Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
no IPv6 Routers available
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
hujuice
Apprentice
Apprentice


Joined: 16 Oct 2007
Posts: 277
Location: Rome, Italy

PostPosted: Fri Jan 20, 2017 2:15 pm    Post subject: no IPv6 Routers available Reply with quote

I'm a bit confused, maybe because I'm an IPv6 newbie :?

I've from a couple of days an IPv6 able ISP at home.
The router (a stupid Technicolor TG789vac v2 with a stupid web UI) is configured to have DHCPv4 disabled (I run my own elsewhere with dnsmasq) and
Code:
IPv6 State: disabled (I cannot manage it)
Advertising prefix: xxxx:xxxx:xxxx:xxxx::/64 (I obviously cannot manage it)
Stateless Address Autoconfiguration: disabled (I cannot manage it)
Use Stateless DHCPv6 Server: enabled (but I can disable it)


I did the homework: CONFIG_IPV6=m, USE="ipv6" and dhcpcd default configuration enabled in /etc/conf.d/net.eth0.

My first attempt has been in my laptop and everything goes fine: I've an IPv6 2001::/64 address and I can ping it from the Internet. Here is the dhcpcd log:
grep dhcp /var/log/syslog/messages:
Jan 20 14:26:06 lap dhcpcd[26579]: eth0: waiting for carrier
Jan 20 14:26:09 lap dhcpcd[26579]: eth0: carrier acquired
Jan 20 14:26:09 lap dhcpcd[26579]: eth0: adding address fe80::6815:7ade:5fcb:177c
Jan 20 14:26:10 lap dhcpcd[26579]: DUID 00:01:00:01:1f:f9:32:08:00:23:8b:5d:7a:fb
Jan 20 14:26:10 lap dhcpcd[26579]: eth0: IAID 8b:5d:7a:fb
Jan 20 14:26:10 lap dhcpcd[26579]: eth0: soliciting an IPv6 router
Jan 20 14:26:10 lap dhcpcd[26579]: eth0: rebinding lease of 192.168.0.11
Jan 20 14:26:14 lap dhcpcd[26579]: eth0: probing address 192.168.0.11/24
Jan 20 14:26:16 lap dhcpcd[26579]: eth0: Router Advertisement from fe80::e2b9:e5ff:fea8:5588
Jan 20 14:26:16 lap dhcpcd[26579]: eth0: adding address 2001:b07:a13:5536:xxxx:xxxx:xxxx:xxxx/64
Jan 20 14:26:16 lap dhcpcd[26579]: eth0: adding route to 2001:b07:a13:5536::/64
Jan 20 14:26:16 lap dhcpcd[26579]: eth0: adding default route via fe80::e2b9:e5ff:fea8:5588
Jan 20 14:26:16 lap dhcpcd[26579]: eth0: requesting DHCPv6 information
Jan 20 14:26:20 lap dhcpcd[26579]: eth0: leased 192.168.0.11 for infinity
Jan 20 14:26:20 lap dhcpcd[26579]: eth0: adding route to 192.168.0.0/24
Jan 20 14:26:20 lap dhcpcd[26579]: eth0: adding default route via 192.168.0.254
Jan 20 14:26:20 lap dhcpcd[26579]: forked to background, child pid 26770

(The IPv6 address could be some kind of tunneling, not managed by me: https://en.wikipedia.org/wiki/Teredo_tunneling#IPv6_addressing)

My second attempt (my desktop, same homework) has failed. I've the link local address only (fe80:: ) but the router advertising doesn't work:
grep dhcp /var/log/syslog/messages:
Jan 20 14:26:38 box dhcpcd[22627]: eth0: adding address fe80::62a4:4cff:fe58:696d
Jan 20 14:26:38 box dhcpcd[22627]: eth0: waiting for carrier
Jan 20 14:26:44 box dhcpcd[22627]: eth0: carrier acquired
Jan 20 14:26:44 box dhcpcd[22627]: DUID 00:01:00:01:20:12:72:80:60:a4:4c:58:69:6d
Jan 20 14:26:44 box dhcpcd[22627]: eth0: IAID 4c:58:69:6d
Jan 20 14:26:45 box dhcpcd[22627]: eth0: rebinding lease of 192.168.0.10
Jan 20 14:26:45 box dhcpcd[22627]: eth0: soliciting an IPv6 router
Jan 20 14:26:49 box dhcpcd[22627]: eth0: probing address 192.168.0.10/24
Jan 20 14:26:54 box dhcpcd[22627]: eth0: leased 192.168.0.10 for infinity
Jan 20 14:26:54 box dhcpcd[22627]: eth0: adding route to 192.168.0.0/24
Jan 20 14:26:54 box dhcpcd[22627]: eth0: adding default route via 192.168.0.254
Jan 20 14:26:54 box dhcpcd[22627]: forked to background, child pid 22814
Jan 20 14:26:58 box dhcpcd[22814]: eth0: no IPv6 Routers available


In this failed attempt, I can lsmod the ipv6 module and if I cat /proc/sys/net/ipv6/conf/*/* I obtain the same output in both machines.
I noticed that while /proc/sys/net/ipv6/conf/all/accept_ra is 1, /proc/sys/net/ipv6/conf/eth0/accept_ra is 0. This value is the same in the working laptop.
Trying to force it to 1 has no result and the value is set back to 0 when I restart the interface.

What else? Where am I wrong? What do I omit?
Which part of the knowledge should I cover to look for an error?

Thanks to everybody that can help.
HUjuice
_________________
Who hasn't a spine, should have a method.
Chi non ha carattere, deve pur avere un metodo.
Back to top
View user's profile Send private message
gordonp
Tux's lil' helper
Tux's lil' helper


Joined: 23 May 2005
Posts: 89

PostPosted: Sun Jan 22, 2017 4:44 am    Post subject: Reply with quote

Hi, hujuice:

I have been using IPv6 for a while, and I have forgotten many of the struggles I went through... I may be forgetting stuff and therefore not so helpful, but I'll try:

First - it sounds like you've probably got a good foundation, if your laptop is working. When your laptop can ping and be pinged, are you going through your switch? I think you need to know that all your basic networking equipment is working OK with IPv6. You might even swap switch-ports between your laptop and desktop, to ensure that all your hardware is solid, and the problem does not lie within even your cables!

Second: The real problem you seem to have is that your desktop isn't automagically working with IPv6. So, I wonder if you can *manually* add an IPv6 address to your desktop machine? I use a mix of SLAAC and manually-assigned addresses, and the relevant sort of config from /etc/conf.d/net:

Code:
config_eth0="192.168.0.zyx/24
 2001:aaa:bbbb:cc::zyx/64"


Obviously, you'll choose an address within your assigned /64. What I'd like to have you try:
-run 'ifconfig' and verify that you have your expected IPv6 address.
-ping the laptop. Use the laptop to ping your desktop
-ping something outside; I tend to beat on ipv6.google.com quite a bit :-)

Once you are certain that your desktop is actually, provably IPv6-able, then you can begin to look into the Router Announcement stuff. And, I don't think I did anything special, but I see that my machines *do* have:
Code:
/proc/sys/net/ipv6/conf/eth0/accept_ra contains 1


HTH!
Back to top
View user's profile Send private message
gordonp
Tux's lil' helper
Tux's lil' helper


Joined: 23 May 2005
Posts: 89

PostPosted: Sun Jan 22, 2017 4:53 am    Post subject: Reply with quote

Oh, I just had another idea: Firewalls!

On your laptop, can you look at:

ip6tables -L -n

...and see how it looks on your desktop with the same command?

You could try "allow everything", just for testing:

Code:
# ip6tables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 


And later tighten it up to include something along the lines:

Code:
#   (Applies to packets entering our network interface from the network,
#   and addressed to this host.)

$IP6TABLES -A INPUT -m conntrack --ctstate INVALID -j DROP
$IP6TABLES -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# IMPORTANT ICMP
$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type router-advertisement -j ACCEPT
$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type router-solicitation -j ACCEPT
$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type neighbour-advertisement -j ACCEPT
$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type neighbour-solicitation -j ACCEPT

# we will permit ping, but rate-limit type 8 to prevent DoS-attack
$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type destination-unreachable -j ACCEPT
$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type packet-too-big -j ACCEPT
$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type time-exceeded -j ACCEPT
$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type parameter-problem -j ACCEPT
$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type echo-request --match limit --limit 30/minute -j ACCEPT
$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type echo-reply -j ACCEPT
Back to top
View user's profile Send private message
hujuice
Apprentice
Apprentice


Joined: 16 Oct 2007
Posts: 277
Location: Rome, Italy

PostPosted: Sun Jan 22, 2017 1:52 pm    Post subject: Reply with quote

gordonp wrote:
Hi, hujuice:

I have been using IPv6 for a while, and I have forgotten many of the struggles I went through... I may be forgetting stuff and therefore not so helpful, but I'll try:

First - it sounds like you've probably got a good foundation, if your laptop is working. When your laptop can ping and be pinged, are you going through your switch? I think you need to know that all your basic networking equipment is working OK with IPv6. You might even swap switch-ports between your laptop and desktop, to ensure that all your hardware is solid, and the problem does not lie within even your cables!

Second: The real problem you seem to have is that your desktop isn't automagically working with IPv6. So, I wonder if you can *manually* add an IPv6 address to your desktop machine? I use a mix of SLAAC and manually-assigned addresses, and the relevant sort of config from /etc/conf.d/net:

Code:
config_eth0="192.168.0.zyx/24
 2001:aaa:bbbb:cc::zyx/64"


Obviously, you'll choose an address within your assigned /64. What I'd like to have you try:
-run 'ifconfig' and verify that you have your expected IPv6 address.
-ping the laptop. Use the laptop to ping your desktop
-ping something outside; I tend to beat on ipv6.google.com quite a bit :-)

Once you are certain that your desktop is actually, provably IPv6-able, then you can begin to look into the Router Announcement stuff. And, I don't think I did anything special, but I see that my machines *do* have:
Code:
/proc/sys/net/ipv6/conf/eth0/accept_ra contains 1


HTH!


Thank you for your answer, gordonp.

I tried to swap the switch ports, with no result.
iptables and the netfilter kernel modules collection are not in my desktop.

I can try to manually set the desktop IPv6 address. I built the address in the SLAAC hardware way (the end of the page, here: http://www.ciscopress.com/articles/article.asp?p=2154680).
As result, I can ping6 the laptop, in the same /64 subnet. But what about the default gateway?

The laptop has the scope link IPv6 address of the modem as default IPv6 gateway. So
ip -6 route:
2001:b07:2ec:c38::/64 dev eth0  proto kernel  metric 2  mtu 1472 pref medium
fe80::/64 dev eth0  proto kernel  metric 256  pref medium
default via fe80::e2b9:e5ff:fea8:5588 dev eth0  metric 2  mtu 1472 pref medium

(fe80::e2b9:e5ff:fea8:5588 is the scope link of the modem, I can see it in the modem administration UI)

I can try to manually do the same in the desktop, but it doesn't still work.
ping6 -c2 google.com:
PING google.com(mil04s28-in-x0e.1e100.net) 56 data bytes

--- google.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms

The ping6 hangs as if the response could not reach back my machine, as if the router - not aware of my manual configuration - refuses the unrecognised destination.

That's not the end of the story.
I've a third computer. Yet another different story.

The third computer (another desktop in front of the sofa), same network configuration, acquire via DHCPv6 an apparently good IPv6 address, but I'm unable to ping6 externally. The route is assigned:
ip -6 route:
2001:b07:2ec:c38::/64 dev eth0  proto kernel  metric 256  expires 24692sec mtu 1472 pref medium
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1472 pref medium
default via fe80::e2b9:e5ff:fea8:5588 dev eth0  proto ra  metric 1024  expires 1741sec mtu 1472 hoplimit 64 pref medium

but this route (note that the parameters are different) doesn't make its job.
iptables and netfilter are absent here too.
What's funny is that this time:
sysctl net.ipv6.conf.eth0.accept_ra:
net.ipv6.conf.eth0.accept_ra = 1


Really a jam, for me. I'm normally a neat guy managing my systems. I don't believe that the differences could be caused by some fuzzy configurations.
I absolutely need a better knowledge, but I really don't know where to look for.

Regards,
HUjuice
_________________
Who hasn't a spine, should have a method.
Chi non ha carattere, deve pur avere un metodo.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5588

PostPosted: Sun Jan 22, 2017 6:34 pm    Post subject: Reply with quote

accept_ra is 0 because you're running dhcpcd which disables it.
Back to top
View user's profile Send private message
ChrisJumper
Advocate
Advocate


Joined: 12 Mar 2005
Posts: 2206
Location: Germany

PostPosted: Mon Jan 23, 2017 6:07 pm    Post subject: Reply with quote

Take a look at:

Code:
[I] net-misc/radvd
     Verfügbare Versionen:   1.9.8 2.13 2.14 ~2.15 ~2.15-r1 {selinux test KERNEL="FreeBSD"}
     Installierte Versionen: 2.14(22:49:41 30.09.2016)(-selinux -test KERNEL="-FreeBSD")
     Startseite:             http://v6web.litech.org/radvd/
     Beschreibung:           Linux IPv6 Router Advertisement Daemon


And the route -6 command.

Edit: So i am back now, with more time. Your /64 Address do not allow you to assign different sub networks. But like a Wireless LAN or a normal Computer with a switch Network, you do not need that.

The best part is that, if your network operate normally you do not need to specify a route. Because ipv6 have more automatism in its self organizations.

Cant you just enable ipv6 in your ISPs router? The normal configuration is, that on that your ISP-router run the Router Advertisment Daemon (radvd).

Edit2:
Quote:
The laptop has the scope link IPv6 address of the modem as default IPv6 gateway. So
ip -6 route:
2001:b07:2ec:c38::/64 dev eth0  proto kernel  metric 2  mtu 1472 pref medium
fe80::/64 dev eth0  proto kernel  metric 256  pref medium
default via fe80::e2b9:e5ff:fea8:5588 dev eth0  metric 2  mtu 1472 pref medium

(fe80::e2b9:e5ff:fea8:5588 is the scope link of the modem, I can see it in the modem administration UI)

I can try to manually do the same in the desktop, but it doesn't still work.
ping6 -c2 google.com:
PING google.com(mil04s28-in-x0e.1e100.net) 56 data bytes

--- google.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms


The fe80 addresses are special, if you use them you have add the Name of your Network Interface Card (NIC), which is connected to that Interface. For example, if your Laptop is connected over the eth3 Network Interface Card, with a switch and the switch with the modem. You can ping that modem from your Laptop by using:

Code:
ping6 fe80::e2b9:e5ff:fea8:5588%eth3


I am just a little bit confused that your Laptop got a working route and your desktop doesn't. Maybe your Laptop using different settings for WLAN, or your WLAN Router handle the Router advertisement by itself for Wireless connections?

The fe80 Addresses did not work like normal IP Addresses, they are just for the neighbour solication and its not design to speak with a neighbours neighbour or neighbours neighbours neighbour.

And for example, you see that the fe80 address is "bind" to the Hardware Mac Adress. Your WIFI Laptop use another NIC on the Router as gateway then your Routers 1GB-LAN Port, for example. And then this address is not reachable from your wired LAN Network.
Back to top
View user's profile Send private message
hujuice
Apprentice
Apprentice


Joined: 16 Oct 2007
Posts: 277
Location: Rome, Italy

PostPosted: Sun Jan 29, 2017 6:47 pm    Post subject: Reply with quote

I resolved, but this is conceptually unresolved for me.

My suspect started when I added the netfilter support to my kernel, obtaining... a panic!
So, I threw away my kernel configuration and completely started a new config. That has been enough to have IPv6 based on RA happily running.

It is difficult for me to understand the reasons.
I also removed many virtualization and cgroups and vlan and bridging features, so the diff has become more than 1000 lines.
Sure, my knowledge and my understanding are always the same, when I configure a new kernel from scratch.
Also, the kernel panic caused by the netfilter support is difficult to explain. I can explain a failure, not a panic.
So, I can only suppose that some kind of dependency corruption has been generated after years of 'make oldconfig' operations.
Or what else?

The problem, anyway, was caused by my kernel.

Regards,
HUjuice
_________________
Who hasn't a spine, should have a method.
Chi non ha carattere, deve pur avere un metodo.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum