Setting up Debian-based Router with Comcast: IPv6 [Solved]

Setting up Debian-based Router with Comcast: IPv6 [Solved]

Postby takenji1989 » 2019-11-15 02:18

Hello everybody,

I've been having a bear of a time trying to get my Debian Buster-based router to operate with Comcast's native IPv6 configuration. I'm not looking for prefix delegation, just a public address and a default gateway. I'm using the ISC DHCP client for both v4 and v6 since it's generally worked for me other than this.

I've tried two approaches, with eth-external being the name I configured for the interface in udev.

Code: Select all
iface eth-external inet6 dhcp

This gets me an IPv6 address just fine, but no route whatsoever unless I manually configure it. I see the router advertisements coming in when running tcpdump, but the kernel just disregards them.

Code: Select all
iface eth-external inet6 auto
    dhcp 1
    request_prefix 1

This usually gets me a /64 prefix and a route, but not an IPv6 address.

The usual sysctl suspects don't reveal anything significant:

Code: Select all
# sysctl -a | grep -i 'eth-external.*ra'
net.ipv4.conf.eth-external.drop_gratuitous_arp = 0
net.ipv4.neigh.eth-external.retrans_time_ms = 1000
net.ipv6.conf.eth-external.accept_ra = 2
net.ipv6.conf.eth-external.accept_ra_defrtr = 1
net.ipv6.conf.eth-external.accept_ra_from_local = 0
net.ipv6.conf.eth-external.accept_ra_min_hop_limit = 1
net.ipv6.conf.eth-external.accept_ra_mtu = 1
net.ipv6.conf.eth-external.accept_ra_pinfo = 1
net.ipv6.conf.eth-external.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.eth-external.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.eth-external.accept_ra_rtr_pref = 1
net.ipv6.conf.eth-external.dad_transmits = 1
net.ipv6.conf.eth-external.suppress_frag_ndisc = 1
net.ipv6.neigh.eth-external.retrans_time_ms = 1000

And no packets are being dropped, as I have rules to allow ICMPv6 and DHCP:

Code: Select all
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -s fe80::/10 -i eth-external -p udp -m udp --sport 546 --dport 547 -j ACCEPT
-A INPUT -s fe80::/10 -i eth-external -p udp -m udp --sport 547 --dport 546 -j ACCEPT

Nothing is logged matching those, and, again, tcpdump shows the RAs coming in.

I've been fighting this for the past few weeks, and nothing I've found when searching online has helped. I've also seen odd cases where I'm able to get both a public IPv6 address and a default gateway, but only on rare occasions.

Does anybody have any suggestions?

Thank you.
Re: Setting up Debian-based Router with Comcast: IPv6

Postby takenji1989 » 2019-11-15 20:28

I ended up cheating by having this setup enable both wide-dhcpv6 for the IP address, and SLAAC for the routing information. It's really odd how the configuration built into the system doesn't allow it.

Code: Select all
auto eth-external
iface eth-external inet dhcp
        pre-up modprobe ipv6
        post-up /etc/init.d/wide-dhcpv6-client start
        pre-down /etc/init.d/wide-dhcpv6-client stop

iface eth-external inet6 auto

Code: Select all
interface eth-external {
  send ia-na 1;
  send rapid-commit;
  script "/etc/wide-dhcpv6/dhcp6c-script";

id-assoc na 1 {

Why in the world does enabling DHCPv6 for the IP address cause the kernel to ignore router advertisements? That's a common use case for IPv6.

EDIT: I solved it by setting the following options listed in the documentation:
  1. accept_ra 2
  2. autoconf 1

Since sysctl showed accept_ra=2 for the relevant interface, I'm guessing autoconf 1 was the ticket. Strange how it's not default, as DHCPv6 requires SLAAC ("autoconf") for route information.
