Networking – Hosts connected to DD-WRT router running radvd get IPv6 addresses but can’t communicate

dd-wrtipv6networkingrouterwireless-networking

I'm trying to get IPv6 working on my local network. I know my ISP (Comcast) supports it because anything connected to the modem/router combo I rent from them gets assigned an IPv6 address and communicate using the protocol (can connect to ipv6.google.com and gets 20/20 on http://test-ipv6.com/).

However when I connect my own router (Netgear WNDR3800, if it's relevant) running DD-WRT to the Comcast modem/router combo none of the hosts can communicate over IPv6, although they get assigned IPv6 addresses in the prefix I was delegated by Comcast.

It seems to fail before it even leaves the LAN. Attempting to ping the IPv6 address of the router returns "Destination host unreachable". My guess would be that I'm missing a route somewhere, but I am not familiar enough with IPv6 or routing to know how to test that theory or how to resolve it.

Technical details:

Router: WNDR3800 running DD-WRT v24-sp2. Its IPv6 configuration looks like this:

Router ifconfig:

root@DD-WRT:~# ifconfig
ath1      Link encap:Ethernet  HWaddr [redacted]
          inet6 addr: fe80::224e:7fff:fe74:13da/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:188122 errors:0 dropped:0 overruns:0 frame:0
          TX packets:227134 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:26587839 (25.3 MiB)  TX bytes:211385503 (201.5 MiB)

br0       Link encap:Ethernet  HWaddr [redacted]
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::224e:7fff:fe74:13d8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:190093 errors:0 dropped:0 overruns:0 frame:0
          TX packets:217213 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:24491040 (23.3 MiB)  TX bytes:204922896 (195.4 MiB)

br0:0     Link encap:Ethernet  HWaddr [redacted]
          inet addr:169.254.255.1  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr [redacted]
          inet6 addr: fe80::224e:7fff:fe74:13d8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1989 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21615 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:569599 (556.2 KiB)  TX bytes:3297349 (3.1 MiB)
          Interrupt:4

eth1      Link encap:Ethernet  HWaddr [redacted]
          inet addr:10.0.0.59  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: 2601:601:XXXX:XXXX:XXXX:XXXX:XXXX:13d9/64 Scope:Global
          inet6 addr: fe80::224e:7fff:fe74:13d9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:216381 errors:0 dropped:0 overruns:0 frame:0
          TX packets:181622 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:202350364 (192.9 MiB)  TX bytes:25482727 (24.3 MiB)
          Interrupt:5

ipconfig from Windows 8.1 host connected to the router:

C:\Users\seth>ipconfig

Windows IP Configuration


Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2601:601:XXXX:XXXX:XXXX:XXXX:XXXX:75c3
   Temporary IPv6 Address. . . . . . : 2601:601:XXXX:XXXX:XXXX:XXXX:XXXX:2b13
   Link-local IPv6 Address . . . . . : fe80::18b5:93d6:d9db:75c3%4
   IPv4 Address. . . . . . . . . . . : 192.168.2.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1

(unrelated interfaces removed from output. lo, VMWare, etc)

Best Answer

Based on your question and clarifications in the comments we have learned that what you have is a /64 delegated from your ISP to your modem. The modem is using that /64 as link prefix on the connection to the DD-WRT router. And if there is a switch on that connection (possibly built into the modem), then you can connect more devices to that link.

What you don't have is a prefix delegated to DD-WRT. The prefix just isn't delegated that far.

You have manually entered the prefix in the DD-WRT configuration as if it was delegated. However that is not the case so essentially you have configured all devices connected to the DD-WRT to spoof IP addresses which do not belong to the network segment to which they are attached. Maybe they will be able to send packets to the internet, but they will never get a response.

How to solve it

You have a few options. The cleanest solution would be to have multiple layers of prefix delegation. The ISP is supposed to delegate a shorter prefix to your modem. For the usage you describe it makes no difference how long that prefix is, as long as it is a /63 or shorter. For the following example I will assume the ISP has delegated 2001:db8:feed::/48 to your modem.

The modem can split the /48 into subnetworks and send router advertisements for 2001:db8:feed::/64 and delegate 2001:db8:feed:100::/56 to DD-WRT. Then DD-WRT can use that delegation to send router advertisements for 2001:db8:feed:100::/64. This would leave both routers with plenty of free blocks of address space which they can subdelegate or use for additional interfaces. For example if you have Ethernet with multiple VLAN or WiFi with multiple SSID, you would have a total of 256 /64 which DD-WRT could send router advertisements for.

What if the modem does not support it

Multiple layers of prefix delegation is (AFAIK) not widely supported. So if your modem doesn't support it, the solution above won't work. It is also possible that your ISP ignores RFCs about what prefix length to delegate and only give you a /64 when they were supposed to give you something shorter, in which case you also wouldn't be able to use the solution explained above. But there is an alternative.

If you configure one of the two routers to operate as a bridge rather than as a router, you will have one less IP segment on the path between your LAN and the internet. That means you only need a single /64 delegated to get a working configuration, and you will only have a single layer of prefix delegation, so support for multiple layers of prefix delegation is no longer required.

Judging from your question it sounds like it is the modem where you would want bridging. Then the ISP can delegate a prefix directly to your DD-WRT router, which it can use on the LAN.

Related Solutions

IPv6 routing problem

To be completely honest, I don't know why or how this fixes it...

My new route table


andrew@route:~$ ip -6 route
2001:470:XXXX:XXXX::1 dev 6in4  metric 1024  mtu 1480 advmss 1420 hoplimit 0
2001:470:XXXX:XXXX::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev tap0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 via :: dev 6in4  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 0
default via 2001:470:XXXX:XXXX::1 dev 6in4  metric 1024  mtu 1480 advmss 1420 hoplimit 0

The rule that I ended up removing:


2001:470:XXXX:XXXX::/64 via :: dev 6in4  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 0

After removing that rule(randomly of course) the "other computers" could ping out with no problem at all.

I've prevented my router from generating that rule in the future by removing the address from the 6in4 interface in /etc/network/interfaces.

Anyway, thank you for those of you who took the time to read my post.

Linux Networking – How to Check if Multiple Network Interfaces Are Working

The reason why your bind does not work has nothing to with bind, a trick I use too, and everything to do with the fact that you have only one default gateway, on the usb0 NIC, while you should have one on either NIC, otherwise connection to WAN sites from wlan0 will not be routed.

Linux allows the existence of multiple gateways (one per interface, virtual or not), under the regimen of policy-based routing. What you need to do is to have two separate routing tables, one for usb0 and one for wlan0, and a rule telling the kernel which one to use; then binding an application to either interface will allow you to reach WAN sites.

You handle two routing tables as follows: First, create two tables (Replace and with sensible names, same with IP1, DEV1, and so on):

echo 200 <NAME1> >> /etc/iproute2/rt_tables
echo 201 <NAME2> >> /etc/iproute2/rt_tables

Add a gateway to each routing table (if needed):

ip route add <NET1> dev <DEV1> src <SRC1> table <NAME1>
ip route add <NET2> dev <DEV2> src <SRC2> table <NAME2>

Then a default route:

ip route add default via <IP1> table <NAME1>
ip route add default via <IP2> table <NAME2>

Then the rules to select the route table based on the source address:

ip rule add from <IP1> table <NAME1>
ip rule add from <IP2> table <NAME2>

Now you can bind application to either interface.

Best Answer

Related Solutions

IPv6 routing problem

Linux Networking – How to Check if Multiple Network Interfaces Are Working

Related Question