Re: Debian Buster Router: IPv6 and Comcast
I ended up cheating by having this setup enable both wide-dhcpv6 for the
IP address, and SLAAC for the routing information. It's really odd how
the configuration built into the system doesn't allow it.
/etc/network/interfaces
> auto eth-external
> iface eth-external inet dhcp
> pre-up modprobe ipv6
> post-up /etc/init.d/wide-dhcpv6-client start
> pre-down /etc/init.d/wide-dhcpv6-client stop
>
> iface eth-external inet6 auto
/etc/wide-dhcpv6/dhcp6c.conf
> interface eth-external {
> send ia-na 1;
> send rapid-commit;
> script "/etc/wide-dhcpv6/dhcp6c-script";
> };
>
> id-assoc na 1 {
};
Why in the world does enabling DHCPv6 for the IP address cause the
kernel to ignore router advertisements? That's a common use case for
IPv6.
Thank you,
- Neil
On Thu, Nov 14, 2019 at 07:01:47PM -0800, Neil E. Hodges wrote:
> Hello everybody,
>
> I've been having a bear of a time trying to get my Debian Buster-based router
> to operate with Comcast's native IPv6 configuration. I'm not looking
> for prefix delegation, just a public address and a default gateway. I'm
> using the ISC DHCP client for both v4 and v6 since it's generally worked
> for me other than this.
>
> I've tried two approaches, with eth-external being the name I configured
> for the interface in udev.
>
> 1. iface eth-external inet6 dhcp
>
> This gets me an IPv6 address just fine, but no route whatsoever unless I
> manually configure it. I see the router advertisements coming in when
> running tcpdump, but the kernel just disregards them.
>
> 2. iface eth-external inet6 auto
> dhcp 1
> request_prefix 1
>
> This usually gets me a /64 prefix and a route, but not an IPv6 address.
>
> The usual sysctl suspects don't reveal anything significant:
>
> > # sysctl -a | grep -i 'eth-external.*ra'
> > net.ipv4.conf.eth-external.drop_gratuitous_arp = 0
> > net.ipv4.neigh.eth-external.retrans_time_ms = 1000
> > net.ipv6.conf.eth-external.accept_ra = 2
> > net.ipv6.conf.eth-external.accept_ra_defrtr = 1
> > net.ipv6.conf.eth-external.accept_ra_from_local = 0
> > net.ipv6.conf.eth-external.accept_ra_min_hop_limit = 1
> > net.ipv6.conf.eth-external.accept_ra_mtu = 1
> > net.ipv6.conf.eth-external.accept_ra_pinfo = 1
> > net.ipv6.conf.eth-external.accept_ra_rt_info_max_plen = 0
> > net.ipv6.conf.eth-external.accept_ra_rt_info_min_plen = 0
> > net.ipv6.conf.eth-external.accept_ra_rtr_pref = 1
> > net.ipv6.conf.eth-external.dad_transmits = 1
> > net.ipv6.conf.eth-external.suppress_frag_ndisc = 1
> > net.ipv6.neigh.eth-external.retrans_time_ms = 1000
>
> And no packets are being dropped, as I have rules to allow ICMPv6 and
> DHCP:
> > -A INPUT -p ipv6-icmp -j ACCEPT
> > -A INPUT -s fe80::/10 -i eth-external -p udp -m udp --sport 546 --dport 547 -j ACCEPT
> > -A INPUT -s fe80::/10 -i eth-external -p udp -m udp --sport 547 --dport 546 -j ACCEPT
>
> Nothing is logged matching those, and, again, tcpdump shows the RAs
> coming in.
>
> I've been fighting this for the past few weeks, and nothing I've found
> when searching online has helped. I've also seen odd cases where I'm
> able to get both a public IPv6 address and a default gateway, but only
> on rare occasions.
>
> Does anybody have any suggestions?
>
> Thank you,
>
> - Neil
Reply to: