# [Solved] Visual warning in DHCP boot phase

## 389292

I have this visual warning during boot:

```
ipv6nd_sendrsprobe: Operation not permitted
```

It comes after getting my IP by DHCP, and right before TTY console screen. After doing research I could find that it's probably "Neighbor Discovery Protocol", I tried to find anything in the kernel for that to enable it, but couldn't. Everything works, but the visual warning annoys me. I want to enable what it wants, or disable IPv6 discovery/address mapping in DHCP altogether.Last edited by 389292 on Thu Dec 03, 2020 7:59 pm; edited 3 times in total

----------

## UberLord

What version of dhcpcd do you have installed?

----------

## 389292

I no longer have this message with dhcpcd 9.3.2 and linux 5.9.9, I didn't do anything specific to fix it.

----------

## 389292

Getting this again in 5.9.11, dhcpcd 9.3.3

----------

## dmpogo

As I see this is related to IPv6.  Do you have all necessary support enabled in kernel,  and is ipv6 USE  flag set ?  Also is it functional on your router ?

Am I asking since I have a machine with disabled IPv6, and I am getting in log ipv6 errors from time to time.

----------

## 389292

 *dmpogo wrote:*   

> As I see this is related to IPv6.  Do you have all necessary support enabled in kernel,  and is ipv6 USE  flag set ?  Also is it functional on your router ?

 

I don't know what to enable in the kernel, I mean for this particular message to go away,  ipv6 is enabled in the kernel in general:

```
CONFIG_IPV6=y

# CONFIG_IPV6_ROUTER_PREF is not set

# CONFIG_IPV6_OPTIMISTIC_DAD is not set

# CONFIG_IPV6_MIP6 is not set

# CONFIG_IPV6_ILA is not set

# CONFIG_IPV6_VTI is not set

CONFIG_IPV6_SIT=y

# CONFIG_IPV6_SIT_6RD is not set

CONFIG_IPV6_NDISC_NODETYPE=y

# CONFIG_IPV6_TUNNEL is not set

CONFIG_IPV6_FOU=y

CONFIG_IPV6_MULTIPLE_TABLES=y

# CONFIG_IPV6_SUBTREES is not set

CONFIG_IPV6_MROUTE=y

CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y

# CONFIG_IPV6_PIMSM_V2 is not set

# CONFIG_IPV6_SEG6_LWTUNNEL is not set

# CONFIG_IPV6_SEG6_HMAC is not set

# CONFIG_IPV6_RPL_LWTUNNEL is not set

# CONFIG_NF_SOCKET_IPV6 is not set

# CONFIG_NF_TPROXY_IPV6 is not set

# CONFIG_NF_DUP_IPV6 is not set

CONFIG_NF_REJECT_IPV6=y

# CONFIG_NF_LOG_IPV6 is not set

CONFIG_IP6_NF_MATCH_IPV6HEADER=y

CONFIG_NF_DEFRAG_IPV6=y
```

I don't use ipv6 and router has no support of it, I don't have -ipv6, it is enabled on the desktop profile. I didn't disable it because I was lazy to recompile a lot of things during install to get rid of ipv6 support.

----------

## UberLord

Do you see the error if you do this?

```
pkill dhcpcd

dhcpcd -dB
```

Do Ctrl-C to stop dhcpcd in the terminal.

----------

## 389292

I only get this error if my wireguard VPN is active before I run dhcpcd. I think when I said that the error no longer present it was because I removed 'wg-quick up wg0' from /etc/conf.d/local, so dhcpcd did its thing without wireguard connection being present. Full log:

```
main: control_open: Connection refused

dhcpcd-9.3.3 starting

udev: starting

dev: loaded udev

DUID 00:04:00:00:00:00:00:00:00:00:00:00:*redacted*

lo: ignoring due to interface type and no config

ip_vti0: unsupported interface type 0x300

sit0: unsupported interface type 0x308

enp5s0: executing: /lib/dhcpcd/dhcpcd-run-hooks PREINIT

enp5s0: executing: /lib/dhcpcd/dhcpcd-run-hooks NOCARRIER

enp6s0: executing: /lib/dhcpcd/dhcpcd-run-hooks PREINIT

enp6s0: executing: /lib/dhcpcd/dhcpcd-run-hooks CARRIER

wg0: executing: /lib/dhcpcd/dhcpcd-run-hooks PREINIT

wg0: executing: /lib/dhcpcd/dhcpcd-run-hooks CARRIER

enp5s0: waiting for carrier

enp6s0: IAID *redacted*

enp6s0: delaying IPv6 router solicitation for 0.2 seconds

enp6s0: delaying IPv4 for 0.7 seconds

wg0: IAID 77:67:30:00

wg0: using static address *redacted*/32

wg0: adding IP address *redacted*/32 destination *redacted*

wg0: executing: /lib/dhcpcd/dhcpcd-run-hooks STATIC

wg0: executing: /lib/dhcpcd/dhcpcd-run-hooks STATIC

enp6s0: soliciting an IPv6 router

enp6s0: sending Router Solicitation

ipv6nd_sendrsprobe: Operation not permitted

enp6s0: reading lease: /var/lib/dhcpcd/enp6s0.lease

enp6s0: rebinding lease of 192.168.1.67

enp6s0: ARP announcing 192.168.1.67 (1 of 2), next in 2.0 seconds

enp6s0: sending REQUEST (xid 0x58c2d41e), next in 3.5 seconds

enp6s0: acknowledged 192.168.1.67 from 192.168.1.1

enp6s0: leased 192.168.1.67 for 25200 seconds

enp6s0: renew in 12600 seconds, rebind in 22050 seconds

enp6s0: writing lease: /var/lib/dhcpcd/enp6s0.lease

enp6s0: adding IP address 192.168.1.67/24 broadcast 192.168.1.255

enp6s0: adding route to 192.168.1.0/24

enp6s0: adding default route via 192.168.1.1

enp6s0: ARP announcing 192.168.1.67 (1 of 2), next in 2.0 seconds

enp6s0: executing: /lib/dhcpcd/dhcpcd-run-hooks REBOOT

enp6s0: bound, ignoring 192.168.1.67 from 192.168.1.1

enp6s0: ARP announcing 192.168.1.67 (2 of 2)

enp6s0: sending Router Solicitation

ipv6nd_sendrsprobe: Operation not permitted

enp6s0: sending Router Solicitation

ipv6nd_sendrsprobe: Operation not permitted

enp6s0: sending Router Solicitation

ipv6nd_sendrsprobe: Operation not permitted

enp6s0: no IPv6 Routers available
```

My wiregurad iptables rule:

```
PostUp = iptables -I OUTPUT ! -d 192.168.1.0/24 ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

PreDown = iptables -D OUTPUT ! -d 192.168.1.0/24 ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
```

----------

## 389292

I think I did the autoload of wireguard wrongly, here is the correct way:

Creating soft link:

cd /etc/wireguard

ln -s mullvad-fi2.conf wg0.conf

Autostart wireguard during boot in Gentoo:

cd /etc/local.d/

vim wireguard.start

#!/bin/sh

wg-quick up wg0

vim wireguard.stop

#!/bin/sh

wg-quick down wg0

Making executable:

chmod +x wireguard.start wireguard.stop

If you want for wireguard to start verbosely add this:

        vim /etc/conf.d/local

rc_verbose=yes

Make sure local is in the default run level.

---

One more question, I have two rounds of IP soliciting, is this because of my router?

```
...

dhcpcd-9.3.4 starting

DUID ***

enp6s0: waiting for carrier

enp6s0: carrier acquired

enp6s0: IAID ***

enp6s0: adding address ***

enp6s0: soliciting an IPv6 router

enp6s0: rebinding lease of 192.168.1.67

enp6s0: probing address 192.168.1.67/24

enp6s0: carrier lost

enp6s0: deleting address ***

enp6s0: carrier acquired

enp6s0: IAID ***

enp6s0: adding address ***

enp6s0: soliciting an IPv6 router

enp6s0: rebinding lease of 192.168.1.67

enp6s0: probing address 192.168.1.67/24

enp6s0: leased 192.168.1.67 for 25200 seconds

...
```

----------

## UberLord

```
PostUp = iptables -I OUTPUT ! -d 192.168.1.0/24 ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

PreDown = iptables -D OUTPUT ! -d 192.168.1.0/24 ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
```

I think the error `ipv6nd_sendrsprobe: Operation not permitted` is due to your firewall rejecting IPv6 link local traffic which is always needed.

I'm not an expert on Linux firewalls to help more though.

----------

## UberLord

 *etnull wrote:*   

> One more question, I have two rounds of IP soliciting, is this because of my router?

 

dhcpcd solicits a few times and then stops. It stops early if the router responds quickly.

If you see `no IPv6 Routers available` then there was no response received.

I should probably limit this message to just one time unless debugging though.

----------

## 389292

What's the equivalent of -I OUTPUT ! -d 192.168.1.0/24 for ipv6?

----------

## Hu

Based on a reading of man iptables-extensions, I think -m addrtype --dst-type LOCAL looks promising.  I skimmed kernel sources to try to confirm.  I did not dig far enough to confirm it, but based on what I found along the way, I think this will do the right thing.

----------

