New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mesh-vpn (fastd) broken in IPv6 only configuration #397

Closed
benerudolph opened this Issue Jun 16, 2015 · 7 comments

Comments

Projects
None yet
4 participants
@benerudolph

benerudolph commented Jun 16, 2015

This was tested on the Freifunk Darmstadt Infrastructure using our build of gluon 2015.1.
Config-mode supports enabling and disabling the wan and wan6 interfaces. Disabling IPv4 (setting 'none') leads to protocol 'none' instead of 'dhcp' in /etc/config/network.
IPv6 apparently works but fastd is unable to connect to any of the four gateway servers.

This configuration is known to be working on gluon 2014.4 on a Unitymedia DS-Lite (CG NAT) home network.
re: dracoTrier's comment below
All of our gatways are known to be accessible over IPv6. We have A and AAAA records for the DNS names of all gatways e.g. our config looks like fastd.mesh_vpn_backbone_peer_gw04.remote="gw04.darmstadt.freifunk.net" port 3333

@dracoTrier

This comment has been minimized.

Show comment
Hide comment
@dracoTrier

dracoTrier Jun 16, 2015

Contributor

'IPv6 only' works for us when set up using ssh + prepending "ipv6 " to the gateway addresses (fastd.mesh_vpn_backbone_peer_Gatewayname.remote). Could you try if this also works for you?

Contributor

dracoTrier commented Jun 16, 2015

'IPv6 only' works for us when set up using ssh + prepending "ipv6 " to the gateway addresses (fastd.mesh_vpn_backbone_peer_Gatewayname.remote). Could you try if this also works for you?

@NeoRaider

This comment has been minimized.

Show comment
Hide comment
@NeoRaider

NeoRaider Jun 17, 2015

Member

Please provide:

  • /etc/config/network
  • site.conf
  • Output of ip a and ip -6 r s t all in the broken state
Member

NeoRaider commented Jun 17, 2015

Please provide:

  • /etc/config/network
  • site.conf
  • Output of ip a and ip -6 r s t all in the broken state
@benerudolph

This comment has been minimized.

Show comment
Hide comment
@benerudolph

benerudolph Jun 17, 2015

Here is the /etc/config/network of the affected node

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd83:786d:fc44::/48'

config interface 'wan'
    option enabled '1'
    option igmp_snooping '0'
    option ifname 'eth0'
    option auto '1'
    option peerdns '0'
    option type 'bridge'
    option proto 'none'

config interface 'wan6'
    option enabled '1'
    option ifname 'br-wan'
    option ip6table '1'
    option peerdns '0'
    option proto 'dhcpv6'

config rule6 'wan6_lookup'
    option mark '0x01/0x01'
    option lookup '1'

config route6 'wan6_unreachable'
    option type 'unreachable'
    option table '1'
    option target '::/0'
    option metric '65535'
    option gateway '::'
    option interface 'loopback'

config interface 'client'
    option reqprefix 'no'
    option ifname 'bat0'
    option proto 'dhcpv6'
    option type 'bridge'
    option igmp_snooping '0'
    option macaddr 'e8:de:27:74:87:58'
    option peerdns '1'

config interface 'mesh_wan'
    option auto '0'
    option ifname 'br-wan'
    option mesh 'bat0'
    option proto 'batadv'

config interface 'mesh_vpn'
    option ifname 'mesh-vpn'
    option mesh_no_rebroadcast '1'
    option macaddr 'ea:e2:27:74:87:58'
    option mesh 'bat0'
    option proto 'batadv'

config interface 'bat0'
    option ifname 'bat0'
    option macaddr 'e8:de:27:74:87:58'
    option proto 'none'

config interface 'mesh_radio0'
    option mesh 'bat0'
    option proto 'batadv'
    option mtu '1532'

config device 'local_node_dev'
    option macaddr '00:16:3e:43:54:81'
    option ifname 'br-client'
    option name 'local-node'
    option type 'macvlan'

config interface 'local_node'
    option ifname 'local-node'
    option ipaddr '10.223.254.254'
    option ip6addr 'fdca:ffee:ffda::ffff/128'
    option netmask '255.255.0.0'
    option proto 'static'

config route6 'local_node_route6'
    option target 'fdca:ffee:ffda::/64'
    option gateway '::'
    option interface 'client'

site.confis identical to this one at
https://raw.githubusercontent.com/freifunk-darmstadt/site-ffda/0.7.0/site.conf

Output of ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-wan qlen 1000
    link/ether e8:de:27:74:87:58 brd ff:ff:ff:ff:ff:ff
3: teql0: <NOARP> mtu 1500 qdisc noop qlen 100
    link/void 
5: br-wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    link/ether e8:de:27:74:87:58 brd ff:ff:ff:ff:ff:ff
    inet6 2a02:908:df53:2ea0:eade:27ff:fe74:8758/128 scope global dynamic 
       valid_lft 55sec preferred_lft 25sec
    inet6 fe80::eade:27ff:fe74:8758/64 scope link 
       valid_lft forever preferred_lft forever
6: br-client: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    link/ether e8:de:27:74:87:58 brd ff:ff:ff:ff:ff:ff
    inet6 2a03:2260:118:0:eade:27ff:fe74:8758/64 scope global dynamic 
       valid_lft 86393sec preferred_lft 14393sec
    inet6 fdca:ffee:ffda:0:eade:27ff:fe74:8758/64 scope global dynamic 
       valid_lft 86393sec preferred_lft 14393sec
    inet6 fe80::eade:27ff:fe74:8758/64 scope link 
       valid_lft forever preferred_lft forever
7: local-node@br-client: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    link/ether 00:16:3e:43:54:81 brd ff:ff:ff:ff:ff:ff
    inet 10.223.254.254/16 brd 10.223.255.255 scope global local-node
       valid_lft forever preferred_lft forever
    inet6 fdca:ffee:ffda::ffff/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe43:5481/64 scope link 
       valid_lft forever preferred_lft forever
8: mesh-vpn: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1406 qdisc fq_codel master bat0 qlen 500
    link/ether ea:e2:27:74:87:58 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e8e2:27ff:fe74:8758/64 scope link 
       valid_lft forever preferred_lft forever
9: bat0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-client 
    link/ether e8:de:27:74:87:58 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::eade:27ff:fe74:8758/64 scope link 
       valid_lft forever preferred_lft forever
10: mesh0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1532 qdisc mq master bat0 qlen 1000
    link/ether ea:e1:28:74:87:58 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e8e1:28ff:fe74:8758/64 scope link 
       valid_lft forever preferred_lft forever
11: client0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-client qlen 1000
    link/ether ea:e0:28:74:87:58 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e8e0:28ff:fe74:8758/64 scope link 
       valid_lft forever preferred_lft forever

and the output of ip -6 r s t

default from :: via fe80::8af7:c7ff:fe1a:6fe dev br-wan  metric 1024 
default from 2a02:908:df53:2ea0:eade:27ff:fe74:8758 via fe80::8af7:c7ff:fe1a:6fe dev br-wan  metric 1024 
2a02:908:df53:2ea0::/59 from :: via fe80::8af7:c7ff:fe1a:6fe dev br-wan  metric 1024 
2a02:908:df53:2ea0::/59 from 2a02:908:df53:2ea0:eade:27ff:fe74:8758 via fe80::8af7:c7ff:fe1a:6fe dev br-wan  metric 1024 
2a02:908:df53:2ea0::/64 dev br-wan  metric 256 
2a02:908:df53:2ea0::/59 via fe80::8af7:c7ff:fe1a:6fe dev br-wan  metric 1024 
default via fe80::8af7:c7ff:fe1a:6fe dev br-wan  metric 1024 
unreachable default dev lo  metric 65535  error -128
unreachable default dev lo  metric -1  error -128
default from :: via fe80::44dd:cdff:fe55:75ed dev br-client  metric 2048 
default from 2a03:2260:118::/64 via fe80::44dd:cdff:fe55:75ed dev br-client  metric 2048 
default from fdca:ffee:ffda::/64 via fe80::44dd:cdff:fe55:75ed dev br-client  metric 2048 
2a03:2260:118::/64 dev br-client  metric 256 
unreachable fd83:786d:fc44::/48 dev lo  metric 2147483647  error -128
fdca:ffee:ffda::ffff dev local-node  metric 256 
fdca:ffee:ffda::/64 dev br-client  metric 256 
fdca:ffee:ffda::/64 dev br-client  metric 1024 
fe80::/64 dev mesh-vpn  metric 256 
fe80::/64 dev bat0  metric 256 
fe80::/64 dev br-wan  metric 256 
fe80::/64 dev br-client  metric 256 
fe80::/64 dev local-node  metric 256 
fe80::/64 dev client0  metric 256 
fe80::/64 dev mesh0  metric 256 
unreachable default dev lo  metric -1  error -128
ff00::/8 dev local-node  metric 256 
ff00::/8 dev mesh-vpn  metric 256 
ff00::/8 dev bat0  metric 256 
ff00::/8 dev br-wan  metric 256 
ff00::/8 dev br-client  metric 256 
ff00::/8 dev client0  metric 256 
ff00::/8 dev mesh0  metric 256 
unreachable default dev lo  metric -1  error -128

benerudolph commented Jun 17, 2015

Here is the /etc/config/network of the affected node

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd83:786d:fc44::/48'

config interface 'wan'
    option enabled '1'
    option igmp_snooping '0'
    option ifname 'eth0'
    option auto '1'
    option peerdns '0'
    option type 'bridge'
    option proto 'none'

config interface 'wan6'
    option enabled '1'
    option ifname 'br-wan'
    option ip6table '1'
    option peerdns '0'
    option proto 'dhcpv6'

config rule6 'wan6_lookup'
    option mark '0x01/0x01'
    option lookup '1'

config route6 'wan6_unreachable'
    option type 'unreachable'
    option table '1'
    option target '::/0'
    option metric '65535'
    option gateway '::'
    option interface 'loopback'

config interface 'client'
    option reqprefix 'no'
    option ifname 'bat0'
    option proto 'dhcpv6'
    option type 'bridge'
    option igmp_snooping '0'
    option macaddr 'e8:de:27:74:87:58'
    option peerdns '1'

config interface 'mesh_wan'
    option auto '0'
    option ifname 'br-wan'
    option mesh 'bat0'
    option proto 'batadv'

config interface 'mesh_vpn'
    option ifname 'mesh-vpn'
    option mesh_no_rebroadcast '1'
    option macaddr 'ea:e2:27:74:87:58'
    option mesh 'bat0'
    option proto 'batadv'

config interface 'bat0'
    option ifname 'bat0'
    option macaddr 'e8:de:27:74:87:58'
    option proto 'none'

config interface 'mesh_radio0'
    option mesh 'bat0'
    option proto 'batadv'
    option mtu '1532'

config device 'local_node_dev'
    option macaddr '00:16:3e:43:54:81'
    option ifname 'br-client'
    option name 'local-node'
    option type 'macvlan'

config interface 'local_node'
    option ifname 'local-node'
    option ipaddr '10.223.254.254'
    option ip6addr 'fdca:ffee:ffda::ffff/128'
    option netmask '255.255.0.0'
    option proto 'static'

config route6 'local_node_route6'
    option target 'fdca:ffee:ffda::/64'
    option gateway '::'
    option interface 'client'

site.confis identical to this one at
https://raw.githubusercontent.com/freifunk-darmstadt/site-ffda/0.7.0/site.conf

Output of ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-wan qlen 1000
    link/ether e8:de:27:74:87:58 brd ff:ff:ff:ff:ff:ff
3: teql0: <NOARP> mtu 1500 qdisc noop qlen 100
    link/void 
5: br-wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    link/ether e8:de:27:74:87:58 brd ff:ff:ff:ff:ff:ff
    inet6 2a02:908:df53:2ea0:eade:27ff:fe74:8758/128 scope global dynamic 
       valid_lft 55sec preferred_lft 25sec
    inet6 fe80::eade:27ff:fe74:8758/64 scope link 
       valid_lft forever preferred_lft forever
6: br-client: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    link/ether e8:de:27:74:87:58 brd ff:ff:ff:ff:ff:ff
    inet6 2a03:2260:118:0:eade:27ff:fe74:8758/64 scope global dynamic 
       valid_lft 86393sec preferred_lft 14393sec
    inet6 fdca:ffee:ffda:0:eade:27ff:fe74:8758/64 scope global dynamic 
       valid_lft 86393sec preferred_lft 14393sec
    inet6 fe80::eade:27ff:fe74:8758/64 scope link 
       valid_lft forever preferred_lft forever
7: local-node@br-client: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    link/ether 00:16:3e:43:54:81 brd ff:ff:ff:ff:ff:ff
    inet 10.223.254.254/16 brd 10.223.255.255 scope global local-node
       valid_lft forever preferred_lft forever
    inet6 fdca:ffee:ffda::ffff/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe43:5481/64 scope link 
       valid_lft forever preferred_lft forever
8: mesh-vpn: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1406 qdisc fq_codel master bat0 qlen 500
    link/ether ea:e2:27:74:87:58 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e8e2:27ff:fe74:8758/64 scope link 
       valid_lft forever preferred_lft forever
9: bat0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-client 
    link/ether e8:de:27:74:87:58 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::eade:27ff:fe74:8758/64 scope link 
       valid_lft forever preferred_lft forever
10: mesh0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1532 qdisc mq master bat0 qlen 1000
    link/ether ea:e1:28:74:87:58 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e8e1:28ff:fe74:8758/64 scope link 
       valid_lft forever preferred_lft forever
11: client0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-client qlen 1000
    link/ether ea:e0:28:74:87:58 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e8e0:28ff:fe74:8758/64 scope link 
       valid_lft forever preferred_lft forever

and the output of ip -6 r s t

default from :: via fe80::8af7:c7ff:fe1a:6fe dev br-wan  metric 1024 
default from 2a02:908:df53:2ea0:eade:27ff:fe74:8758 via fe80::8af7:c7ff:fe1a:6fe dev br-wan  metric 1024 
2a02:908:df53:2ea0::/59 from :: via fe80::8af7:c7ff:fe1a:6fe dev br-wan  metric 1024 
2a02:908:df53:2ea0::/59 from 2a02:908:df53:2ea0:eade:27ff:fe74:8758 via fe80::8af7:c7ff:fe1a:6fe dev br-wan  metric 1024 
2a02:908:df53:2ea0::/64 dev br-wan  metric 256 
2a02:908:df53:2ea0::/59 via fe80::8af7:c7ff:fe1a:6fe dev br-wan  metric 1024 
default via fe80::8af7:c7ff:fe1a:6fe dev br-wan  metric 1024 
unreachable default dev lo  metric 65535  error -128
unreachable default dev lo  metric -1  error -128
default from :: via fe80::44dd:cdff:fe55:75ed dev br-client  metric 2048 
default from 2a03:2260:118::/64 via fe80::44dd:cdff:fe55:75ed dev br-client  metric 2048 
default from fdca:ffee:ffda::/64 via fe80::44dd:cdff:fe55:75ed dev br-client  metric 2048 
2a03:2260:118::/64 dev br-client  metric 256 
unreachable fd83:786d:fc44::/48 dev lo  metric 2147483647  error -128
fdca:ffee:ffda::ffff dev local-node  metric 256 
fdca:ffee:ffda::/64 dev br-client  metric 256 
fdca:ffee:ffda::/64 dev br-client  metric 1024 
fe80::/64 dev mesh-vpn  metric 256 
fe80::/64 dev bat0  metric 256 
fe80::/64 dev br-wan  metric 256 
fe80::/64 dev br-client  metric 256 
fe80::/64 dev local-node  metric 256 
fe80::/64 dev client0  metric 256 
fe80::/64 dev mesh0  metric 256 
unreachable default dev lo  metric -1  error -128
ff00::/8 dev local-node  metric 256 
ff00::/8 dev mesh-vpn  metric 256 
ff00::/8 dev bat0  metric 256 
ff00::/8 dev br-wan  metric 256 
ff00::/8 dev br-client  metric 256 
ff00::/8 dev client0  metric 256 
ff00::/8 dev mesh0  metric 256 
unreachable default dev lo  metric -1  error -128
@NeoRaider

This comment has been minimized.

Show comment
Hide comment
@NeoRaider

NeoRaider Jun 17, 2015

Member

Mmh, I forgot the simple busybox ip r doesn't display table numbers in ip r s t all, so that isn't as helpful as I had hoped...

What does logread say when fastd is trying to connect?

Member

NeoRaider commented Jun 17, 2015

Mmh, I forgot the simple busybox ip r doesn't display table numbers in ip r s t all, so that isn't as helpful as I had hoped...

What does logread say when fastd is trying to connect?

@benerudolph

This comment has been minimized.

Show comment
Hide comment
@benerudolph

benerudolph Jun 18, 2015

fastd says

Sat May 30 04:19:05 2015 daemon.info fastd[1210]: resolving host gw04.darmstadt.freifunk.net for peer <mesh_vpn_backbone_peer_gw04>...
Sat May 30 04:19:07 2015 daemon.info fastd[1210]: resolving host gw03.darmstadt.freifunk.net failed: Name or service not known
Sat May 30 04:19:11 2015 daemon.info fastd[1210]: resolving host gw02.darmstadt.freifunk.net for peer <mesh_vpn_backbone_peer_gw02>...
Sat May 30 04:19:16 2015 daemon.info fastd[1210]: resolving host gw04.darmstadt.freifunk.net failed: Name or service not known

I suspect it is a DNS issue / rouing issue, because IPv6 ping apparently works.

benerudolph commented Jun 18, 2015

fastd says

Sat May 30 04:19:05 2015 daemon.info fastd[1210]: resolving host gw04.darmstadt.freifunk.net for peer <mesh_vpn_backbone_peer_gw04>...
Sat May 30 04:19:07 2015 daemon.info fastd[1210]: resolving host gw03.darmstadt.freifunk.net failed: Name or service not known
Sat May 30 04:19:11 2015 daemon.info fastd[1210]: resolving host gw02.darmstadt.freifunk.net for peer <mesh_vpn_backbone_peer_gw02>...
Sat May 30 04:19:16 2015 daemon.info fastd[1210]: resolving host gw04.darmstadt.freifunk.net failed: Name or service not known

I suspect it is a DNS issue / rouing issue, because IPv6 ping apparently works.

@NeoRaider NeoRaider added this to the 2015.2 milestone Jul 12, 2015

@NeoRaider NeoRaider self-assigned this Jul 12, 2015

@NeoRaider

This comment has been minimized.

Show comment
Hide comment
@NeoRaider

NeoRaider Jul 12, 2015

Member

I've been able to reproduce this issue, I'll have a closer look at it soon.

Member

NeoRaider commented Jul 12, 2015

I've been able to reproduce this issue, I'll have a closer look at it soon.

@flokli

This comment has been minimized.

Show comment
Hide comment
@flokli

flokli Jul 16, 2015

Contributor

👍

Contributor

flokli commented Jul 16, 2015

👍

tcatm pushed a commit that referenced this issue Aug 4, 2015

Nils Schneider
gluon-wan-dnsmasq: fix usage of libpacketmark
Using service_start requires exporting of environment variables.

Fixes #397

tcatm pushed a commit that referenced this issue Aug 6, 2015

gluon-wan-dnsmasq: fix usage of libpacketmark
Using service_start requires exporting of environment variables.

Fixes #397
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment