Reply
New Member
Posts: 7
Registered: ‎11-08-2017
Accepted Solution

IPv6 PPPoE DHCPv6-PD provides multiple addresses over time

Hello,

 

I have an EdgeRouter Lite with the following setup:

- VDSL model connected to eth0 (requires VLAN tag 7 for Deutsche Telekom)

- EdgeSwitch Lite connected to eth1

- eth2 is not used

 

My problem is with IPv6, where it works fine for all devices after a reboot of the ERL, but after some time (can't say how long exactly, but several weeks) IPv6 connections to the Internet do not work anymore.

I can ping4 google.com, but cannot ping6 google.com.

When I check the devices' IPv6 addresses, I see that there are 2 global IPv6 addresses defined.

 

What is causing this? Is the modem reconnecting, getting a new IPv6 and then the internal IPv6 addresses to not expire?

 

For example my Debian 9 server:

$ cat /etc/network/interfaces
auto lo
iface lo inet loopback
iface lo inet6 loopback

auto eno1
iface eno1 inet dhcp
iface eno1 inet6 auto

 

$ ip a show dev eno1
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether ac:1f:6b:18:06:30 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.10/24 brd 192.168.1.255 scope global eno1
       valid_lft forever preferred_lft forever
    inet6 2003:d3:af15:1:ae1f:6bff:fe18:630/64 scope global mngtmpaddr dynamic
       valid_lft 86244sec preferred_lft 14244sec
    inet6 2003:d3:af08:ba01:ae1f:6bff:fe18:630/64 scope global mngtmpaddr dynamic
       valid_lft 86244sec preferred_lft 14244sec
    inet6 fe80::ae1f:6bff:fe18:630/64 scope link
       valid_lft forever preferred_lft forever

My iPhone for example also has 4 addresses (I believe iOS always gets 2 IPv6 addresses):

2003:d3:af08:ba01:867:4958:fac6:470c
2003:d3:af08:ba01:bd5f:8a2b:44c1:5bf1
2003:d3:af15:1:b5:537b:fe8e:50a9
2003:d3:af15:1:20f6:7e2b:d1f1:979c

The PPPoE connection in the ERL web interface shows only one IPv6 address:

2003:d3:afff:8ba:195f:9a68:1cfe:fb24/64

 

eth1 on the other hand has 2:

2003:d3:af08:ba01:46d9:e7ff:fe9e:ea56/64
2003:d3:af15:1:46d9:e7ff:fe9e:ea56/64

 

This is my ppp_pppoe0.log:

Fri Dec  7 11:24:56 CET 2018: PPP interface pppoe0 created
Fri Dec  7 11:24:59 CET 2018: Stopping PPP daemon for pppoe0
Fri Dec  7 11:25:00 CET 2018: Starting PPP daemon for pppoe0
Connected to 64:64:9b:63:06:c1 via interface eth0.7
using channel 1
Using interface ppp0
Connect: ppp0 <--> eth0.7
sent [LCP ConfReq id=0x1 <mru 1492> <magic 0x713a77d>]
rcvd [LCP ConfReq id=0x30 <mru 1492> <auth pap> <magic 0x51965d48>]
lcp_reqci: returning CONFACK.
sent [LCP ConfAck id=0x30 <mru 1492> <auth pap> <magic 0x51965d48>]
rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0x713a77d>]
sent [LCP EchoReq id=0x0 magic=0x713a77d]
sent [PAP AuthReq id=0x1 user="####" password=<hidden>]
rcvd [LCP EchoRep id=0x0 magic=0x51965d48]
rcvd [PAP AuthAck id=0x1 "SRU=34719#SRD=96783#"]
Remote message: SRU=34719#SRD=96783#
PAP authentication succeeded
peer from calling number 64:64:9B:63:06:C1 authorized
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::bdf8:0a60:c8b2:6f38>]
rcvd [IPCP ConfReq id=0x77 <addr 62.155.244.54>]
ipcp: returning Configure-ACK
sent [IPCP ConfAck id=0x77 <addr 62.155.244.54>]
rcvd [IPCP ConfNak id=0x1 <addr 87.154.80.122> <ms-dns1 217.237.151.205> <ms-dns3 217.237.148.70>]
sent [IPCP ConfReq id=0x2 <addr 87.154.80.122> <ms-dns1 217.237.151.205> <ms-dns3 217.237.148.70>]
rcvd [IPV6CP ConfReq id=0x91 <addr fe80::0102:0102:3e9b:f436>]
ipv6cp: received interface identifier 
(fe80::0102:0102:3e9b:f436)
 (ACK)
ipv6cp: returning Configure-ACK
sent [IPV6CP ConfAck id=0x91 <addr fe80::0102:0102:3e9b:f436>]
rcvd [IPV6CP ConfAck id=0x1 <addr fe80::bdf8:0a60:c8b2:6f38>]
ipv6cp: up
local  LL address fe80::bdf8:0a60:c8b2:6f38
remote LL address fe80::0102:0102:3e9b:f436
Script /etc/ppp/ipv6-up started (pid 1857)
rcvd [IPCP ConfAck id=0x2 <addr 87.154.80.122> <ms-dns1 217.237.151.205> <ms-dns3 217.237.148.70>]
ipcp: up
Script /etc/ppp/ip-pre-up started (pid 1858)
Script /etc/ppp/ip-pre-up finished (pid 1858), status = 0x0
local  IP address 87.154.80.122
remote IP address 62.155.244.54
primary   DNS address 217.237.151.205
secondary DNS address 217.237.148.70
Script /etc/ppp/ip-up started (pid 1921)
Script /etc/ppp/ipv6-up finished (pid 1857), status = 0x0
Script /etc/ppp/ip-up finished (pid 1921), status = 0x0
No response to 6 echo-requests
Serial link appears to be disconnected.
ipcp: down
Connect time 83753.4 minutes.
Sent 2474921696 bytes, received 2512154620 bytes.
Script /etc/ppp/ip-down started (pid 9318)
ipv6cp: down
Script /etc/ppp/ipv6-down started (pid 9319)
sent [LCP TermReq id=0x2 "Peer not responding"]
Script /etc/ppp/ipv6-down finished (pid 9319), status = 0x0
sent [LCP TermReq id=0x3 "Peer not responding"]
Connection terminated: no multilink.
Modem hangup
LCP: Down event in state 0!
Script /etc/ppp/ip-down finished (pid 9318), status = 0x0
Connected to 64:64:9b:63:06:c1 via interface eth0.7
using channel 4
Using interface ppp0
Connect: ppp0 <--> eth0.7
sent [LCP ConfReq id=0x4 <mru 1492> <magic 0x5c6c472a>]
rcvd [LCP ConfReq id=0x75 <mru 1492> <auth pap> <magic 0x68a823c0>]
lcp_reqci: returning CONFACK.
sent [LCP ConfAck id=0x75 <mru 1492> <auth pap> <magic 0x68a823c0>]
rcvd [LCP ConfAck id=0x4 <mru 1492> <magic 0x5c6c472a>]
IPCP: Up event in state 2!
IPV6CP: Up event in state 2!
sent [PAP AuthReq id=0x2 user="####" password=<hidden>]
rcvd [PAP AuthAck id=0x2 "SRU=34719#SRD=96783#"]
Remote message: SRU=34719#SRD=96783#
PAP authentication succeeded
peer from calling number 64:64:9B:63:06:C1 authorized
sent [IPCP ConfReq id=0x3 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
sent [IPV6CP ConfReq id=0x2 <addr fe80::195f:9a68:1cfe:fb24>]
rcvd [IPCP ConfReq id=0xc <addr 62.155.244.54>]
ipcp: returning Configure-ACK
sent [IPCP ConfAck id=0xc <addr 62.155.244.54>]
rcvd [IPCP ConfNak id=0x3 <addr 93.209.26.59> <ms-dns1 217.237.151.205> <ms-dns3 217.237.148.70>]
sent [IPCP ConfReq id=0x4 <addr 93.209.26.59> <ms-dns1 217.237.151.205> <ms-dns3 217.237.148.70>]
rcvd [IPV6CP ConfReq id=0x1a <addr fe80::0102:0102:3e9b:f436>]
ipv6cp: received interface identifier 
(fe80::0102:0102:3e9b:f436)
 (ACK)
ipv6cp: returning Configure-ACK
sent [IPV6CP ConfAck id=0x1a <addr fe80::0102:0102:3e9b:f436>]
rcvd [IPV6CP ConfAck id=0x2 <addr fe80::195f:9a68:1cfe:fb24>]
ipv6cp: up
local  LL address fe80::195f:9a68:1cfe:fb24
remote LL address fe80::0102:0102:3e9b:f436
Script /etc/ppp/ipv6-up started (pid 9597)
rcvd [IPCP ConfAck id=0x4 <addr 93.209.26.59> <ms-dns1 217.237.151.205> <ms-dns3 217.237.148.70>]
ipcp: up
Script /etc/ppp/ip-pre-up started (pid 9598)
Script /etc/ppp/ip-pre-up finished (pid 9598), status = 0x0
local  IP address 93.209.26.59
remote IP address 62.155.244.54
primary   DNS address 217.237.151.205
secondary DNS address 217.237.148.70
Script /etc/ppp/ip-up started (pid 9658)
Script /etc/ppp/ipv6-up finished (pid 9597), status = 0x0
Script /etc/ppp/ip-up finished (pid 9658), status = 0x0

And finally my config:

 firewall {
     all-ping enable
     broadcast-ping disable
     group {
         network-group LAN_NETWORKS {
             description "LAN Networks"
             network 192.168.0.0/16
         }
     }
     ipv6-name IPv6_WAN_IN {
         default-action drop
         description "IPv6 packets from the Internet to LAN"
         enable-default-log
         rule 1 {
             action accept
             description "Allow established sessions"
             state {
                 established enable
                 related enable
             }
         }
         rule 2 {
             action drop
             state {
                 invalid enable
             }
         }
         rule 5 {
             action accept
             description "Allow ICMPv6"
             log disable
             protocol icmpv6
         }
     }
     ipv6-name IPv6_WAN_LOCAL {
         default-action drop
         description "IPv6 packets from the Internet to the router"
         enable-default-log
         rule 1 {
             action accept
             description "Allow established sessions"
             log disable
             state {
                 established enable
                 related enable
             }
         }
         rule 2 {
             action drop
             log disable
             state {
                 invalid enable
             }
         }
         rule 5 {
             action accept
             description "Allow ICMPv6"
             log disable
             protocol icmpv6
         }
         rule 110 {
             action accept
             description "Allow DHCPv6 packets"
             destination {
                 port 546
             }
             protocol udp
             source {
                 port 547
             }
         }
     }
     ipv6-receive-redirects disable
     ipv6-src-route disable
     ip-src-route disable
     log-martians enable
     name PROTECT_IN {
         default-action accept
         description "Accept all except LAN traffic"
         rule 10 {
             action accept
             description "Accept Established/Related"
             protocol all
             state {
                 established enable
                 related enable
             }
         }
         rule 20 {
             action drop
             application {
                 category P2P
             }
         }
         rule 30 {
             action drop
             description "Drop LAN_NETWORKS"
             destination {
                 group {
                     network-group LAN_NETWORKS
                 }
             }
             log disable
             protocol all
         }
     }
     name PROTECT_LOCAL {
         default-action drop
         description "drop all from vlan20 to local except DHCP and DNS"
         rule 10 {
             action accept
             description "Accept DNS"
             destination {
                 port 53
             }
             protocol udp
         }
         rule 20 {
             action accept
             description "Accept DHCP"
             destination {
                 port 67
             }
             protocol udp
         }
     }
     name WAN_IN {
         default-action drop
         description "WAN to internal"
         rule 10 {
             action accept
             description "Allow established/related"
             state {
                 established enable
                 related enable
             }
         }
         rule 20 {
             action drop
             description "Drop invalid state"
             state {
                 invalid enable
             }
         }
     }
     name WAN_LOCAL {
         default-action drop
         description "WAN to router"
         rule 10 {
             action accept
             description "Allow established/related"
             state {
                 established enable
                 related enable
             }
         }
         rule 20 {
             action drop
             description "Drop invalid state"
             state {
                 invalid enable
             }
         }
         rule 30 {
             action accept
             description IKE
             destination {
                 port 500
             }
             log disable
             protocol udp
         }
         rule 40 {
             action accept
             description L2TP
             destination {
                 port 1701
             }
             log disable
             protocol udp
         }
         rule 50 {
             action accept
             description ESP
             log disable
             protocol esp
         }
         rule 60 {
             action accept
             description NAT-T
             destination {
                 port 4500
             }
             log disable
             protocol udp
         }
     }
     options {
         mss-clamp {
             interface-type pppoe
             mss 1452
         }
         mss-clamp6 {
             interface-type pppoe
             mss 1432
         }
     }
     receive-redirects disable
     send-redirects enable
     source-validation disable
     syn-cookies enable
 }
 interfaces {
     ethernet eth0 {
         address 192.168.0.2/24
         description Internet
         duplex auto
         speed auto
         vif 7 {
             description "Internet (PPPoE)"
             pppoe 0 {
                 default-route auto
                 dhcpv6-pd {
                     pd 0 {
                         interface eth1 {
                             host-address ::1
                             no-dns
                             prefix-id :1
                             service slaac
                         }
                         interface eth1.20 {
                             host-address ::1
                             no-dns
                             prefix-id :2
                             service slaac
                         }
                         interface eth1.30 {
                             host-address ::1
                             no-dns
                             prefix-id :3
                             service slaac
                         }
                         prefix-length /56
                     }
                     prefix-only
                     rapid-commit enable
                 }
                 firewall {
                     in {
                         ipv6-name IPv6_WAN_IN
                         name WAN_IN
                     }
                     local {
                         ipv6-name IPv6_WAN_LOCAL
                         name WAN_LOCAL
                     }
                 }
                 ipv6 {
                     address {
                         autoconf
                     }
                     dup-addr-detect-transmits 1
                     enable {
                     }
                 }
                 mtu 1492
                 name-server auto
                 password ####
                 user-id ####
             }
         }
     }
     ethernet eth1 {
         address 192.168.1.1/24
         description Local
         duplex auto
         ipv6 {
             address {
                 autoconf
             }
             dup-addr-detect-transmits 1
         }
         speed auto
         vif 20 {
             address 192.168.2.1/24
             description Guest
             firewall {
                 in {
                     name PROTECT_IN
                 }
                 local {
                     name PROTECT_LOCAL
                 }
             }
         }
         vif 30 {
             address 192.168.3.1/24
             description FeWo
             firewall {
                 in {
                     name PROTECT_IN
                 }
                 local {
                     name PROTECT_LOCAL
                 }
             }
         }
     }
     ethernet eth2 {
         description "Local 2"
         disable
         duplex auto
         speed auto
     }
     loopback lo {
     }
 }
 port-forward {
     auto-firewall enable
     hairpin-nat enable
     lan-interface eth1
     rule 1 {
         description "NAS HTTPS"
         forward-to {
             address 192.168.1.10
         }
         original-port 80,443
         protocol tcp_udp
     }
     wan-interface pppoe0
 }
 service {
     dhcp-server {
         disabled false
         hostfile-update disable
         shared-network-name LAN1 {
             authoritative enable
             subnet 192.168.1.0/24 {
                 default-router 192.168.1.1
                 dns-server 192.168.1.1
                 domain-name home.local
                 lease 86400
                 start 192.168.1.11 {
                     stop 192.168.1.239
                 }
                 static-mapping nas {
                     ip-address 192.168.1.10
                     mac-address ac:1f:6b:18:06:30
                 }
             }
         }
         shared-network-name vlan20 {
             authoritative disable
             subnet 192.168.2.0/24 {
                 default-router 192.168.2.1
                 dns-server 192.168.2.1
                 lease 86400
                 start 192.168.2.11 {
                     stop 192.168.2.240
                 }
             }
         }
         shared-network-name vlan30 {
             authoritative disable
             subnet 192.168.3.0/24 {
                 default-router 192.168.3.1
                 dns-server 192.168.3.1
                 lease 86400
                 start 192.168.3.11 {
                     stop 192.168.3.240
                 }
             }
         }
         static-arp disable
         use-dnsmasq enable
     }
     dns {
         forwarding {
             cache-size 1000
             listen-on eth1
             listen-on eth1.20
             listen-on eth1.30
         }
     }
     gui {
         http-port 80
         https-port 443
         older-ciphers enable
     }
     nat {
         rule 5010 {
             description "masquerade for WAN"
             outbound-interface pppoe0
             type masquerade
         }
     }
     ssh {
         port 22
         protocol-version v2
     }
     ubnt-discover {
         disable
     }
 }
 system {
     domain-name home.local
     host-name erl
     ntp {
         server 0.ubnt.pool.ntp.org {
         }
         server 1.ubnt.pool.ntp.org {
         }
         server 2.ubnt.pool.ntp.org {
         }
         server 3.ubnt.pool.ntp.org {
         }
     }
     offload {
         hwnat disable
         ipsec enable
         ipv4 {
             forwarding enable
             gre enable
             pppoe enable
             vlan enable
         }
         ipv6 {
             forwarding enable
             pppoe enable
         }
     }
     syslog {
         global {
             facility all {
                 level notice
             }
             facility protocols {
                 level debug
             }
         }
     }
     time-zone Europe/Berlin
     traffic-analysis {
         dpi enable
         export enable
     }
 }
 vpn {
     ipsec {
         auto-firewall-nat-exclude disable
         ipsec-interfaces {
             interface pppoe
         }
     }
 }

Accepted Solutions
Veteran Member
Posts: 5,781
Registered: ‎01-04-2017
Kudos: 830
Solutions: 294

Re: IPv6 PPPoE DHCPv6-PD provides multiple addresses over time


All Replies
Veteran Member
Posts: 5,781
Registered: ‎01-04-2017
Kudos: 830
Solutions: 294

Re: IPv6 PPPoE DHCPv6-PD provides multiple addresses over time

This is a known problem with ipv6 and pppoe. for some reason it doesn't release the old subnet. There is a work around on the forums somewhere, i'll see if I can find it.
Veteran Member
Posts: 5,781
Registered: ‎01-04-2017
Kudos: 830
Solutions: 294

Re: IPv6 PPPoE DHCPv6-PD provides multiple addresses over time

New Member
Posts: 7
Registered: ‎11-08-2017

Re: IPv6 PPPoE DHCPv6-PD provides multiple addresses over time

Thanks for the link!

But the solution in there seems to be to make changes to the switch‘s config.

Can this be also changed in the EdgeRouter itself?

Emerging Member
Posts: 107
Registered: ‎07-09-2016
Kudos: 35
Solutions: 4

Re: IPv6 PPPoE DHCPv6-PD provides multiple addresses over time

That IS in the EdgeRouter's config Man Happy, it was merely applied on the switch portgroup "switch0", it should work the same with eth<...>.
New Member
Posts: 7
Registered: ‎11-08-2017

Re: IPv6 PPPoE DHCPv6-PD provides multiple addresses over time

Thanks Alestrix, I forgot that the ER X has a switch interface.

So I have set this for eth1 and it looks like it is working.

 

Do you guys see any issue with these minutely address expiries or is there nothing to worry about?

Reply