02, 2021 19:27    Post subject: Reply with quote
Thank you for the topic re-assignment (Advanced Networking)

br0 Link encap:Ethernet HWaddr 1C:88:1C:69:C5:6B
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::1e87:2cff:fe69:c56b/64 Scope:Link

WAN IP v4 (from Internet providerd) is assigned to vlan2
On vlan2 I have an inet6 addr (2a01:.....) with Global Scope

My dnsmasq options :
#Enable Router Advertisements
enable-ra
#Enable the DHCP server - IPV6 range
dhcp-range=::10,::1ff,constructor:br0,ra-names,slaac,64,24h

My (default - no custom) /tmp/dhcp6c.conf file :
Code:
interface eth0 {
send ia-pd 0;
send rapid-commit;
request domain-name-servers;
script "/sbin/dhcp6c-state";
};
id-assoc pd 0 {
prefix ::/64 infinity;
prefix-interface br0 {
sla-id 0;
sla-len 16;
};

~
tedm
DD-WRT User


Joined: 13 Mar 2009
Posts: 445

PostPosted: Thu Jun 03, 2021 5:38    Post subject: Reply with quote
I run IPv6 in fact I have a static block

The prefix 2a01:: was assigned to RIPE but RIPE has not made any allocations from it.

Most likely your ISP is not actually IPv6 enabled and is just pulling numbers out of it's azz

Without any more info nobody can help you I'm afraid.

For example do you have a dsl or cable modem that you are running your dd-wrt box behind? What is the make and model. Who is your ISP?
fdumont
DD-WRT Novice


Joined: 23 Apr 2012
Posts: 21

PostPosted: Thu Jun 03, 2021 10:17    Post subject: Reply with quote
@tedm

Thank for your answer but I don't understand & share your answer.

I can ping through ipv6 successfully IPv6 addresses (like 2606:4700:4700::1111 -> 1.1.1.1 ipv6 DNS).

Ipv6 works fine from DD-WRT router itself but not from workstation behind (whatever the LAN interface use by workstations eth0 or Wifi eth1-eth2). Workstations receive correctly IPv6 address (with prefix 2a01:e00:.....) but it seems that I have a routing problem from DD-WRT router.

I don't know where is the problem exactly : from br0 ... (only a local scope on this interface) ? from routing table ? I have a global scope with IPv6 2a01:e00:... address on the vlan2 interface.

According RIPE is correctly allocated to my internet provider (PROXAD)
https://apps.db.ripe.net/db-web-ui/query?bflag=true&dflag=false&rflag=true&searchtext=2a01:e00::%2F26&source=RIPE
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6168
Location: Romerike, Norway

PostPosted: Thu Jun 03, 2021 15:28    Post subject: Reply with quote
As you don't have a Global Scope address on br0, your ISP router does not have a wide dhcp6 server and does not hand out Delegated Prefixes.

You can try to assign an address statically.

ip -6 addr add 2a01:e99:abcd:e121::1/64 dev br0
fdumont
DD-WRT Novice


Joined: 23 Apr 2012
Posts: 21

PostPosted: Thu Jun 03, 2021 18:34    Post subject: Reply with quote
Thank for your tip ; unfortunately it doesn't work .
But I got new IP v6 address on workstation with the right subnet 2a01:e99:abcd:e121.....

I am not sure about with interface should host ipv6 "2a01:e99:abcd:e121::1" --> vlan2 or br0 ?

Currently on my configuration my IP v4 from my provider is assigned to vlan2.
And this interface (vlan2) has always an ipv6 address on the first subnet "e120" (subnet that the provider doesn't advice to sue).
I try this command to understand how this ipv6 is assigned to vlan2 interface : killall dhcp6c && dhcp6c -c /tmp/dhcp6c.conf -d -T LL vlan2

--> But nothing happens ... nothing inside /var/log/messages

Currently my /etc/dhcp6c.conf content is :
Code:
interface vlan2 {
 send ia-pd 0;
 send rapid-commit;
 request domain-name-servers;
 script "/sbin/dhcp6c-state";
};
id-assoc pd 0 {
 prefix-interface br0 {
  sla-id 0;
  sla-len 0;
 };
};
id-assoc na 0 { };
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1109

PostPosted: Fri Jun 04, 2021 1:08    Post subject: Reply with quote
You should only need one ipv6 (global) address for the router... since that is the point of it being global scope (ie no NAT) The only reason that you would need a second is if your router is allocated a prefix that you are handing out internally....

Is the intent to obtain ipv6 through slaac or through dhcp6
fdumont
DD-WRT Novice


Joined: 23 Apr 2012
Posts: 21

PostPosted: Fri Jun 04, 2021 8:35    Post subject: Reply with quote
I found a very instructive document : http://seb22.free.fr/FreeBox-OpenWRT-IPV6_SLAAC-Setup_Public.pdf

But DD-WRT is a little different ; and my config also a little bit different (I want use only the delegation "e121" - not the first one "2a01......:e120")

My provider use SLAAC
fdumont
DD-WRT Novice


Joined: 23 Apr 2012
Posts: 21

PostPosted: Fri Jun 04, 2021 9:54    Post subject: Reply with quote
I think the problem is on DD-WRT ; and maybe dnsmasq config ...

I add this config line
dhcp-range=::10,::1ff,constructor:br0,slaac,64,24h

But no ipv6 Global on br0 ...

I don't understand how br0/vlan2/eth0 should get assignment ipv6 address through slaac ...
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6168
Location: Romerike, Norway

PostPosted: Fri Jun 04, 2021 11:25    Post subject: Reply with quote
Set it to Native.

It can be a routing issue with the route you entered on the isp router. Enter the Global Scope address on the dd-wrt routers wan instead of the Link Local address.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 9448
Location: Texas, USA

PostPosted: Fri Jun 04, 2021 15:59    Post subject: Reply with quote
For reference, since the OP can't seem to stay focused in one spot:

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327021

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=329283

Please keep the discussion in *this* thread. Thank you.

_________________
Official Forum Rules, Guidelines & Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum. ---------------------- Linux User #377467 counter.li.org / linuxcounter.net
fdumont
DD-WRT Novice


Joined: 23 Apr 2012
Posts: 21

PostPosted: Fri Jun 04, 2021 17:25    Post subject: Reply with quote
@kernel-panic69

Sorry ; Indeed I found topic #327021 (from @xes_) very close to my problem after my first post.

I removed my duplicate post #329283.
tedm
DD-WRT User


Joined: 13 Mar 2009
Posts: 445

PostPosted: Fri Jun 04, 2021 23:23    Post subject: Reply with quote
fdumont wrote:
@tedm

Thank for your answer but I don't understand & share your answer.

I can ping through ipv6 successfully IPv6 addresses (like 2606:4700:4700::1111 -> 1.1.1.1 ipv6 DNS).

Ipv6 works fine from DD-WRT router itself but not from workstation behind (whatever the LAN interface use by workstations eth0 or Wifi eth1-eth2). Workstations receive correctly IPv6 address (with prefix 2a01:e00:.....) but it seems that I have a routing problem from DD-WRT router.

According RIPE is correctly allocated to my internet provider (PROXAD)
https://apps.db.ripe.net/db-web-ui/query?bflag=true&dflag=false&rflag=true&searchtext=2a01:e00::%2F26&source=RIPE


My bad the whois lookup I used did not do a proper recursive query into RIPE.

Now the next question which you didn't yet answer is how is your dd-wrt router connected to the Internet? Is it an ethernet port into a jack on the telephone pole on your street or what? Did your ISP put a router box into your place?

The point of DHCP-PD is whatever you are getting the DHCPv6 from has to have allocated a subnet split out of the IPv6 block you are assigned. In effect when it's issued it installs a route in your ISP's side. So please let us know WHAT your dd-wrt box is plugged into since that is a critical part of this.
fdumont
DD-WRT Novice


Joined: 23 Apr 2012
Posts: 21

PostPosted: Sat Jun 05, 2021 9:02    Post subject: Reply with quote
Back to the basic, I remove all IPv6 configuration (Ipv6, Dnsmasq pv6 settings, ..).

Back to my initial situation : IPv6 works fine from DD-WRT and not from Workstations behind DD-WRT.

First, my config :
Optical Network <> ISP Box (Bridge mode) <> DD-WRT <> Workstations (LAN)
NB : DD-WRT is connected to the ISP Box through the WAN port

ISP Box Settings (Free provider - Optical Freebox OS) :
Bridge mode (router mode disabled)
Dhcpv6 not enabled (not recommended for Android devices)
IPv6 firewall not enabled
Local-link IPv6 address : fe80::e69e:abcd:ab7c:779f
Subnet delegation nexthop Configuration (ISP offer x8 /64 delegations)
> 2a01:e0a:22a:xxx0::/64 => nothing (not recommended to use according ISP)
> 2a01:e0a:22a:xxx1::/64 => fe80::1e88:1abc:ab12:a468 => Subnet delegation "xxx1" that I would use for my devices behind DD-WRT (fe80::1e88:1abc:ab12:a468 is the local link of the eth0 interface)

DD-WRT Config :
* Connection WAN Type: Automatic DHCP
* Ipv6:
- Ipv6 type = DHCPv6 with Prefix Delegation
- Prefix Length = 64
- Static DNS 1: 2a01:e0c:1:1599::22
- Static DNS 1: 2a01:e0c:1:1599::23
NB : My ISP use both SLAAC a DHCP6 according what I found (but not sure)

With these basic settings : DD-WRT received a public IPv6 address (I suppose from ISP) on the first subnet (2a01:e0a:22a:xxx0:1e87:2cff:fe67:c469).
This public IPv6 is assigned to vlan2 interface (same interface that got IPv4 public address).

Ping from DD-WRT to IPv6 (google/1.1.1.1) works fine.

Routing table
Code:
ip -6 route show >>
2a01:e0a:22a:xxx0::/64 dev vlan2  metric 256  expires 86082sec
fe80::/64 dev eth0  metric 256
fe80::/64 dev vlan1  metric 256
fe80::/64 dev br0  metric 256
fe80::/64 dev eth1  metric 256
fe80::/64 dev eth2  metric 256
fe80::/64 dev vlan2  metric 256
default via fe80::e69e:abcd:ab7c:779f dev vlan2  metric 1024  expires 1482sec
default dev vlan2  metric 2048
unreachable default dev lo  metric -1  error -101
ff00::/8 dev eth0  metric 256
ff00::/8 dev vlan1  metric 256
ff00::/8 dev br0  metric 256
ff00::/8 dev eth1  metric 256
ff00::/8 dev eth2  metric 256
ff00::/8 dev vlan2  metric 256
unreachable default dev lo  metric -1  error -101


So currently IPv6 works fine from DD-WRT, but nothing on devices behind DD-WRT router.

Next step with your help (I hope) :
- Manage IPv6 subnet delegation "xxx1" to assign public IPv6 to my devices behind DD-WRT router : Should I use netmasq for it ? Or RADVD ?

On Windows workstation with the local-link ipv6 address :
- Ping to DD-WRT br0 (fe80::1e88:1abc:ab12:a46a) works fine
- Ping to DD-WRT eth0 (fe80::1e88:1abc:ab12:a468) failed > I think it's normal ; On IPv4 there is no use of this interface by workstation.


Last edited by fdumont on Sun Jun 06, 2021 9:37; edited 1 time in total
Goto page 1, 2, 3  Next Display posts from previous:    Page 1 of 3
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum