On 4/28/2020 3:17 PM, Chris Adams wrote:> - gateway sends a router solicitation and gets a router advertisement > with "stateful config" set, which tells gateway to do DHCPv6 (but > default route comes from RA)I'm not seeing any outbound IPv6 traffic from my CentOS 7 box on the WAN interface. I do see RA's emitting from the LAN interface, from radvd. Is there some setting in NM tells it to send solicitations? Is there some way to push one manually?
Once upon a time, Kenneth Porter <shiva at sewingwitch.com> said:> On 4/28/2020 3:17 PM, Chris Adams wrote: > >- gateway sends a router solicitation and gets a router advertisement > > with "stateful config" set, which tells gateway to do DHCPv6 (but > > default route comes from RA) > > I'm not seeing any outbound IPv6 traffic from my CentOS 7 box on the > WAN interface. I do see RA's emitting from the LAN interface, from > radvd. Is there some setting in NM tells it to send solicitations? > Is there some way to push one manually?What's in /etc/sysconfig/network-scripts/ifcfg-<name>? I wonder if you have IPv6 disabled. I'm not using a "regular" (CentOS, Fedora, etc.) Linux as a gateway; I have OpenWRT on a dedicated box. I couldn't find a way to handle the prefix delegation with the typical desktop/server tools (but it has been a while since I looked). OpenWRT has their own daemon for that. However, my local systems are all sending RA solicitations and getting DHCPv6-assigned addresses with NetworkManager (which matches the first steps of what you need on the WAN, just not the prefix delegation). -- Chris Adams <linux at cmadams.net>
On 4/28/2020 4:22 PM, Chris Adams wrote:> What's in /etc/sysconfig/network-scripts/ifcfg-<name>? I wonder if you > have IPv6 disabled.Pasted below. V6 definitely works. I have a second server and gave it a WAN address and I can connect between them using their WAN addresses. That's what told me that my ip6tables weren't screwed up and that the problem lay elsewhere. That's when I hit on looking at the route table and seeing no default IPv6 route.> I'm not using a "regular" (CentOS, Fedora, etc.) Linux as a gateway; I > have OpenWRT on a dedicated box. I couldn't find a way to handle the > prefix delegation with the typical desktop/server tools (but it has been > a while since I looked). OpenWRT has their own daemon for that. > > However, my local systems are all sending RA solicitations and getting > DHCPv6-assigned addresses with NetworkManager (which matches the first > steps of what you need on the WAN, just not the prefix delegation).I'm using OpenWrt at home and it's working mostly fine there. Except with my Android phone. I'm not getting a DNS setting for V6, but I do have the setting in the router's config file. The Win10 clients work fine, though. Apparently Android has issues with DHCPv6, and I'm betting it's interfering with my SLAAC config. LAN config, ifcfg-em1: TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=no IPV6_DEFROUTE=no IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=em1 UUID=fbf59f72-2d60-4dd3-8870-c14a1acb4337 DEVICE=em1 ONBOOT=yes DHCP_CLIENT_ID=saruman IPV6_PRIVACY=no ZONE=internal IPADDR=10.169.1.128 PREFIX=9 IPV6ADDR=2001:1890:1837:5B11::100/60 WAN config, ifcfg-em2: TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=em2 UUID=fe08c9df-9913-47f5-be8b-47dad168bcc4 DEVICE=em2 ONBOOT=yes IPADDR=12.3.140.156 PREFIX=29 GATEWAY=12.3.140.153 DNS1=127.0.0.1 DOMAIN="mpa.lan dhcp.mpa.lan microprecisionautomation.com" ZONE=external IPV6FORWARDING=yes IPV6_PEERDNS=no # AT&T assigns us 2001:1890:1837:5B00::/56 # we use the 2nd /64 for our DMZ IPV6ADDR_SECONDARIES=2001:1890:1837:5B01::100/64
I discovered that IPv6 is sort of working when I got an email rejection
from Comcast for not having an IPv6 PTR record. I discovered I could telnet
to port 25 on their MX server over IPv6! I then found I could tracroute6 to
them, but I couldn't to my Linode VPS in Fremont. It gets to the data
center and stops. Going the other way, my Linode can traceroute6 almost to
my AT&T-hosted server. Neither can reach the open port 25 on the other, but
both can reach mx1.comcast.net via IPv6.
I dropped the firewall ("systemctl stop firewalld", confirmed with
"ip6tables -L -v -n") on my Fremont server and still can't
traceroute6 or
ping6 it. Nor can I do so from my home system on Comcast.
What else could be blocking ping6, traceroute6, and telnet to port 25 on
IPv6?
>From AT&T host to Linode host:
[root at saruman ~]# traceroute6 2600:3c01::f03c:91ff:febc:e22d
traceroute to 2600:3c01::f03c:91ff:febc:e22d
(2600:3c01::f03c:91ff:febc:e22d), 30 hops max, 80 byte packets
1 2001:1890:1837:5b00::1 (2001:1890:1837:5b00::1) 3.230 ms 3.181 ms
3.137 ms
2 2001:1890:c05:2f3a::ee6e:61cd (2001:1890:c05:2f3a::ee6e:61cd) 6.906 ms
6.901 ms 6.870 ms
3 ok3ca81crs.ipv6.att.net (2001:1890:ff:ffff:12:123:6:98) 8.305 ms
8.254 ms 8.258 ms
4 sffca21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:110:65) 14.199 ms
14.164 ms 14.153 ms
5 sffca401igs.ipv6.att.net (2001:1890:ff:ffff:12:122:114:5) 9.861 ms
10.163 ms *
6 2001:1890:1fff:41e:192:205:32:222 (2001:1890:1fff:41e:192:205:32:222)
9.789 ms 8.078 ms 7.365 ms
7 linode-ic-342731-sjo-b21.c.telia.net (2001:2000:3080:1ac4::2) 6.788 ms
6.327 ms 6.262 ms
8 2600:3c01:3333:4::2 (2600:3c01:3333:4::2) 7.294 ms 7.728 ms 7.705 ms
9 * * *
>From Linode to AT&T:
[root at linode2 ~]# traceroute6 2001:1890:1837:5b01::100
traceroute to 2001:1890:1837:5b01::100 (2001:1890:1837:5b01::100), 30 hops
max, 80 byte packets
1 2600:3c01::8678:acff:fe0d:79c1 (2600:3c01::8678:acff:fe0d:79c1) 0.783
ms 2600:3c01::8678:acff:fe0d:a641 (2600:3c01::8678:acff:fe0d:a641) 0.834
ms 0.972 ms
2 2600:3c01:3333:4::1 (2600:3c01:3333:4::1) 0.645 ms 0.646 ms
2600:3c01:3333:2::1 (2600:3c01:3333:2::1) 0.508 ms
3 ix-ae-67-0.tcore1.sqn-san-jose.ipv6.as6453.net (2001:5a0:1000:500::a1)
1.059 ms 2001:550:2:3::d9:1 (2001:550:2:3::d9:1) 1.967 ms
ix-ae-67-0.tcore1.sqn-san-jose.ipv6.as6453.net (2001:5a0:100
4 be2063.ccr21.sjc01.atlas.cogentco.com (2001:550:0:1000::9a36:1a1)
2.340 ms 2001:1890:1fff:415:192:205:37:69
(2001:1890:1fff:415:192:205:37:69) 3.209 ms 4.412 ms
5 sffca21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:114:6) 7.353 ms
6.769 ms 5.379 ms
6 ok3ca81crs.ipv6.att.net (2001:1890:ff:ffff:12:122:110:66) 4.785 ms
6.158 ms 6.073 ms
7 2001:1890:ff:ffff:12:122:119:125 (2001:1890:ff:ffff:12:122:119:125)
3.401 ms 3.406 ms 3.469 ms
8 ok3ca81crs.ipv6.att.net (2001:1890:ff:ffff:12:122:110:66) 8.444 ms
8.415 ms 2001:1890:c05:2f3a::116e:61cd (2001:1890:c05:2f3a::116e:61cd)
5.816 ms
9 2001:1890:ff:ffff:12:122:119:125 (2001:1890:ff:ffff:12:122:119:125)
4.688 ms 4.607 ms 4.565 ms
10 * * 2001:1890:c05:2f3a::116e:61cd (2001:1890:c05:2f3a::116e:61cd)
6.732 ms
11 * * *