# no IPv6 Routers available

## hujuice

I'm a bit confused, maybe because I'm an IPv6 newbie  :Confused: 

I've from a couple of days an IPv6 able ISP at home.

The router (a stupid Technicolor TG789vac v2 with a stupid web UI) is configured to have DHCPv4 disabled (I run my own elsewhere with dnsmasq) and

```
IPv6 State: disabled (I cannot manage it)

Advertising prefix: xxxx:xxxx:xxxx:xxxx::/64 (I obviously cannot manage it)

Stateless Address Autoconfiguration: disabled (I cannot manage it)

Use Stateless DHCPv6 Server: enabled (but I can disable it)
```

I did the homework: CONFIG_IPV6=m, USE="ipv6" and dhcpcd default configuration enabled in /etc/conf.d/net.eth0.

My first attempt has been in my laptop and everything goes fine: I've an IPv6 2001::/64 address and I can ping it from the Internet. Here is the dhcpcd log:

```
Jan 20 14:26:06 lap dhcpcd[26579]: eth0: waiting for carrier

Jan 20 14:26:09 lap dhcpcd[26579]: eth0: carrier acquired

Jan 20 14:26:09 lap dhcpcd[26579]: eth0: adding address fe80::6815:7ade:5fcb:177c

Jan 20 14:26:10 lap dhcpcd[26579]: DUID 00:01:00:01:1f:f9:32:08:00:23:8b:5d:7a:fb

Jan 20 14:26:10 lap dhcpcd[26579]: eth0: IAID 8b:5d:7a:fb

Jan 20 14:26:10 lap dhcpcd[26579]: eth0: soliciting an IPv6 router

Jan 20 14:26:10 lap dhcpcd[26579]: eth0: rebinding lease of 192.168.0.11

Jan 20 14:26:14 lap dhcpcd[26579]: eth0: probing address 192.168.0.11/24

Jan 20 14:26:16 lap dhcpcd[26579]: eth0: Router Advertisement from fe80::e2b9:e5ff:fea8:5588

Jan 20 14:26:16 lap dhcpcd[26579]: eth0: adding address 2001:b07:a13:5536:xxxx:xxxx:xxxx:xxxx/64

Jan 20 14:26:16 lap dhcpcd[26579]: eth0: adding route to 2001:b07:a13:5536::/64

Jan 20 14:26:16 lap dhcpcd[26579]: eth0: adding default route via fe80::e2b9:e5ff:fea8:5588

Jan 20 14:26:16 lap dhcpcd[26579]: eth0: requesting DHCPv6 information

Jan 20 14:26:20 lap dhcpcd[26579]: eth0: leased 192.168.0.11 for infinity

Jan 20 14:26:20 lap dhcpcd[26579]: eth0: adding route to 192.168.0.0/24

Jan 20 14:26:20 lap dhcpcd[26579]: eth0: adding default route via 192.168.0.254

Jan 20 14:26:20 lap dhcpcd[26579]: forked to background, child pid 26770
```

(The IPv6 address could be some kind of tunneling, not managed by me: https://en.wikipedia.org/wiki/Teredo_tunneling#IPv6_addressing)

My second attempt (my desktop, same homework) has failed. I've the link local address only (fe80:: ) but the router advertising doesn't work:

```
Jan 20 14:26:38 box dhcpcd[22627]: eth0: adding address fe80::62a4:4cff:fe58:696d

Jan 20 14:26:38 box dhcpcd[22627]: eth0: waiting for carrier

Jan 20 14:26:44 box dhcpcd[22627]: eth0: carrier acquired

Jan 20 14:26:44 box dhcpcd[22627]: DUID 00:01:00:01:20:12:72:80:60:a4:4c:58:69:6d

Jan 20 14:26:44 box dhcpcd[22627]: eth0: IAID 4c:58:69:6d

Jan 20 14:26:45 box dhcpcd[22627]: eth0: rebinding lease of 192.168.0.10

Jan 20 14:26:45 box dhcpcd[22627]: eth0: soliciting an IPv6 router

Jan 20 14:26:49 box dhcpcd[22627]: eth0: probing address 192.168.0.10/24

Jan 20 14:26:54 box dhcpcd[22627]: eth0: leased 192.168.0.10 for infinity

Jan 20 14:26:54 box dhcpcd[22627]: eth0: adding route to 192.168.0.0/24

Jan 20 14:26:54 box dhcpcd[22627]: eth0: adding default route via 192.168.0.254

Jan 20 14:26:54 box dhcpcd[22627]: forked to background, child pid 22814

Jan 20 14:26:58 box dhcpcd[22814]: eth0: no IPv6 Routers available
```

In this failed attempt, I can lsmod the ipv6 module and if I cat /proc/sys/net/ipv6/conf/*/* I obtain the same output in both machines.

I noticed that while /proc/sys/net/ipv6/conf/all/accept_ra is 1, /proc/sys/net/ipv6/conf/eth0/accept_ra is 0. This value is the same in the working laptop.

Trying to force it to 1 has no result and the value is set back to 0 when I restart the interface.

What else? Where am I wrong? What do I omit?

Which part of the knowledge should I cover to look for an error?

Thanks to everybody that can help.

HUjuice

----------

## gordonp

Hi, hujuice:

I have been using IPv6 for a while, and I have forgotten many of the struggles I went through... I may be forgetting stuff and therefore not so helpful, but I'll try:

First - it sounds like you've probably got a good foundation, if your laptop is working.  When your laptop can ping and be pinged, are you going through your switch?  I think you need to know that all your basic networking equipment is working OK with IPv6.  You might even swap switch-ports between your laptop and desktop, to ensure that all your hardware is solid, and the problem does not lie within even your cables!

Second:  The real problem you seem to have is that your desktop isn't automagically working with IPv6.  So, I wonder if you can *manually* add an IPv6 address to your desktop machine?  I use a mix of SLAAC and manually-assigned addresses, and the relevant sort of config from /etc/conf.d/net:

```
config_eth0="192.168.0.zyx/24

 2001:aaa:bbbb:cc::zyx/64"
```

Obviously, you'll choose an address within your assigned /64.  What I'd like to have you try:

-run 'ifconfig' and verify that you have your expected IPv6 address.

-ping the laptop.  Use the laptop to ping your desktop

-ping something outside; I tend to beat on ipv6.google.com quite a bit  :Smile: 

Once you are certain that your desktop is actually, provably IPv6-able, then you can begin to look into the Router Announcement stuff.  And, I don't think I did anything special, but I see that my machines *do* have:

```
/proc/sys/net/ipv6/conf/eth0/accept_ra contains 1
```

HTH!

----------

## gordonp

Oh, I just had another idea:  Firewalls!

On your laptop, can you look at:

ip6tables -L -n

...and see how it looks on your desktop with the same command? 

You could try "allow everything", just for testing:

```
# ip6tables -L -n

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination  
```

And later tighten it up to include something along the lines:

```
#   (Applies to packets entering our network interface from the network, 

#   and addressed to this host.)

$IP6TABLES -A INPUT -m conntrack --ctstate INVALID -j DROP 

$IP6TABLES -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 

# IMPORTANT ICMP

$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type router-advertisement -j ACCEPT

$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type router-solicitation -j ACCEPT

$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type neighbour-advertisement -j ACCEPT

$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type neighbour-solicitation -j ACCEPT

# we will permit ping, but rate-limit type 8 to prevent DoS-attack

$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type destination-unreachable -j ACCEPT

$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type packet-too-big -j ACCEPT

$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type time-exceeded -j ACCEPT

$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type parameter-problem -j ACCEPT

$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type echo-request --match limit --limit 30/minute -j ACCEPT

$IP6TABLES -A INPUT -p ipv6-icmp --icmpv6-type echo-reply -j ACCEPT

```

----------

## hujuice

 *gordonp wrote:*   

> Hi, hujuice:
> 
> I have been using IPv6 for a while, and I have forgotten many of the struggles I went through... I may be forgetting stuff and therefore not so helpful, but I'll try:
> 
> First - it sounds like you've probably got a good foundation, if your laptop is working.  When your laptop can ping and be pinged, are you going through your switch?  I think you need to know that all your basic networking equipment is working OK with IPv6.  You might even swap switch-ports between your laptop and desktop, to ensure that all your hardware is solid, and the problem does not lie within even your cables!
> ...

 

Thank you for your answer, gordonp.

I tried to swap the switch ports, with no result.

iptables and the netfilter kernel modules collection are not in my desktop.

I can try to manually set the desktop IPv6 address. I built the address in the SLAAC hardware way (the end of the page, here: http://www.ciscopress.com/articles/article.asp?p=2154680).

As result, I can ping6 the laptop, in the same /64 subnet. But what about the default gateway?

The laptop has the scope link IPv6 address of the modem as default IPv6 gateway. So

```
2001:b07:2ec:c38::/64 dev eth0  proto kernel  metric 2  mtu 1472 pref medium

fe80::/64 dev eth0  proto kernel  metric 256  pref medium

default via fe80::e2b9:e5ff:fea8:5588 dev eth0  metric 2  mtu 1472 pref medium
```

(fe80::e2b9:e5ff:fea8:5588 is the scope link of the modem, I can see it in the modem administration UI)

I can try to manually do the same in the desktop, but it doesn't still work.

```
PING google.com(mil04s28-in-x0e.1e100.net) 56 data bytes

--- google.com ping statistics ---

2 packets transmitted, 0 received, 100% packet loss, time 999ms
```

The ping6 hangs as if the response could not reach back my machine, as if the router - not aware of my manual configuration - refuses the unrecognised destination.

That's not the end of the story.

I've a third computer. Yet another different story.

The third computer (another desktop in front of the sofa), same network configuration, acquire via DHCPv6 an apparently good IPv6 address, but I'm unable to ping6 externally. The route is assigned:

```
2001:b07:2ec:c38::/64 dev eth0  proto kernel  metric 256  expires 24692sec mtu 1472 pref medium

fe80::/64 dev eth0  proto kernel  metric 256  mtu 1472 pref medium

default via fe80::e2b9:e5ff:fea8:5588 dev eth0  proto ra  metric 1024  expires 1741sec mtu 1472 hoplimit 64 pref medium
```

but this route (note that the parameters are different) doesn't make its job.

iptables and netfilter are absent here too.

What's funny is that this time:

```
net.ipv6.conf.eth0.accept_ra = 1
```

Really a jam, for me. I'm normally a neat guy managing my systems. I don't believe that the differences could be caused by some fuzzy configurations.

I absolutely need a better knowledge, but I really don't know where to look for.

Regards,

HUjuice

----------

## Ant P.

accept_ra is 0 because you're running dhcpcd which disables it.

----------

## ChrisJumper

Take a look at:

```
[I] net-misc/radvd

     Verfügbare Versionen:   1.9.8 2.13 2.14 ~2.15 ~2.15-r1 {selinux test KERNEL="FreeBSD"}

     Installierte Versionen: 2.14(22:49:41 30.09.2016)(-selinux -test KERNEL="-FreeBSD")

     Startseite:             http://v6web.litech.org/radvd/

     Beschreibung:           Linux IPv6 Router Advertisement Daemon

```

And the route -6 command.

Edit: So i am back now, with more time. Your /64 Address do not allow you to assign different sub networks. But like a Wireless LAN or a normal Computer with a switch Network, you do not need that.

The best part is that, if your network operate normally you do not need to specify a route. Because ipv6 have more automatism in its self organizations.

Cant you just enable ipv6 in your ISPs router? The normal configuration is, that on that your ISP-router run the Router Advertisment Daemon (radvd).

Edit2:  *Quote:*   

> The laptop has the scope link IPv6 address of the modem as default IPv6 gateway. So
> 
> ```
> 2001:b07:2ec:c38::/64 dev eth0  proto kernel  metric 2  mtu 1472 pref medium
> 
> ...

 

The fe80 addresses are special, if you use them you have add the Name of your Network Interface Card (NIC), which is connected to that Interface. For example, if your Laptop is connected over the eth3 Network Interface Card, with a switch and the switch with the modem. You can ping that modem from your Laptop by using:

```
ping6 fe80::e2b9:e5ff:fea8:5588%eth3
```

I am just a little bit confused that your Laptop got a working route and your desktop doesn't. Maybe your Laptop using different settings for WLAN, or your WLAN Router handle the Router advertisement by itself for Wireless connections?

The fe80 Addresses did not work like normal IP Addresses, they are just for the neighbour solication and its not design to speak with a neighbours neighbour or neighbours neighbours neighbour.

And for example, you see that the fe80 address is "bind" to the Hardware Mac Adress. Your WIFI Laptop use another NIC on the Router as gateway then your Routers 1GB-LAN Port, for example. And then this address is not reachable from your wired LAN Network.

----------

## hujuice

I resolved, but this is conceptually unresolved for me.

My suspect started when I added the netfilter support to my kernel, obtaining... a panic!

So, I threw away my kernel configuration and completely started a new config. That has been enough to have IPv6 based on RA happily running.

It is difficult for me to understand the reasons.

I also removed many virtualization and cgroups and vlan and bridging features, so the diff has become more than 1000 lines.

Sure, my knowledge and my understanding are always the same, when I configure a new kernel from scratch.

Also, the kernel panic caused by the netfilter support is difficult to explain. I can explain a failure, not a panic.

So, I can only suppose that some kind of dependency corruption has been generated after years of 'make oldconfig' operations.

Or what else?

The problem, anyway, was caused by my kernel.

Regards,

HUjuice

----------

