IPv6: stale routes and no IPv6 connectivity via WLAN

Note: I’ve yet to test this with cables.

Apparently my IPv6 addresses aren’t routed correctly for some reason.
From Turris, everything works as intended, if for example ping6 www.google.com. If I try with a client (which has an IPv6 address) I get destination unreachable and traceroute doesn’t even reach the router.

The client is an openSUSE Tumbleweed machine running NetworkManager.

I’ll post more details as I get them now.

LC_ALL=C /usr/sbin/traceroute6 www.google.com
traceroute to www.google.com (2a00:1450:4002:805::2004), 30 hops max, 80 byte packets
connect: Network is unreachable

 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 3c:97:0e:0b:04:ac brd ff:ff:ff:ff:ff:ff
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 8c:70:5a:8c:0a:d8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.68/24 brd 192.168.10.255 scope global dynamic wlp3s0
       valid_lft 42349sec preferred_lft 42349sec
    inet6 fdf0:7108:dc43::a60/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fdf0:7108:dc43:0:454c:53b8:a28e:3e69/64 scope global temporary dynamic 
       valid_lft 6351sec preferred_lft 951sec
    inet6 fdf0:7108:dc43:0:c0cc:f6d0:7435:caa4/64 scope global mngtmpaddr noprefixroute dynamic 
       valid_lft 6982sec preferred_lft 1582sec
    inet6 fe80::45f4:fe35:19a8:4cbe/64 scope link 
       valid_lft forever preferred_lft forever

ip -6 route show
fdf0:7108:dc43::a60 dev wlp3s0 proto kernel metric 256  pref medium
fdf0:7108:dc43::/64 dev wlp3s0 proto kernel metric 256  expires 6302sec pref medium
fdf0:7108:dc43::/64 dev wlp3s0 proto ra metric 600  pref medium
fdf0:7108:dc43::/48 via fe80::da58:d7ff:fe00:21db dev wlp3s0 proto ra metric 600  pref medium
fe80::/64 dev wlp3s0 proto kernel metric 256  pref medium

ip -6 neigh show
fe80::da58:d7ff:fe00:21db dev wlp3s0 lladdr d8:58:d7:00:21:db router STALE

And on the Omnia:

# uci show network
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fdf0:7108:dc43::/48'
network.lan=interface
network.lan.ifname='eth0 eth2'
network.lan.force_link='1'
network.lan.type='bridge'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.10.1'
network.wan=interface
network.wan.ifname='eth1'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.ifname='@wan'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='0 1 2 3 5'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='4 6'
network.vpn0=interface
network.vpn0.ifname='tun0'
network.vpn0.proto='none'
network.vpn0.auto='1'

# uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan wan6'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fe80::/10'
firewall.@rule[3].src_port='547'
firewall.@rule[3].dest_ip='fe80::/10'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@include[1]=include
firewall.@include[1].path='/usr/share/firewall/turris'
firewall.@include[1].reload='1'
firewall.@include[2]=include
firewall.@include[2].path='/etc/firewall.d/with_reload/firewall.include.sh'
firewall.@include[2].reload='1'
firewall.@include[3]=include
firewall.@include[3].path='/etc/firewall.d/without_reload/firewall.include.sh'
firewall.@include[3].reload='0'
firewall.@rule[7]=rule
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.miniupnpd=include
firewall.miniupnpd.type='script'
firewall.miniupnpd.path='/usr/share/miniupnpd/firewall.include'
firewall.miniupnpd.family='any'
firewall.miniupnpd.reload='1'
firewall.@zone[2]=zone
firewall.@zone[2].input='ACCEPT'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].name='vpn'
firewall.@zone[2].masq='1'
firewall.@zone[2].network='vpn0'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='lan'
firewall.@forwarding[1].src='vpn'
firewall.@forwarding[2]=forwarding
firewall.@forwarding[2].dest='vpn'
firewall.@forwarding[2].src='lan'
firewall.@rule[9]=rule
firewall.@rule[9].target='ACCEPT'
firewall.@rule[9].proto='tcp'
firewall.@rule[9].dest_port='1194'
firewall.@rule[9].name='openvpn_inbound'
firewall.@rule[9].src='*'

It looks like there is no delegated prefix for your home network. Please post the output of ifstatus wan6 command on Omnia.

@Ondrej_Caletka

ifstatus wan6
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "uptime": 55149,
        "l3_device": "eth1",
        "proto": "dhcpv6",
        "device": "eth1",
        "metric": 0,
        "delegation": true,
        "ipv4-address": [

        ],
        "ipv6-address": [
                {
                        "address": "2001:b07:a2e:f429:da58:d7ff:fe00:21dc",
                        "mask": 64
                }
        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [
                {
                        "target": "2001:b07:a2e:f429::",
                        "mask": 64,
                        "nexthop": "::",
                        "metric": 256,
                        "source": "::\/0"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::221:96ff:fe6b:b620",
                        "metric": 512,
                        "valid": 1281,
                        "source": "2001:b07:a2e:f429:da58:d7ff:fe00:21dc\/64"
                }
        ],
        "dns-server": [

        ],
        "dns-search": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ]
        },
        "data": {

Notice: I believe my ISP doesn’t do true IPv6, but IPv6-over-IPv4 (but with my previous router it didn’t work at all).

OK, that confirms it. Your WAN network has some kind of IPv6 deployed, but there is obviously no prefix delegated to your home network, so nothing Omnia could use on the LAN side.

According to the RIPE database, your ISP is using 6rd technology. Is the WAN port connected directly to to the ISP network, or is there some other device? In the latter case, try to switch the other device into a transparent bridge mode. In that case, the 6rd tunnel would end at the Omnia and there would be enough addresses for your LAN. 6rd should work out of the box in OpenWRT.

I have FTTH (but not with SFP) and there’s a device, called HAG (Home Access Gateway) that does the conversion to Ethernet.

Unfortunately the device can only do port mapping via a clunky web UI, and can’t use bridge mode (newer ones do, but the ISP asks a €39 fee for a replacement…). I’ll bookmark this and check back once I have it replaced (when it breaks…)

Hi Guys,
I guess I am having the same issue. I am in Germany and have a cable connection to the provider. There is a cable modem in bridged mode. Turris couldn’t fetch IP until I enabled the option “Use DNS servers advertised by peer”

Now the LAN works, but WIFI don’t. It connects, I get an IPV6 address but no route is set to the gateway. Here the result of my ifstatus:

root@turris:~# ifstatus wan6
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 459,
        "l3_device": "br-wan",
        "proto": "dhcpv6",
        "device": "br-wan",
        "metric": 0,
        "delegation": true,
        "ipv4-address": [

        ],
        "ipv6-address": [

        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [

        ],
        "dns-server": [
                "2a02:8100:c0:2b1::4:1101",
                "2a02:8100:c0:2b9::4:1101"
        ],
        "dns-search": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ]
        },
        "data": {
                "passthru": "001700202a02810000c002b100000000000411012a02810000c002b90000000000041101"
        }
}

Any idea how I could make the WLAN work? Thank you…
One more thing it seems to me that I even don’t gat any IP address… at least it is not shown in the DHCP Lease table… in the router

This is strange.

Have you broken them out of the default bridge?

The listing of ifstatus shows that there is neither address nor prefix assigned to the router. That’s certainly an issue. It also shows that your l3_device is br-wan, which is also not a default state.

I would recommend doing a factory reset and starting over.

Ahoj Ondrej,
thank you very much… I did a factory reset and suddenly all works out of the box. Even the DNS advertised was automaticaly set by the wizard.

Strange no idea why… The only difference I guess that the network in the wifi was selected lan instead of WAN in the checkbox.

Anyway thank you for your support!

greetings
Attila