[solved] Router Speedport W 724V looses IPv6 conn.

Message

222697 · Post by **222697** » Sat May 02, 2015 7:13 am

Edit:
Solved with firmware version 09011603.00.012

Edit:
Looks, like this is a problem only for (but not necessary limited to) users of proprietary router "Speedport W 724V" deployed by provider German Telekom, when selecting router connection reset interval >24h (86400 s), with firmware version 09011603.00.009

It's a confirmed bug since other users of the above router reported the same problem.

I have IPv6 connection from provider (Edit: German Telekom) and get IPv6 address via ICMPv6 autoconfiguration (SLAAC), I guess.
Device is eth1
(gentoo world is up to date, Linux 3.14.37-gentoo, x86_64)

I enabled IPv6 privacy extension (see here how: https://forums.gentoo.org/viewtopic-t-1016264.html)
In short:
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.eth1.use_tempaddr = 2

IPv6 address was working (MAC address values replaced by xxxx):

Code: Select all

    inet6 2003:58:8f19:98cf:e00a:5eb9:e8cb:5c04/64 scope global temporary dynamic 
       valid_lft 590427sec preferred_lft 71427sec
    inet6 2003:58:8f19:98cf:xxxx:xxxx:xxxx:xxxx/64 scope global mngtmpaddr dynamic 
       valid_lft 604787sec preferred_lft 86387sec

But after some hours I lost IPv6 connectivity, because the above addresses got in state deprecated, allthough the preferred lifetime was not reached. Instead, I got some strange new addresses beginning with ::36, which where not working for connectivity:

Code: Select all

    inet6 ::36:e00a:5eb9:e8cb:5c04/64 scope global temporary dynamic 
       valid_lft 587590sec preferred_lft 68590sec
    inet6 ::36:xxxx:xxxx:xxxx:xxxx/64 scope global mngtmpaddr dynamic 
       valid_lft 602428sec preferred_lft 84028sec

    inet6 2003:58:8f19:98cf:e00a:5eb9:e8cb:5c04/64 scope global temporary deprecated dynamic 
       valid_lft 12073sec preferred_lft 0sec
    inet6 2003:58:8f19:98cf:xxxx:xxxx:xxxx:xxxx/64 scope global deprecated mngtmpaddr dynamic 
       valid_lft 12073sec preferred_lft 0sec

Why did that happen? What are these ::36 addresses?
I needed to reset my provider connection to get a new IPv6 prefix, then the Gentoo box got a new IPv6 management addr and a new privacy extended addr was added, and connectivity was established again.

Do I need to add something in /etc/conf.d/net ? Here is mine

Code: Select all

config_eth1="192.168.2.10/24"
routes_eth1="default via 192.168.2.1"
rc_net_eth1_provide="net"
vlans_eth1="9"
config_eth1_9="null"

192.168.2.1 is the provider router with the IPv6 network
I allow all incoming, forwarding and outgoing ICMPv6 packets in ip6tables.

Provider router device is Telekom Speedport 724V. Also with dhcpcd I get disfunctional addresses via SLAAC, according to log:

Code: Select all

May  3 13:50:05 regen dhcpcd[2854]: version 6.6.7 starting
May  3 13:50:05 regen dhcpcd[2854]: dev: loaded udev
May  3 13:50:05 regen dhcpcd[2854]: DUID 00:01:00:01:1c:d8:xx:xx:xx:xx:xx:xx:xx:xx
May  3 13:50:05 regen dhcpcd[2854]: eth1: IAID xx:xx:xx:xx
May  3 13:50:05 regen dhcpcd[2854]: eth1: soliciting an IPv6 router
May  3 13:50:06 regen dhcpcd[2854]: eth1: Router Advertisement from fe80::1
May  3 13:50:06 regen dhcpcd[2854]: eth1: adding address ::3c:a23:4b0a:xxxx:xxxx/64
May  3 13:50:06 regen dhcpcd[2854]: eth1: adding route to 0:0:0:3c::/64
May  3 13:50:06 regen dhcpcd[2854]: eth1: adding default route via fe80::1
May  3 13:50:06 regen dhcpcd[2854]: eth1: requesting DHCPv6 information
May  3 13:50:35 regen dhcpcd[2854]: timed out
May  3 13:50:35 regen dhcpcd[2854]: forked to background, child pid 2888

This time, it got 3c::/64 prefix, not 36::/64

These addresses break my IPv6 connectivity.

Maybe the router is buggy?

I now extended the preferred lifetime of the privacy extended addresses to be 1h higher then the connection reset interval (currently I selected 4 days) of the provider, and the valid lifetime 2h higher.

UberLord · Post by **UberLord** » Sun May 03, 2015 3:33 pm

Sounds like you have slaac private enabled in dhcpcd.conf (which is the default) and you don't want that?
I don't know how it breaks connectivity for you unless you actively need the MAC based one.

222697 · Post by **222697** » Sun May 03, 2015 4:44 pm

slaac stable private address is enabled in dhcpcd.conf, and I want that.

UberLord · Post by **UberLord** » Sun May 03, 2015 5:42 pm

Can you try upgrading to dhcpcd-6.8.2 ( or 6.8.1 if it's not in portage yet) please?
Also, can you capture the RA via tcpdump and email me offlist if it still fails? roy@marples.name

222697 · Post by **222697** » Mon May 04, 2015 4:58 pm

Hm, it is really the Telekom router that advertises this strange subnet, see screenshot.

"Nutzbarer Adressbereich für LAN" is in English "Usable address range for LAN".

IPv6 for LAN? What does that mean.

Screenshot from Telekom Router Speedport W 724V section IP address information

After reconnecting the router to get new IP address / prefix, it looks better:

Screenshot after router reset

Then rebooting my Gentoo box, it get no IPv6 connection / address via SLAAC. Don't know why.
When then starting dhcpcd manually, I get four different IPv6 addresses in the correct 2003:... subnet.
Two of kind "scope global mngtmpaddr noprefixroute dynamic" and two of kind "scope global temporary dynamic"

Why isn't the box getting SLAAC via ICMPv6 ? Can I force it somehow, without dhcpcd ? Would like to stay at IPv6 builtin privacy extended SLAAC.
Anything else needed to be allowed in ip6tables beside of ICMPv6 ?

Here the ICMPv6 tcpdump:

Code: Select all

# tcpdump -i eth1 icmp6
error : ret -1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
19:51:36.415454 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:51:44.423045 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:51:47.087409 IP6 fe80::1 > ff02::1: ICMP6, router advertisement, length 56
19:51:52.428754 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:52:00.437215 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:52:08.444755 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:52:16.452346 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:52:24.461079 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:52:29.463856 IP6 fe80::1 > ff02::1: ICMP6, router advertisement, length 56
19:52:32.464786 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:52:40.474060 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
19:52:48.481913 IP6 fe80::1 > ff02::1: ICMP6, neighbor advertisement, tgt is fe80::1, length 32

UberLord · Post by **UberLord** » Mon May 04, 2015 10:21 pm

When dhcpcd is started with "slaac private" or ipv6ra_own, it will disable the kernel from listening to RA's.
It's also possible that something other than dhcpcd has done this - check the sysctl output to see.

222697 · Post by **222697** » Tue May 05, 2015 4:35 am

Thanks for the tip.

net.ipv6.conf.eth1.autoconf was 0.

echo 1 >/proc/sys/net/ipv6/conf/eth1/autoconf

did not help, but

emerge --depclean dhcpcd

(which was not running)

and rebooting did the trick, it seems. After Rebooting eth1 got autoconfigured. Unfortunateley, ignoring my privacy extension lifetime settings that I set in /etc/sysctl.d/40-ipv6.conf and seems to be needed to prevent my buggy router going crazy (at least I want to set the preferred lifetime higher than the router connection reset interval). The values are set:

Code: Select all

cat /proc/sys/net/ipv6/conf/eth1/temp_prefered_lft 
349200
cat /proc/sys/net/ipv6/conf/eth1/temp_valid_lft 
352800

But the interface has the default values:

Code: Select all

4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2003:58:8f1a:e05d:e9fa:2409:16c5:c32d/64 scope global temporary dynamic 
       valid_lft 352143sec preferred_lft 86392sec
    inet6 2003:58:8f1a:e05d:xxxx:xxxx:xxxx:xxxx/64 scope global mngtmpaddr dynamic 
       valid_lft 604792sec preferred_lft 86392sec

Man, this is a nerving story. I guess, eth1 is autoconfigured before the temp_ settings are modified via sysctl. WTF.

Edit: No, also after deleting the IPv6 addresses with "ip addr del" manually, they get autoconfigured shortly afterwards with the same default temp_ values again.

UberLord · Post by **UberLord** » Tue May 05, 2015 8:24 am

1970 wrote:Unfortunateley, ignoring my privacy extension lifetime settings that I set in /etc/sysctl.d/40-ipv6.conf and seems to be needed to prevent my buggy router going crazy (at least I want to set the preferred lifetime higher than the router connection reset interval). The values are set:
Code: Select all
cat /proc/sys/net/ipv6/conf/eth1/temp_prefered_lft 
349200
cat /proc/sys/net/ipv6/conf/eth1/temp_valid_lft 
352800
But the interface has the default values:
Code: Select all
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2003:58:8f1a:e05d:e9fa:2409:16c5:c32d/64 scope global temporary dynamic 
       valid_lft 352143sec preferred_lft 86392sec
    inet6 2003:58:8f1a:e05d:xxxx:xxxx:xxxx:xxxx/64 scope global mngtmpaddr dynamic 
       valid_lft 604792sec preferred_lft 86392sec
Man, this is a nerving story. I guess, eth1 is autoconfigured before the temp_ settings are modified via sysctl. WTF.

Edit: No, also after deleting the IPv6 addresses with "ip addr del" manually, they get autoconfigured shortly afterwards with the same default temp_ values again.

It's not clear, but those are maximum values, not forced values.
The lifetime of the address is based on the lifetime of the prefix address offered.
See RFC 4941 section 3.3.1