OpenWrt Forum Archive

Topic: No DHCPv6 response from my ISP

The content of this topic has been archived on 20 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
therealtom
18 Apr 2018, 17:59

Despite following the official documentation, I seem to be unable to properly configure my router for IPv6; which is problematic since my ISP apparently only provides a native IPv6 connection, with IPv4 running over ds-lite. (I'm in Germany and have a VDSL connection). At the PPPoE layer, everything seems to work. I authenticate and a link-local ipv6 is assigned. The problem - at least as far as I can tell - is that I never get a response to my DHCPv6 solicit messages. When I run a tcpdump session on my WAN VLAN, I see my router sending DHCPv6 solicit messages, but a response never comes.

One thing that I did notice, is that the DHCPv6 solicit messages sent by my LEDE router are quite different than the ones sent by my ISP-provided one. I was hoping this would help me configure my router properly, but I've still been unable to find a working configuration on my own, so I'm trying here to see if anyone has any suggestions.

Here's what my LEDE router sends in it's DHCPv6 solicit message:

DHCPv6
    Message type: Solicit (1)
    Transaction ID: 0xa94f62
    Elapsed time
        Option: Elapsed time (8)
        Length: 2
        Value: 012e
        Elapsed time: 3020ms
    Option Request
        Option: Option Request (6)
        Length: 28
        Value: 0015001600170018000c001f00380040004300520053005e...
        Requested Option code: SIP Server Domain Name List (21)
        Requested Option code: SIP Servers IPv6 Address List (22)
        Requested Option code: DNS recursive name server (23)
        Requested Option code: Domain Search List (24)
        Requested Option code: Server unicast (12)
        Requested Option code: Simple Network Time Protocol Server (31)
        Requested Option code: NTP Server (56)
        Requested Option code: Dual-Stack Lite AFTR Name (64)
        Requested Option code: Prefix Exclude (67)
        Requested Option code: SOL_MAX_RT (82)
        Requested Option code: INF_MAX_RT (83)
        Requested Option code: S46 MAP-E Container (94)
        Requested Option code: S46 MAP-T Container (95)
        Requested Option code: S46 Lightweight 4over6 Container (96)
    Client Identifier
        Option: Client Identifier (1)
        Length: 10
        Value: 000300018c3bad1f1dd6
        DUID: 000300018c3bad1f1dd6
        DUID Type: link-layer address (3)
        Hardware type: Ethernet (1)
        Link-layer address: 8c:3b:ad:1f:1d:d6
    Reconfigure Accept
        Option: Reconfigure Accept (20)
        Length: 0
    Fully Qualified Domain Name
        Option: Fully Qualified Domain Name (39)
        Length: 9
        Value: 00066469616c757000
        0000 0... = Reserved: 0x00
        .... .0.. = N bit: Server should perform DNS updates
        .... ..0. = O bit: Server has not overridden client's S bit preference
        .... ...0 = S bit: Server should not perform forward DNS updates
        Client FQDN: dialup
    Identity Association for Non-temporary Address
        Option: Identity Association for Non-temporary Address (3)
        Length: 12
        Value: 000000010000000000000000
        IAID: 00000001
        T1: 0
        T2: 0
    Identity Association for Prefix Delegation
        Option: Identity Association for Prefix Delegation (25)
        Length: 12
        Value: 000000010000000000000000
        IAID: 00000001
        T1: 0
        T2: 0

And here's what my ISP-provided router sends in it's DHCPv6 solicit message (obtained via a debug page on it):

DHCPv6
    Message type: Solicit (1)
    Transaction ID: 0xc0ecf4
    Elapsed time
        Option: Elapsed time (8)
        Length: 2
        Value: 0000
        Elapsed time: 0ms
    Client Identifier
        Option: Client Identifier (1)
        Length: 10
        Value: 000300013431c4283b99
        DUID: 000300013431c4283b99
        DUID Type: link-layer address (3)
        Hardware type: Ethernet (1)
        Link-layer address: 34:31:c4:28:3b:99
    Rapid Commit
        Option: Rapid Commit (14)
        Length: 0
    Identity Association for Prefix Delegation
        Option: Identity Association for Prefix Delegation (25)
        Length: 41
        Value: c4283b990000000000000000001a00190000000000000000...
        IAID: c4283b99
        T1: 0
        T2: 0
        IA Prefix
            Option: IA Prefix (26)
            Length: 25
            Value: 000000000000000000000000000000000000000000000000...
            Preferred lifetime: 0
            Valid lifetime: 0
            Prefix length: 0
            Prefix address: ::
    Reconfigure Accept
        Option: Reconfigure Accept (20)
        Length: 0
    Option Request
        Option: Option Request (6)
        Length: 22
        Value: 00170038001f00190043004000eb0011005200530056
        Requested Option code: DNS recursive name server (23)
        Requested Option code: NTP Server (56)
        Requested Option code: Simple Network Time Protocol Server (31)
        Requested Option code: Identity Association for Prefix Delegation (25)
        Requested Option code: Prefix Exclude (67)
        Requested Option code: Dual-Stack Lite AFTR Name (64)
        Requested Option code: Unknown (235)
        Requested Option code: Vendor-specific Information (17)
        Requested Option code: SOL_MAX_RT (82)
        Requested Option code: INF_MAX_RT (83)
        Requested Option code: PCP Server (86)
    Vendor Class
        Option: Vendor Class (16)
        Length: 4
        Value: 00000368
        Enterprise ID: AVM GmbH (872)

And since it's probably important, here is my network and firewall config:

root@dialup:/etc/config# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd96:980b:0d1c::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.123.1'
        option ip6assign '64'

config interface 'wan'
        option _orig_ifname 'eth0.7'
        option _orig_bridge 'false'
        option proto 'pppoe'
        option username 'xxxxx'
        option password 'xxxxx'
        option ipv6 '1'
        option ifname 'eth0.7'
        option keepalive '30 10'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '1 2 3 4 6'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '7'
        option ports '0t 5t'

config interface 'wan6'
        option proto 'dhcpv6'
        option ifname 'eth0.7'
        option reqaddress 'try'
        option reqprefix 'auto'

        
        
root@dialup:/etc/config# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option input 'REJECT'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port '547'
        option name 'Allow DHCPv6 (546-to-547)'
        option family 'ipv6'
        option src_port '546'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option name 'Allow DHCPv6 (547-to-546)'
        option family 'ipv6'
        option src_port '547'

Any help is greatly appreciated.

Post #2
cvmiller
19 Apr 2018, 05:11

The key difference, appears to be the Vender Class, which tells the DHCPv6 server who is making the request. It _may_ be that they require that. Not sure if there is a way to configure Vender Class on LEDE/OpenWrt.

You _may_ be able to use the custom option number:

https://github.com/sbyx/odhcp6c

Post #3
therealtom
19 Apr 2018, 07:54

So I added the vendor class in for Netgear, but that didn't seem to help unfortunately.

While looking through the packet captures again, I noticed something else that's quite interesting. On my ISP router, the DHCPv6 solicit request is actually sent to a specific MAC address. However on my openwrt router, the DHCPv6 solicit message is sent to a mulicast address (33:33:00:01:00:02). I'm wondering if this is causing my ISP to simply ignore my solicit messages. Is there a way to configure my router to use a specific MAC address instead of a multicast one (and is such behavior even standards-compliant)? Looking through github and the ipv6 doc page I can't seem to find anything.

Post #4
cvmiller
19 Apr 2018, 19:03

Multicast is the RFC standard. I would be surprised if  your ISP was expecting the request to come in on a unicast address.

Have you talked to your ISP?

The discussion might have continued from here.