NDP relay not working because NDP proxy entries are not added

[alfredkrohmer]

My provider is assigning some IPv6 prefix (bigger than /64) to my cable modem that is then handing out addresses from one /64 prefix onto its LAN ports (where my OpenWrt router is connected to) via DHCPv6.

I have configured /etc/config/dhcp like this:

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option leasetime '12h'
        option limit '200'
        option dhcpv6 'relay'
        option ndp 'relay'
        option ra 'relay'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config dhcp 'wan6'
        option interface 'wan6'
        option dhcpv6 'relay'
        option ndp 'relay'
        option ra 'relay'
        option master '1'

My router is assigning the following addresses:

# ip -6 a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 532
    inet6 2a02:810a:83c0:405c:6038:e0ff:fed7:75e3/64 scope global noprefixroute dynamic 
       valid_lft 4469sec preferred_lft 1769sec
    inet6 fd1b:626f:e74a::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::6038:e0ff:fed7:75e3/64 scope link 
       valid_lft forever preferred_lft forever
# ip -6 a s br-lan
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2a02:810a:83c0:405c:6038:e0ff:fed7:75e3/64 scope global noprefixroute dynamic 
       valid_lft 4455sec preferred_lft 1755sec
    inet6 fd1b:626f:e74a::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::6238:e0ff:fed7:75e3/64 scope link 
       valid_lft forever preferred_lft forever

So it basically has the same addresses on LAN and WAN side (which seems reasonable). odhcpd seems to create routes for the hosts it sees on both interfaces:

# ip -6 r
default from 2a02:810a:83c0:405c::/64 via fe80::5e35:3bff:feba:1734 dev eth0  proto static  metric 384  pref medium
2a02:810a:83c0:405c:215:afff:fe45:7962 dev br-lan  proto static  metric 1024  pref medium
2a02:810a:83c0:405c:3589:20ff:b594:bb4b dev br-lan  proto static  metric 1024  pref medium
2a02:810a:83c0:405c:4d5f:cc64:e94f:4209 dev br-lan  proto static  metric 1024  pref medium
2a02:810a:83c0:405c:4e44:a79b:ca2:d517 dev br-lan  proto static  metric 1024  pref medium
2a02:810a:83c0:405c:5e35:3bff:feba:1734 dev eth0  proto static  metric 1024  pref medium
...

Proxy NDP is also enabled for both interfaces:

# cat /proc/sys/net/ipv6/conf/eth0/proxy_ndp /proc/sys/net/ipv6/conf/br-lan/proxy_ndp
1
1

However, odhcpd does not seem to create NDP proxy entries for the host it sees on br-lan (which is required so that the modem actually knows where to send packets):

# ip -6 neigh show proxy
2a02:810a:83c0:405c:5e35:3bff:feba:1734 dev br-lan  proxy
fd1b:626f:e74a::1 dev br-lan  proxy
2a02:810a:83c0:405c:6038:e0ff:fed7:75e3 dev br-lan  proxy

(In this case ...:1734 is the modem and ...:75e3 is the router. I'm not sure what the other entry is.)

Because of this, I'm not able to access any global IPv6 addresses behind the WAN (eth0) interface (not even the modem).

When I add an entry manually for my computer:

# ip neigh add proxy 2a02:810a:83c0:405c:d63d:7eff:fe2b:e4ac dev eth0

I'm able to connect to global IPv6 addresses for some time but after about a minute or so odhcpd actually seems to remove that entry on its own and it won't work anymore.

This seems like a bug to me.

[treiher]

I experience the same behavior. Is it a bug or a configuration problem?

[happyaron]

When VLAN is enabled, /proc/sys/net/ipv6/conf/eth0.X/proxy_ndp is 0 for me, setting it to 1 manually gives me the very same behavior as in the original report.

[renekliment]

I am experiencing the very same behavior. Could someone have a look at this, please?

[dedeckeh]

This issue has been fixed in the odhcpd version in use by Lede (https://git.lede-project.org/?p=project/odhcpd.git;a=summary)

[happyaron]

@dedeckeh wonders if that's incorporated in 17.01.2?

[renekliment]

@dedeckeh That's a great news, thanks!

I should have probably mentioned that I am on LEDE 17.01.0. However, since the patchversions share the packages (http://downloads.lede-project.org/releases/), I am on the latest stable odhcpd (2017-04-28-9268ca65-1).

I'll give the snapshot version a try.

[renekliment]

So it works now by putting the same config in the wan section as mentioned in #37.
I am running odhcpd 2017-10-02-c6f3d5d4-2 @ LEDE 17.01.3. I am unsure whether this would have worked in the previous version of odhcpd.

[ttimasdf]

FYI, the solution on #37 (comment) actually work but one may need patience waiting for subnet to come online.

On version 2017-10-02-c6f3d5d4-2 @ LEDE 17.01.3, after /etc/init.d/network restart wan interface need ~30s to get an IPv4 address, ~50s to get an IPv6 address. ip neigh show proxy show my laptop after about one more minute later. But ip neigh add always works. 😸