Server Bug Fix: IPv6 network fails on Linux router

Original Source Link

IPv6 fails on ARMBIAN router

I have a armbian box (RK3328 board + 1GB DDR3 + 8GB eMMC). The box has only one NIC, and acts as a linux one-armed router. IPv4 network works normally, but IPv6 fails.

I successfully got IPv6 prefix of /64 by using OpenWrt as my home router.

I had read a lots of pages, including:

https://help.ubuntu.com/community/ADSLPPPoE

http://www.routereflector.com/2016/10/enabling-ipv6-via-pppoe-on-a-telecom-italia-tim-link/

https://wiki.archlinux.org/index.php/IPv6_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)
https://vk5tu.livejournal.com/37206.html

https://blog.affien.com/archives/2015/05/28/setup-ubuntu-ipv4ipv6-router-for-vlan-tagged-pppoe-internet-connection/comment-page-1/

VLAN division

There is only one NIC, so I connect the ARMBIAN box with a switch that support VLAN. The two subnet of eth0 on ARMBIAN box:

  • eth0.1, act as LAN interfaceï¼›

  • eth0.2, act as WAN interface;

My configurations

  • /etc/network/interfaces
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
iface eth0 inet static
        address 192.168.80.1
        netmask 255.255.255.0
iface eth0 inet dhcp
iface eth0 inet manual

## LAN
auto  eth0.1
iface eth0.1 inet static
        vlan-raw-device eth0
        address 192.168.8.1
        netmask 255.255.255.0
        post-up ip route del 192.168.8.0/24
        post-up ip route add 192.168.8.0/24 dev eth0.1

## WAN
auto  eth0.2
iface eth0.2 inet static
        vlan-raw-device eth0
        up ip link set eth0.2 promisc on
        address 192.168.1.2
        netmask 255.255.255.0
iface eth0.2 inet ppp
        pre-up ip link set dev eth0.2 up
        provider ct0
        post-down ip link set dev eth0.2 down

  • /etc/sysctl.conf
##
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.ppp0.disable_ipv6 = 0
net.ipv6.conf.eth0/1.disable_ipv6 = 0
net.ipv6.conf.eth0/2.disable_ipv6 = 0
net.ipv6.conf.eth0.disable_ipv6 = 0

net.ipv6.conf.all.forwarding=2
net.ipv6.conf.default.forwarding=2
net.ipv6.conf.ppp0.forwarding=2
net.ipv6.conf.eth0/2.forwarding=2
net.ipv6.conf.eth0/1.forwarding=2

net.ipv6.conf.all.accept_ra=2
net.ipv6.conf.default.accept_ra=2
net.ipv6.conf.ppp0.accept_ra=2
net.ipv6.conf.eth0/2.accept_ra=2
net.ipv6.conf.eth0/1.accept_ra=2

net.ipv6.conf.default.use_tempaddr=2
net.ipv6.conf.all.use_tempaddr=2

  • /etc/wide-dhcpv6/dhcp6c.conf
profile default
{
  request domain-name-servers;
  request domain-name;
  script "/etc/wide-dhcpv6/dhcp6c-script";
};
interface ppp0 {
  # Request a prefix delegation
  send ia-pd 1;
};
id-assoc pd 1 {
  prefix-interface eth0 {
    # 8 bits for subnetting
    sla-len 0;
    # Our subnet is VLAN 1
    sla-id 1;
    # Our interface has address ...::1
    ifid 1;
  };
};
  • PPP
[email protected]:~# cat /etc/ppp/options
lock
noauth
persist

lcp-echo-interval 1
lcp-echo-failure 10
maxfail 0
holdoff 5

+ipv6 ipv6cp-use-ipaddr

[email protected]:~# cat /etc/ppp/peers/ct0
# Minimalistic default options file for DSL/PPPoE connections
debug
noipdefault
defaultroute
replacedefaultroute
connect /bin/true
hide-password
#lcp-echo-interval 30
#lcp-echo-failure 4
noauth
persist
mtu 1508
mru 1508
persist
#maxfail 0
#holdoff 20
noaccomp
default-asyncmap
bsdcomp 15
deflate 15
plugin rp-pppoe.so eth0.2
user "***@163.gd"
usepeerdns
unit 0
ipv6 ,

Outputs of commands

  • IP command
[email protected]:~# ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
4: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::c489:7aff:fe80:5b6f/64 scope link
       valid_lft forever preferred_lft forever
13: [email protected]: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::c489:7aff:fe80:5b6f/64 scope link
       valid_lft forever preferred_lft forever
17: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 state UNKNOWN qlen 3
    inet6 fe80::6040:7862:123a:a789/10 scope link
       valid_lft forever preferred_lft forever
[email protected]:~# ip -6 r
dead:beef:1::/64 dev eth0.1 proto kernel metric 256  expires 72657sec pref medium
fe80::/10 dev ppp0 metric 1  pref medium
fe80::/10 dev ppp0 proto kernel metric 256  pref medium
default via fe80::1 dev eth0.2 proto ra metric 1024  expires 43sec hoplimit 64 pref medium
default via fe80::b638:6ff:febe:11 dev ppp0 proto ra metric 1024  expires 1750sec pref medium
  • fgrep pppd /var/log/messages
May 24 12:16:50 Chainedbox pppd[30775]: Plugin rp-pppoe.so loaded.
May 24 12:16:50 Chainedbox pppd[30802]: pppd 2.4.7 started by root, uid 0
May 24 12:16:50 Chainedbox pppd[30802]: PPP session is 20763
May 24 12:16:50 Chainedbox pppd[30802]: Connected to b6:38:06:be:00:11 via interface eth0.2
May 24 12:16:50 Chainedbox pppd[30802]: Using interface ppp0
May 24 12:16:50 Chainedbox pppd[30802]: Connect: ppp0 <--> eth0.2
May 24 12:16:50 Chainedbox pppd[30802]: Remote message: Authentication success,Welcome!
May 24 12:16:50 Chainedbox pppd[30802]: PAP authentication succeeded
May 24 12:16:50 Chainedbox pppd[30802]: peer from calling number B6:38:06:BE:00:11 authorized
May 24 12:16:50 Chainedbox pppd[30802]: local  LL address fe80::6040:7862:123a:a789
May 24 12:16:50 Chainedbox pppd[30802]: remote LL address fe80::b638:06ff:febe:0011
May 24 12:16:50 Chainedbox pppd[30802]: local  IP address 116.21.137.6
May 24 12:16:50 Chainedbox pppd[30802]: remote IP address 116.21.136.1
May 24 12:16:50 Chainedbox pppd[30802]: primary   DNS address 202.96.128.86
May 24 12:16:50 Chainedbox pppd[30802]: secondary DNS address 202.96.134.133
May 24 12:16:50 Chainedbox pppd[24622]: Exit.
  • Ping and tcpdump
[email protected]:~# ping6 -c 4 240c::6666
PING 240c::6666(240c::6666) 56 data bytes

--- 240c::6666 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3078ms

[email protected]:~# ping6 fe80::6040:7862:123a:a789
connect: Invalid argument

[email protected]:~# ping6 fe80::b638:06ff:febe:0011
connect: Invalid argument

When ping6 240c::6666, I get the following outputs:

[email protected]:~# tcpdump -i eth0.2 -p ip6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.2, link-type EN10MB (Ethernet), capture size 262144 bytes
18:03:43.439708 IP6 Chainedbox > 240c::6666: ICMP6, echo request, seq 69, length 64
18:03:44.463572 IP6 Chainedbox > 240c::6666: ICMP6, echo request, seq 70, length 64
18:03:45.474450 IP6 gateway > Chainedbox: ICMP6, neighbor solicitation, who has Chainedbox, length 32
18:03:45.474546 IP6 Chainedbox > gateway: ICMP6, neighbor advertisement, tgt is Chainedbox, length 24
18:03:45.487595 IP6 Chainedbox > 240c::6666: ICMP6, echo request, seq 71, length 64
18:03:46.511676 IP6 Chainedbox > 240c::6666: ICMP6, echo request, seq 72, length 64
18:03:47.535667 IP6 Chainedbox > 240c::6666: ICMP6, echo request, seq 73, length 64
18:03:48.559677 IP6 Chainedbox > 240c::6666: ICMP6, echo request, seq 74, length 64
18:03:49.583682 IP6 Chainedbox > 240c::6666: ICMP6, echo request, seq 75, length 64
18:03:50.607680 IP6 Chainedbox > 240c::6666: ICMP6, echo request, seq 76, length 64
18:03:51.447910 IP6 gateway > ip6-allnodes: ICMP6, router advertisement, length 24

Anyone can help? Thanks!

Tagged : / /

Leave a Reply

Your email address will not be published. Required fields are marked *