New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NDP relay not working because NDP proxy entries are not added #92

Open
devkid opened this Issue Dec 3, 2016 · 8 comments

Comments

Projects
None yet
6 participants
@devkid

devkid commented Dec 3, 2016

My provider is assigning some IPv6 prefix (bigger than /64) to my cable modem that is then handing out addresses from one /64 prefix onto its LAN ports (where my OpenWrt router is connected to) via DHCPv6.

I have configured /etc/config/dhcp like this:

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option leasetime '12h'
        option limit '200'
        option dhcpv6 'relay'
        option ndp 'relay'
        option ra 'relay'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config dhcp 'wan6'
        option interface 'wan6'
        option dhcpv6 'relay'
        option ndp 'relay'
        option ra 'relay'
        option master '1'

My router is assigning the following addresses:

# ip -6 a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 532
    inet6 2a02:810a:83c0:405c:6038:e0ff:fed7:75e3/64 scope global noprefixroute dynamic 
       valid_lft 4469sec preferred_lft 1769sec
    inet6 fd1b:626f:e74a::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::6038:e0ff:fed7:75e3/64 scope link 
       valid_lft forever preferred_lft forever
# ip -6 a s br-lan
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2a02:810a:83c0:405c:6038:e0ff:fed7:75e3/64 scope global noprefixroute dynamic 
       valid_lft 4455sec preferred_lft 1755sec
    inet6 fd1b:626f:e74a::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::6238:e0ff:fed7:75e3/64 scope link 
       valid_lft forever preferred_lft forever

So it basically has the same addresses on LAN and WAN side (which seems reasonable). odhcpd seems to create routes for the hosts it sees on both interfaces:

# ip -6 r
default from 2a02:810a:83c0:405c::/64 via fe80::5e35:3bff:feba:1734 dev eth0  proto static  metric 384  pref medium
2a02:810a:83c0:405c:215:afff:fe45:7962 dev br-lan  proto static  metric 1024  pref medium
2a02:810a:83c0:405c:3589:20ff:b594:bb4b dev br-lan  proto static  metric 1024  pref medium
2a02:810a:83c0:405c:4d5f:cc64:e94f:4209 dev br-lan  proto static  metric 1024  pref medium
2a02:810a:83c0:405c:4e44:a79b:ca2:d517 dev br-lan  proto static  metric 1024  pref medium
2a02:810a:83c0:405c:5e35:3bff:feba:1734 dev eth0  proto static  metric 1024  pref medium
...

Proxy NDP is also enabled for both interfaces:

# cat /proc/sys/net/ipv6/conf/eth0/proxy_ndp /proc/sys/net/ipv6/conf/br-lan/proxy_ndp
1
1

However, odhcpd does not seem to create NDP proxy entries for the host it sees on br-lan (which is required so that the modem actually knows where to send packets):

# ip -6 neigh show proxy
2a02:810a:83c0:405c:5e35:3bff:feba:1734 dev br-lan  proxy
fd1b:626f:e74a::1 dev br-lan  proxy
2a02:810a:83c0:405c:6038:e0ff:fed7:75e3 dev br-lan  proxy

(In this case ...:1734 is the modem and ...:75e3 is the router. I'm not sure what the other entry is.)

Because of this, I'm not able to access any global IPv6 addresses behind the WAN (eth0) interface (not even the modem).

When I add an entry manually for my computer:

# ip neigh add proxy 2a02:810a:83c0:405c:d63d:7eff:fe2b:e4ac dev eth0

I'm able to connect to global IPv6 addresses for some time but after about a minute or so odhcpd actually seems to remove that entry on its own and it won't work anymore.

This seems like a bug to me.

@treiher

This comment has been minimized.

treiher commented Apr 22, 2017

I experience the same behavior. Is it a bug or a configuration problem?

@happyaron

This comment has been minimized.

happyaron commented Aug 30, 2017

When VLAN is enabled, /proc/sys/net/ipv6/conf/eth0.X/proxy_ndp is 0 for me, setting it to 1 manually gives me the very same behavior as in the original report.

@renekliment

This comment has been minimized.

renekliment commented Sep 1, 2017

I am experiencing the very same behavior. Could someone have a look at this, please?

@dedeckeh

This comment has been minimized.

Contributor

dedeckeh commented Sep 1, 2017

This issue has been fixed in the odhcpd version in use by Lede (https://git.lede-project.org/?p=project/odhcpd.git;a=summary)

@happyaron

This comment has been minimized.

happyaron commented Sep 1, 2017

@dedeckeh wonders if that's incorporated in 17.01.2?

@renekliment

This comment has been minimized.

renekliment commented Sep 1, 2017

@dedeckeh That's a great news, thanks!

I should have probably mentioned that I am on LEDE 17.01.0. However, since the patchversions share the packages (http://downloads.lede-project.org/releases/), I am on the latest stable odhcpd (2017-04-28-9268ca65-1).

I'll give the snapshot version a try.

@renekliment

This comment has been minimized.

renekliment commented Oct 7, 2017

So it works now by putting the same config in the wan section as mentioned in #37.
I am running odhcpd 2017-10-02-c6f3d5d4-2 @ LEDE 17.01.3. I am unsure whether this would have worked in the previous version of odhcpd.

@ttimasdf

This comment has been minimized.

ttimasdf commented Dec 2, 2017

FYI, the solution on #37 (comment) actually work but one may need patience waiting for subnet to come online.

On version 2017-10-02-c6f3d5d4-2 @ LEDE 17.01.3, after /etc/init.d/network restart wan interface need ~30s to get an IPv4 address, ~50s to get an IPv6 address. ip neigh show proxy show my laptop after about one more minute later. But ip neigh add always works. 😸

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment