Highlighted
New Member
Posts: 28
Registered: ‎06-20-2014
Kudos: 8
Solutions: 2

No luck with ERL trying to get IPv6 from SFR NB6v box

[ Edited ]

Hello,

Just spent hours trying to configure my ERL to get the IPv6 Prefix from my ISP (SFR) box (NB6v). The box receive its IPv6 /56 prefix from FTTH network via a L2TP/PPP session. Then advertise on LAN.

Due to the fact I can't get ride of it because of complex setup for TV and telephony, I decided to keep the box as a full gateway. The ERL to get IPv4 (via trivial DHCP) and IPv6 (via DHCP6C) from it so I can tweak it at will for SoHo LAN..

Being inspired by the extensive dhcpv6 comcast thread, I've started to dig into my settings, but with no luck so far.

ERL running EdgeOS 1.5.0. WAN = eth0, LAN = eth1, nothing on eth2.

What I've done:

Initialization of the DHCP6 client

sudo update-rc.d wide-dhcpv6-client defaults

 

Editing the following .conf files:

 

sudo -u root vi /etc/sysctl.conf

net.ipv6.conf.all.forwarding=1
net.ipv6.conf.eth0.accept_ra=2

 

(sudo /etc/init.d/radvd start)


sudo -u root vi  /etc/default/wide-dhcpv6-client

INTERFACES=“eth0"

 

sudo -u root vi /etc/wide-dhcpv6/dhcp6c.conf

interface eth0 {
     request domain-name-servers;
     request domain-name;
     send ia-na 1;
     send ia-pd 1;
     send rapid-commit;
     script "/etc/wide-dhcpv6/dhcp6c-script";
};

id-assoc pd 1 {
     prefix ::/56 infinity;
     prefix-interface eth1 {
          sla-id 1;
          sla-len 8;
     };
};

id-assoc na 1 { };

 (sudo /etc/init.d/wide-dhcpv6-client start)

 

Then some CLI work... Here is my config.boot file:

Please note, no IPv6 addresses specified as my ISP is giving fixed but uncommited addresses. They can change (every 6 months or so, it seems). Assuming wide-dhcp6 client + radvd combo can do the job.

firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-name WAN6_IN {
        default-action drop
        description "Internet to internal networks"
        enable-default-log
        rule 1 {
            action accept
            description "Allow established/related"
            log disable
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "Drop invalid state"
            log enable
            state {
                invalid enable
            }
        }
        rule 5 {
            action accept
            description "Allow icmpv6"
            log enable
            protocol icmpv6
        }
    }
    ipv6-name WAN6_LOCAL {
        default-action drop
        description "Internet to router"
        enable-default-log
        rule 1 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "Drop invalid state"
            log enable
            state {
                invalid enable
            }
        }
        rule 5 {
            action accept
            description "Allow icmpv6"
            log enable
            protocol icmpv6
        }
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "Internet to internal networks"
        enable-default-log
        rule 1 {
            action accept
            description "Allow established sessions"
            log disable
            protocol all
            state {
                established enable
                invalid disable
                new disable
                related enable
            }
        }
        rule 2 {
            action drop
            description "Drop invalid state"
            log disable
            protocol all
            state {
                established disable
                invalid enable
                new disable
                related disable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "Internet to router"
        enable-default-log
        rule 1 {
            action accept
            description "Allow established session to the router"
            log disable
            protocol all
            state {
                established enable
                invalid disable
                new disable
                related enable
            }
        }
        rule 2 {
            action drop
            description "Drop invalid state"
            log enable
            protocol all
            state {
                established disable
                invalid enable
                new disable
                related disable
            }
        }
        rule 5 {
            action accept
            description "ICMP 50 per minutes"
            limit {
                burst 1
                rate 50/minute
            }
            log enable
            protocol icmp
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description WAN
        duplex auto
        firewall {
            in {
                ipv6-name WAN6_IN
                name WAN_IN
            }
            local {
                ipv6-name WAN6_LOCAL
                name WAN_LOCAL
            }
        }
        ipv6 {
            dup-addr-detect-transmits 1
        }
        speed auto
    }
    ethernet eth1 {
        address 192.168.2.254/24
        description LAN
        duplex auto
        ipv6 {
            dup-addr-detect-transmits 1
            router-advert {
                cur-hop-limit 64
                default-preference high
                link-mtu 0
                managed-flag false
                max-interval 600
                other-config-flag false
                prefix ::/64 {
                    autonomous-flag true
                    on-link-flag true
                    valid-lifetime 2592000
                }
                reachable-time 0
                retrans-timer 0
                send-advert true
            }
        }
        speed auto
    }
    ethernet eth2 {
        address 192.168.3.1/24
        description LAN2
        duplex auto
        speed auto
    }
    loopback lo {
    }
}
protocols {
    static {
        interface-route6 ::/0 {
            next-hop-interface eth0 {
            }
        }
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN {
            authoritative disable
            subnet 192.168.2.0/24 {
                default-router 192.168.2.254
                dns-server 192.168.2.254
                lease 86400
                start 192.168.2.100 {
                    stop 192.168.2.200
                }
            }
        }
        shared-network-name LAN2 {
            authoritative disable
            subnet 192.168.3.0/24 {
                lease 86400
                start 192.168.3.100 {
                    stop 192.168.3.150
                }
            }
        }
    }
    dns {
        dynamic {
            interface eth0 {
                service dyndns {
                    host-name all.dnsomatic.com
                    login USERNAME
                    password PASSWORD
                    server updates.dnsomatic.com
                }
            }
        }
        forwarding {
            cache-size 1000
            listen-on eth1
            listen-on eth2
        }
    }
    gui {
        https-port 443
        listen-address 192.168.2.254
    }
    nat {
        rule 5000 {
            description "Masquerade for WAN"
            log disable
            outbound-interface eth0
            type masquerade
        }
    }
    snmp {
        community akihabara {
            authorization ro
        }
        description "EdgeRouter Lite"
        listen-address 192.168.2.254 {
            port 161
        }
        location home
    }
    ssh {
        listen-address 192.168.2.254
        port 22
        protocol-version v2
    }
    upnp {
        listen-on eth1 {
            outbound-interface eth0
        }
    }
}
system {
    config-management {
        commit-archive {
            location ftp://xxxx:xxxxxxxx@192.168.2.10/Reports/EdgeRouter
        }
    }
    conntrack {
        expect-table-size 4096
        hash-size 4096
        table-size 32768
        tcp {
            half-open-connections 512
            loose enable
            max-retrans 3
        }
    }
    host-name ubnt
    login {
        user USERNAME {
            authentication {
                encrypted-password XXXXXXX
                plaintext-password ""
            }
            full-name Yann
            level admin
        }
    }
    name-server 208.67.222.222
    name-server 208.67.220.220
    name-server 2620:0:ccc::2
    name-server 2620:0:ccd::2
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    offload {
        ipsec enable
        ipv4 {
            forwarding enable
        }
        ipv6 {
            forwarding enable
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone Europe/Paris
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@3:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.5.0.4677648.140620.1301 */

 

What I get with this: Link IPv6 addresses but no much from my gateway.

yann@ubnt:~$ sudo ifconfig
eth0      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX  
          inet addr:192.168.1.5  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::XXXX:XXXX:XXXX:56c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:31315 errors:0 dropped:0 overruns:0 frame:0
          TX packets:170226 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3650203 (3.4 MiB)  TX bytes:252767678 (241.0 MiB)

eth1      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX  
          inet addr:192.168.2.254  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::XXXX:XXXX:XXXX:56d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:172606 errors:0 dropped:24 overruns:0 frame:0
          TX packets:32609 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:253689641 (241.9 MiB)  TX bytes:5088732 (4.8 MiB)

eth2      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX  
          inet addr:192.168.3.1  Bcast:192.168.3.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:147 errors:0 dropped:0 overruns:0 frame:0
          TX packets:147 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:25866 (25.2 KiB)  TX bytes:25866 (25.2 KiB)

 

Btw, on the below I can see my ISP Box prefix (2a02....) :

yann@ubnt:~$ ip -f inet6 route
2a02:YYYY:YY:YYYY::/64 dev eth0  proto kernel  metric 256  expires 604527sec
fe80::/64 dev eth0  proto kernel  metric 256 
fe80::/64 dev eth1  proto kernel  metric 256 
default dev eth0  proto zebra  metric 1024 
default via fe80::XXXX:XX:XXXX:XXXX dev eth0  proto kernel  metric 1024  expires 1527sec

 

I even rebooted my ERL with no firewall at all, same results. So I do believe my FW rules are ok.

Now looking at wide-dhcp6 client or radvd... What I'm doing wrong here?  

 Any suggestion is more than welcome.

 

New Member
Posts: 28
Registered: ‎06-20-2014
Kudos: 8
Solutions: 2

Re: No luck with ERL trying to get IPv6 from SFR NB6v box

Quick message to report some progress...

I can now ping6 online from my ERL ...

I've added the following to my /etc/sysctl.conf file :

net.ipv6.conf.eth0.autoconf=1

WAN (eth0) is now forwarding toward ISP router as expected. But still no way to get an IPv6 on my LAN interface (eth1) (carrying the router-advert) via wide-dhcpv6-client.

Current /etc/wide-dhcpv6/dhcp6c.conf file :

interface eth0 {
     request domain-name-servers;
     request domain-name;
     send ia-na 1;
     send ia-pd 1;
     send rapid-commit;
     script "/etc/wide-dhcpv6/dhcp6c-script";
};
id-assoc pd 1 {
     prefix-interface eth1 {
          sla-id 0;
          sla-len 0;

     };
};
id-assoc na 1 { };

 Where can I get logs from wide-dhcpv6-client ?

New Member
Posts: 28
Registered: ‎06-20-2014
Kudos: 8
Solutions: 2

Re: No luck with ERL trying to get IPv6 from SFR NB6v box

Some more digging...

From /var/log/messages, I could see :

dhcp6c[488]: client6_send: transmit failed: Cannot assign requested address
...
radvd[2079]: no auto-selected prefix on interface eth1, disabling advertisements

 First one (dhcp6c) got "solved" with:

set interfaces ethernet eth1 ipv6 router-advert prefix ::/64 autonomous-flag false

 But radvd is still complaining...

As, from my undestanding, eth1 never gets its IPv6 assigned by dhcp6c.