dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
3618

koitsu
MVM
join:2002-07-16
Mountain View, CA
Humax BGW320-500

1 edit

2 recommendations

koitsu

MVM

Re: TomatoUSB and Comcast IPv6 -- bugs found

Okay, a follow-up to my own "IT WORKS!" post with some details.

I can confirm that at this point:

1. My TomatoUSB router is able to talk IPv6 to the Internet directly (e.g. ping6 ipv6.google.com from TomatoUSB natively works),

2. My FreeBSD box on my LAN is able to talk IPv6 to the Internet directly (e.g. ping6 ipv6.google.com from FreeBSD works). IMPORTANT: My FreeBSD box is statically configured for IPv6, it is not configured to dynamically get an IPv6 prefix/etc. from the TomatoUSB router.

I have rebooted my RT-N16 and done the manual fix-ups needed and it does in fact work reliably.

Now for the details:

1. The IA-NA fix (in dhcp6c.conf) ISN'T NEEDED. And that seems correct/logical given what I described in my earlier post. There is absolutely no need for a /128 address on the WAN interface (vlan2).

2. The "spurious default route" fix IS NEEDED. Removing the spurious route is absolutely required. Simply put: there should be only one default route for ::/0 and it should be an fe80::xxx address (negotiated via IPv6 RAs announced from Comcast).

3. Under Basic / IPv6, the WAN checkbox for "Accept RA from" must be checked. This is the only way to ensure that the TomatoUSB router gets a default IPv6 gateway from Comcast (DHCPv6 does not negotiate this; its announced via IPv6 RAs. This greatly differs from classic IPv6 DHCP, for those familiar with it).

4. Under Basic / IPv6, the "Enable Router Advertisements" checkbox is probably required for systems on a LAN which don't have statically configured IPv6 addresses and default IPv6 gateways. This checkbox makes it so that IPv6 RAs (from TomatoUSB to the LAN) are sent across the LAN. It has no bearing on the IPv6 RAs received via WAN from COmcast.

5. For statically-configured IPv6 machines on a LAN (like my FreeBSD box) only, it's very important that for the default gateway you ensure that you use the link-local IPv6 address of the TomatoUSB system (that would be the "Scope:Link" IPv6 address shown for interface br0), and that you use a zone index using the %index syntax as described here:

»en.wikipedia.org/wiki/IP ··· _indices

Without use of the zone index, you cannot do something like "route add -inet6 default fe80::e2cb:4eff:fec0:c4" because the system has no idea what interface (zone index) is associated with the fe80::xxx address. On FreeBSD, without the zone index specifier, you get an error such as "Network unreachable" when trying to add the default route.

In the case of machines which are not statically routed, I imagine that IPv6 RAs (received from the TomatoUSB router across the LAN) should negotiate all of this stuff dynamically. I haven't gotten to that phase yet; I imagine that is the phase/methodology that most of the people on this forum will use, but for my setup I cannot use it at this point in time (has to do with issues/complexities with FreeBSD and what it does when recieving IPv6 RAs). Baby steps!

So, the WAN Up script I'm using now is the following, again, with 100% success (including after a reboot):

#
# Workaround for TomatoUSB bug where a spurious default IPv6 route is
# added for no justified reason, resulting in packets getting forwarded
# effectively to /dev/null.
#
# 1. Temporarily disable accepting IPv6 RAs on the WAN interface.  This
#    will stop the kernel from automatically adding a default IPv6 route
#    when such an RA is received via the WAN.
# 2. Delete ALL default IPv6 routes.  In effect this deletes the spurious
#    IPv6 default route, as well as any default IPv6 routes received via RA.
#    Sadly the "ip" command does not give you a way to differentiate between
#    the two, since the one we truly want to delete lacks "proto kernel".
# 3. Restore honouring IPv6 RAs via the WAN.  Within 60-120 seconds (often
#    within seconds on Comcast) a default IPv6 route should be added by the
#    kernel.  You can use "ip -6 route show default dev `nvram get wan_iface`"
#    to verify; you should have only one route ("default via fe80::xxx ...").
#
# http://www.dslreports.com/forum/r27234575-TomatoUSB-and-Comcast-IPv6-bugs-found
#
echo 0 > /proc/sys/net/ipv6/conf/`nvram get wan_iface`/accept_ra
ip -6 route flush default dev `nvram get wan_iface`
echo 2 > /proc/sys/net/ipv6/conf/`nvram get wan_iface`/accept_ra
 

And before criticising the script ( :-) ) please be sure to read the comments in the script; its written this way for a reason.

For those who have tried/used the IA-NA fix previously mentioned, please replace your WAN Up script with the one above and then reboot the router. (Yes, there is a way to do this without rebooting, but the instructions would be long and I'd rather not explain it. It involves editing /etc/dhcp6c.conf to remove the ia-na bit, restarting dhcp6c with its previous arguments, then running the above WAN Up script by hand)

NathanO
join:2008-08-21
Seattle, WA

NathanO

Member

Can you post your ifconfig output?

koitsu
MVM
join:2002-07-16
Mountain View, CA
Humax BGW320-500

koitsu

MVM

said by NathanO:

Can you post your ifconfig output?

For which box? The TomatoUSB router or my FreeBSD system?

NathanO
join:2008-08-21
Seattle, WA

NathanO

Member

TomatoUSB If you don't mind.

koitsu
MVM
join:2002-07-16
Mountain View, CA
Humax BGW320-500

2 edits

1 recommendation

koitsu

MVM

root@gw:/tmp/home/root# ifconfig
br0        Link encap:Ethernet  HWaddr E0:CB:4E:C0:00:C4
           inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
           inet6 addr: 2601:9:4600:4f:e2cb:4eff:fec0:c4/64 Scope:Global
           inet6 addr: fe80::e2cb:4eff:fec0:c4/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:45925 errors:0 dropped:0 overruns:0 frame:0
           TX packets:47375 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:3860081 (3.6 MiB)  TX bytes:11130952 (10.6 MiB)
 
eth0       Link encap:Ethernet  HWaddr E0:CB:4E:C0:00:C4
           inet6 addr: fe80::e2cb:4eff:fec0:c4/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:181168 errors:0 dropped:0 overruns:0 frame:0
           TX packets:92179 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:21808810 (20.7 MiB)  TX bytes:15741818 (15.0 MiB)
           Interrupt:4 Base address:0x2000
 
eth1       Link encap:Ethernet  HWaddr E0:CB:4E:C0:00:C6
           inet6 addr: fe80::e2cb:4eff:fec0:c6/64 Scope:Link
           UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
           RX packets:15 errors:0 dropped:0 overruns:0 frame:438284
           TX packets:640 errors:9 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:2846 (2.7 KiB)  TX bytes:272035 (265.6 KiB)
           Interrupt:3 Base address:0x1000
 
lo         Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           inet6 addr: ::1/128 Scope:Host
           UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
           RX packets:10 errors:0 dropped:0 overruns:0 frame:0
           TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:1330 (1.2 KiB)  TX bytes:1330 (1.2 KiB)
 
vlan1      Link encap:Ethernet  HWaddr E0:CB:4E:C0:00:C4
           inet6 addr: fe80::e2cb:4eff:fec0:c4/64 Scope:Link
           UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
           RX packets:45918 errors:0 dropped:0 overruns:0 frame:0
           TX packets:47392 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:4043263 (3.8 MiB)  TX bytes:11323312 (10.7 MiB)
 
vlan2      Link encap:Ethernet  HWaddr E0:CB:4E:C0:00:C5
           inet addr:67.180.84.87  Bcast:67.180.87.255  Mask:255.255.252.0
           inet6 addr: fe80::e2cb:4eff:fec0:c5/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:135247 errors:0 dropped:0 overruns:0 frame:0
           TX packets:44781 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:14504373 (13.8 MiB)  TX bytes:4417878 (4.2 MiB)
 

Important bits:

1. Comcast via DHCPv6 delegates to me 2601:9:4600:4f::/64. This will certainly vary per person.

2. My br0 interface (WiFi+LAN) has the IPv6 address 2601:9:4600:4f:e2cb:4eff:fec0:c4. This is part of the delegation from Comcast (hard to explain; the last 64 bits are a combination of the interface MAC address -- rather not get into it).

3. Be sure when reading the IPv6 addresses that you take note of the Scope:Global and Scope:Link specifiers. Global what comes from Comcast (effectively), and Link is the local-link address (self-generated).

And just to add further clarification: my FreeBSD box has IPv6 address 2601:9:4600:4f:230:48ff:fed2:22d0 (prefix length 64 too), and as you can see, that also falls within 2601:9:4600:4f::/64 which is delegated by Comcast.

It's actually classic/simple subnetting, just with two octets (16 bits) per section (0-65535, or 0 to ffff) and a colon delimiter, rather than a single octet (8 bits per section, or 0-255) and a dot/period delimiter like IPv4.

SLC 96
join:2005-04-03
Chicago, IL

SLC 96 to koitsu

Member

to koitsu
Thank you for all of your hard work koitsu!! This morning I updated my router to Toastman's latest build and added your script to the WAN UP section, IPv6 worked perfectly right away! Thank you again!

I was afraid I would need to go out and buy an AirPort Extreme if the community couldn't get this working. You were sure to keep everyone on the same page while bringing multiple communities together to help. Not to mention you did loads of investigative work yourself and wrote the fix.

I am looking forward to the release of an updated firmware with both the fix and other IPv6 enhancements you and the community suggest baked in.