Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] Router Speedport W 724V looses IPv6 conn.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
1970
n00b
n00b


Joined: 07 May 2010
Posts: 55

PostPosted: Sat May 02, 2015 7:13 am    Post subject: [solved] Router Speedport W 724V looses IPv6 conn. Reply with quote

Edit:
Solved with firmware version 09011603.00.012

Edit:
Looks, like this is a problem only for (but not necessary limited to) users of proprietary router "Speedport W 724V" deployed by provider German Telekom, when selecting router connection reset interval >24h (86400 s), with firmware version 09011603.00.009

It's a confirmed bug since other users of the above router reported the same problem.

I have IPv6 connection from provider (Edit: German Telekom) and get IPv6 address via ICMPv6 autoconfiguration (SLAAC), I guess.
Device is eth1
(gentoo world is up to date, Linux 3.14.37-gentoo, x86_64)

I enabled IPv6 privacy extension (see here how: https://forums.gentoo.org/viewtopic-t-1016264.html)
In short:
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.eth1.use_tempaddr = 2

IPv6 address was working (MAC address values replaced by xxxx):
Code:

    inet6 2003:58:8f19:98cf:e00a:5eb9:e8cb:5c04/64 scope global temporary dynamic
       valid_lft 590427sec preferred_lft 71427sec
    inet6 2003:58:8f19:98cf:xxxx:xxxx:xxxx:xxxx/64 scope global mngtmpaddr dynamic
       valid_lft 604787sec preferred_lft 86387sec


But after some hours I lost IPv6 connectivity, because the above addresses got in state deprecated, allthough the preferred lifetime was not reached. Instead, I got some strange new addresses beginning with ::36, which where not working for connectivity:
Code:

    inet6 ::36:e00a:5eb9:e8cb:5c04/64 scope global temporary dynamic
       valid_lft 587590sec preferred_lft 68590sec
    inet6 ::36:xxxx:xxxx:xxxx:xxxx/64 scope global mngtmpaddr dynamic
       valid_lft 602428sec preferred_lft 84028sec

    inet6 2003:58:8f19:98cf:e00a:5eb9:e8cb:5c04/64 scope global temporary deprecated dynamic
       valid_lft 12073sec preferred_lft 0sec
    inet6 2003:58:8f19:98cf:xxxx:xxxx:xxxx:xxxx/64 scope global deprecated mngtmpaddr dynamic
       valid_lft 12073sec preferred_lft 0sec

Why did that happen? What are these ::36 addresses?
I needed to reset my provider connection to get a new IPv6 prefix, then the Gentoo box got a new IPv6 management addr and a new privacy extended addr was added, and connectivity was established again.

Do I need to add something in /etc/conf.d/net ? Here is mine
Code:

config_eth1="192.168.2.10/24"
routes_eth1="default via 192.168.2.1"
rc_net_eth1_provide="net"
vlans_eth1="9"
config_eth1_9="null"

192.168.2.1 is the provider router with the IPv6 network
I allow all incoming, forwarding and outgoing ICMPv6 packets in ip6tables.

Provider router device is Telekom Speedport 724V. Also with dhcpcd I get disfunctional addresses via SLAAC, according to log:
Code:

May  3 13:50:05 regen dhcpcd[2854]: version 6.6.7 starting
May  3 13:50:05 regen dhcpcd[2854]: dev: loaded udev
May  3 13:50:05 regen dhcpcd[2854]: DUID 00:01:00:01:1c:d8:xx:xx:xx:xx:xx:xx:xx:xx
May  3 13:50:05 regen dhcpcd[2854]: eth1: IAID xx:xx:xx:xx
May  3 13:50:05 regen dhcpcd[2854]: eth1: soliciting an IPv6 router
May  3 13:50:06 regen dhcpcd[2854]: eth1: Router Advertisement from fe80::1
May  3 13:50:06 regen dhcpcd[2854]: eth1: adding address ::3c:a23:4b0a:xxxx:xxxx/64
May  3 13:50:06 regen dhcpcd[2854]: eth1: adding route to 0:0:0:3c::/64
May  3 13:50:06 regen dhcpcd[2854]: eth1: adding default route via fe80::1
May  3 13:50:06 regen dhcpcd[2854]: eth1: requesting DHCPv6 information
May  3 13:50:35 regen dhcpcd[2854]: timed out
May  3 13:50:35 regen dhcpcd[2854]: forked to background, child pid 2888


This time, it got 3c::/64 prefix, not 36::/64

These addresses break my IPv6 connectivity.

Maybe the router is buggy?

I now extended the preferred lifetime of the privacy extended addresses to be 1h higher then the connection reset interval (currently I selected 4 days) of the provider, and the valid lifetime 2h higher.


Last edited by 1970 on Thu Jul 30, 2015 7:21 pm; edited 10 times in total
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6756
Location: Blighty

PostPosted: Sun May 03, 2015 3:33 pm    Post subject: Reply with quote

Sounds like you have slaac private enabled in dhcpcd.conf (which is the default) and you don't want that?
I don't know how it breaks connectivity for you unless you actively need the MAC based one.
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
1970
n00b
n00b


Joined: 07 May 2010
Posts: 55

PostPosted: Sun May 03, 2015 4:44 pm    Post subject: Reply with quote

slaac stable private address is enabled in dhcpcd.conf, and I want that.
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6756
Location: Blighty

PostPosted: Sun May 03, 2015 5:42 pm    Post subject: Reply with quote

Can you try upgrading to dhcpcd-6.8.2 ( or 6.8.1 if it's not in portage yet) please?
Also, can you capture the RA via tcpdump and email me offlist if it still fails? roy@marples.name
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
1970
n00b
n00b


Joined: 07 May 2010
Posts: 55

PostPosted: Mon May 04, 2015 4:58 pm    Post subject: Reply with quote

Hm, it is really the Telekom router that advertises this strange subnet, see screenshot.

"Nutzbarer Adressbereich für LAN" is in English "Usable address range for LAN".

IPv6 for LAN? What does that mean.

Screenshot from Telekom Router Speedport W 724V section IP address information

After reconnecting the router to get new IP address / prefix, it looks better:

Screenshot after router reset

Then rebooting my Gentoo box, it get no IPv6 connection / address via SLAAC. Don't know why.
When then starting dhcpcd manually, I get four different IPv6 addresses in the correct 2003:... subnet.
Two of kind "scope global mngtmpaddr noprefixroute dynamic" and two of kind "scope global temporary dynamic"

Why isn't the box getting SLAAC via ICMPv6 ? Can I force it somehow, without dhcpcd ? Would like to stay at IPv6 builtin privacy extended SLAAC.
Anything else needed to be allowed in ip6tables beside of ICMPv6 ?

Here the ICMPv6 tcpdump:
Code:

# tcpdump -i eth1 icmp6
error : ret -1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
19:51:36.415454 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:51:44.423045 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:51:47.087409 IP6 fe80::1 > ff02::1: ICMP6, router advertisement, length 56
19:51:52.428754 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:52:00.437215 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:52:08.444755 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:52:16.452346 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:52:24.461079 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:52:29.463856 IP6 fe80::1 > ff02::1: ICMP6, router advertisement, length 56
19:52:32.464786 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:52:40.474060 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:52:48.481913 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6756
Location: Blighty

PostPosted: Mon May 04, 2015 10:21 pm    Post subject: Reply with quote

When dhcpcd is started with "slaac private" or ipv6ra_own, it will disable the kernel from listening to RA's.
It's also possible that something other than dhcpcd has done this - check the sysctl output to see.
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
1970
n00b
n00b


Joined: 07 May 2010
Posts: 55

PostPosted: Tue May 05, 2015 4:35 am    Post subject: Reply with quote

Thanks for the tip.

net.ipv6.conf.eth1.autoconf was 0.

echo 1 >/proc/sys/net/ipv6/conf/eth1/autoconf

did not help, but

emerge --depclean dhcpcd

(which was not running)

and rebooting did the trick, it seems. After Rebooting eth1 got autoconfigured. Unfortunateley, ignoring my privacy extension lifetime settings that I set in /etc/sysctl.d/40-ipv6.conf and seems to be needed to prevent my buggy router going crazy (at least I want to set the preferred lifetime higher than the router connection reset interval). The values are set:
Code:

cat /proc/sys/net/ipv6/conf/eth1/temp_prefered_lft
349200
cat /proc/sys/net/ipv6/conf/eth1/temp_valid_lft
352800


But the interface has the default values:

Code:

4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2003:58:8f1a:e05d:e9fa:2409:16c5:c32d/64 scope global temporary dynamic
       valid_lft 352143sec preferred_lft 86392sec
    inet6 2003:58:8f1a:e05d:xxxx:xxxx:xxxx:xxxx/64 scope global mngtmpaddr dynamic
       valid_lft 604792sec preferred_lft 86392sec


Man, this is a nerving story. I guess, eth1 is autoconfigured before the temp_ settings are modified via sysctl. WTF.

Edit: No, also after deleting the IPv6 addresses with "ip addr del" manually, they get autoconfigured shortly afterwards with the same default temp_ values again.
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6756
Location: Blighty

PostPosted: Tue May 05, 2015 8:24 am    Post subject: Reply with quote

1970 wrote:
Unfortunateley, ignoring my privacy extension lifetime settings that I set in /etc/sysctl.d/40-ipv6.conf and seems to be needed to prevent my buggy router going crazy (at least I want to set the preferred lifetime higher than the router connection reset interval). The values are set:
Code:

cat /proc/sys/net/ipv6/conf/eth1/temp_prefered_lft
349200
cat /proc/sys/net/ipv6/conf/eth1/temp_valid_lft
352800


But the interface has the default values:

Code:

4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2003:58:8f1a:e05d:e9fa:2409:16c5:c32d/64 scope global temporary dynamic
       valid_lft 352143sec preferred_lft 86392sec
    inet6 2003:58:8f1a:e05d:xxxx:xxxx:xxxx:xxxx/64 scope global mngtmpaddr dynamic
       valid_lft 604792sec preferred_lft 86392sec


Man, this is a nerving story. I guess, eth1 is autoconfigured before the temp_ settings are modified via sysctl. WTF.

Edit: No, also after deleting the IPv6 addresses with "ip addr del" manually, they get autoconfigured shortly afterwards with the same default temp_ values again.


It's not clear, but those are maximum values, not forced values.
The lifetime of the address is based on the lifetime of the prefix address offered.
See RFC 4941 section 3.3.1
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
1970
n00b
n00b


Joined: 07 May 2010
Posts: 55

PostPosted: Tue May 05, 2015 5:41 pm    Post subject: Reply with quote

I found this:

'One Prefix Information option field, the
"autonomous address-configuration flag", indicates whether or not the
option even applies to stateless autoconfiguration. If it does,
additional option fields contain a subnet prefix, together with
lifetime values, indicating how long addresses created from the
prefix remain preferred and valid.'

(source: https://www.ietf.org/rfc/rfc4862.txt)

Edit: Looks, like the preferred_lft is resetted every now and then (few seconds/minutes) for some reason I don't know to 86400. Only the valid_lft seems to decrease steadily from my kernel defined value of 352800. So, looks quite good for now :?

Yeah, these are the adventures of early adopters (I mean, I did use HE tunnelbroker IPv6 through IPv4 some years ago also just for fun, did not make such a pain, these HE guys seemed really professional to me...allthough, with the HE tunnel You had no privacy extension at all, that was the bad thing about it), like with the whole Internet thing back in 1996 :)
Remember Trumpet Winsock anyone ? :) (Domain not from me)

Edit:
With Telekom propieretary router connection interval of 4d the IPv6 connection still goes down after 24h or so.

For all the geeks out there, the German Wikipedia article about IPv6 is more detailed than the English one... ;)
It says, the RA messages are ICMPv6 type 134 and in that, the preferred and valid lifeteime of the advertised route is included. Also, it says, that on client side defined preferred and valid lifetime values for interfaces are only used for statically defined interfaces (not via SLAAC / neighborhood discovery / whatever, what is my case).
To get the roter advertised prefix lifetime values, You can use this command (for NIC eth1 in this case):
Code:

# tcpdump -v -ni eth1 'icmp6 and (ip6[40] == 134)'
error : ret -1
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
18:32:45.654743 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::1 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56
        hop limit 255, Flags [other stateful], pref high, router lifetime 1800s, reachable time 30000s, retrans time 1000s
          prefix info option (3), length 32 (4): 2003:58:8f25:b2b5::/64, Flags [onlink, auto], valid time 604800s, pref. time 86400s
          mtu option (5), length 8 (1):  1492

So, the preferred lifetime of the RA prefix is 86400s = 24h. That does not change, either if I configure connection reset interval of the Telekom router from 24h to 4d. It is all the time 86400. I guess, that is the problem.
I think, a bug report should be opened to Telekom. Just now, I changed the connection reset interval to 24h and will see, if the IPv6 connection will stay alife after next connection reset and new prefix RA.

Edit: It's a confirmed bug of the router, as other users of the router reported exactly the same problem.
Therefore I now disabled IPv6.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum