IPv6 with Sonic ONT

[msiegen]

ifurita, it looks like you successfully got an IPv6 prefix via DHCP. A few things to check:

1) Did your router pass the delegated prefix onwards to your LAN? If you look at the network interface status on your computer/phone/etc, it should have an address with Sonic's prefix 2001:5a8:.
2) Does your router have a default route for IPv6? This is provided via RA instead of DHCP at an interval of every few minutes. If you tested shortly after a reboot before the RA was received, or if your router is for some reason ignoring it, that would lead to a situation where you have an address but no connectivity.
3) Does your router block incoming ICMP? This couldn't explain the "no IPv6 address detected" message, but it could explain an inability to ping from an outside diagnostic site like https://ping.pe/.

[ifurita]

Decided to flash my router to Openwrt. Doesn't look like it passes delegated prefix onto the LAN. But it even fails doing a IPv6 ping to openwrt.org and ipv6.google.com from the router interface.

[msiegen]

What does the routing table on your router look like? If you have SSH access, check with ip -6 route show.

[ifurita]

What does the routing table on your router look like? If you have SSH access, check with ip -6 route show.

Code: Select all

root@OpenWrt:~# ip -6 route show
default from 2001:x:x:x::f:f1ea via fe80::x:x:x:9e31 dev 10g-1  metric 512
fd0a:x:x::/64 dev br-lan  metric 1024
unreachable fd0a:x:x::/48 dev lo  metric 2147483647
fe80::/64 dev br-lan  metric 256
fe80::/64 dev phy1-ap0  metric 256
fe80::/64 dev phy0-ap0  metric 256
fe80::/64 dev 10g-1  metric 256
anycast fd0a:x:x:: dev br-lan  metric 0
anycast fe80:: dev phy1-ap0  metric 0
anycast fe80:: dev br-lan  metric 0
anycast fe80:: dev phy0-ap0  metric 0
anycast fe80:: dev 10g-1  metric 0
multicast ff00::/8 dev br-lan  metric 256
multicast ff00::/8 dev phy1-ap0  metric 256
multicast ff00::/8 dev phy0-ap0  metric 256
multicast ff00::/8 dev 10g-1  metric 256

[msiegen]

Looks like you have a default route. Try verifying if the gateway is plausible with ping fe80:x9e31%10g-1... it should respond. If it doesn't, try disabling all firewalling on IPv6.

What's strange though is the from 2001x:f:f1ea constraint in your default route. Normally a default route would omit any such constraint, so that it works for any address in your /64. What happens if you explicitly specify that source address when pinging? ping -I 2001x:f:f1ea 2001:4860:4860::8888

[ifurita]

Tried disabling firewall on IPv6, same issue.

Code: Select all

root@OpenWrt:~# ping fe80::669:8fff:fe34:9e31%10g-1
PING fe80::669:8fff:fe34:9e31%10g-1 (fe80::669:8fff:fe34:9e31%7): 56 data bytes
64 bytes from fe80::669:8fff:fe34:9e31: seq=0 ttl=64 time=1.424 ms
64 bytes from fe80::669:8fff:fe34:9e31: seq=1 ttl=64 time=1.729 ms
64 bytes from fe80::669:8fff:fe34:9e31: seq=2 ttl=64 time=1.634 ms
64 bytes from fe80::669:8fff:fe34:9e31: seq=3 ttl=64 time=1.848 ms

Code: Select all

root@OpenWrt:~# ping -I 2001:x:x:x::f:f1ea 2001:4860:4860::8888
PING 2001:4860:4860::8888 (2001:4860:4860::8888) from 2001:x:x:x::f:f1ea: 56 data bytes
--- 2001:4860:4860::8888 ping statistics ---
37 packets transmitted, 0 packets received, 100% packet loss

[msiegen]

Huh, strange. Thanks for trying those commands. At this point I think we'd need a packet capture, covering the DHCP transaction and subsequent attempts to ping (from the router outbound, and from an external host inbound) to narrow down where things are breaking down.

Or perhaps someone in these forums will have seen the issue before, and know a fix. One can always hope....

[mabruce]

Willow Glen customer here.

A couple days ago, I had sudden problems with Home Assistant that were resolved (per a Google search) by disabling IPv6 on the device running it. Today, I had trouble with git/BitBucket which, also per a Google search, was resolved immediately by disabling IPv6 for that particular ssh connection.

I've had IPv6 "enabled" on my eeros for years now on various ISPs without issue, even when the ISP didn't provide an IPv6 address. I didn't think twice about the Home Assistant issue since it could have been a cloud server problem, but today's issue made me wonder. I checked my gateway eero and see that it has a 2001:5a8y::1/64 address. Checked my Linux desktop and it has also pulled a pair of 2001:5a8y:... prefixed addresses. Same thing with several other devices around the house.

Unfortunately I still can't ping6 any outside servers. I get responses from the gateway eero, but nothing in the outside world. My desktop has the gateway eero's fe80 address set as default route. Website checks show I don't have a real IPv6 address. I've seen pictures from a few years ago that show the eero's prefix length , but can't find that screen in the app so it was either removed or not visible until a real public address is pulled.

[ssstark]

Willow Glen as well. After booting back up after the power outage I've found that I have an IPv6 address as well, but still working on different iterations of OPNsense settings to figure out what works so that I can function IPv6 on my LAN as well. Will report back once I do.

[ssstark]

My WAN is configured for DHCPv6 and gets an address of 2001:5a8:601:29::[XYZ], and a delegated prefix of 2001:5a8:610:[ABC]::/64

---

Settings:

Code: Select all

WAN
* IPv6 Configuration Type: DHCPv6
* DHCPv6 client configuration
  * Request only an IPv6 prefix - Unchecked
  * Prefix delegation size - 64
  * Send IPv6 prefix hint - Checked
LAN
* IPv6 Configuration Type - Track Interface
* Track IPv6 Interface
  * IPv6 Interface - WAN
  * IPv6 Prefix ID - 0x0
  * Manual configuration (Allow manual adjustment of DHCPv6 and Router Advertisements) - Unchecked

---

After an evenings worth of troubleshooting, I think that the issue I'm hitting is within Sonics network:

Code: Select all

[sam@OPNsense ~]$ traceroute6 google.com
traceroute6 to google.com (2607:f8b0:4005:80c::200e) from 2001:5a8:601:29::[XYZ], 64 hops max, 28 byte packets
 1  2001:5a8:601:29::1  0.548 ms  1.315 ms  0.312 ms
 2  * * *
 3  * * *
 4  * * *
 [...]
 30  * * *

2001:5a8:601:29::1 looks to be a gateway of some sort, and any traceroute I do times out there.