Cannot get IPv6 address in LAN

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Router is in default mode(router, not AP)
2. I have native IPv6 access, which means if I plugged cable directly to my 
computer, I can get IPv6 address automatically, starting with 
2001:250:401:8025:xxxxxxx 
3. Plugged the cable in WAN side, the router can get IPv6 address, but the 
clients in LAN side got only IPv4 address.

What is the expected output? What do you see instead?
Clients got IPv6 address with the same scope of WAN side.

What version of the product are you using? On what operating system?
Router is on RT-N56U_3.4.3.7-075_base.zip 
Computer is Windows 8.1

Please describe the problem as detailed as it's possible.
I use RT-N56U.
When directly connect, computer got useable address, but the gateway is 
fe80::GATEWAY_MAC something like this, and I can get access to IPv6 site. 
"route print" shows "42 36 ::/0 fe80::MAC". Since plugged in directly, default 
gateway can be accessed using fe80 local address.
If I manually set the gateway to 2001:250:401:8025::1, I can also access IPv6 
site.

It seems that the router just got the same as above. As the default gateway is 
fe80 address, the router got confused, and refuse to broadcast to IPv6 
information to LAN side. Both stateful and stateless are tried, nothing worked.
Router itself can ping or access IPv6 site.
If I manually set the address, say router LAN ip is 2001:250:401:8025::1234 and 
use prefix 64. This time LAN clients can get IPv6 address with the right 
format, but cannot transfer data with IPv6 site.
After traceroute, I found it could only communicate with 1234(the LAN IP), but 
not Gateway. So router just got two sides of IPv6 and these two cannot 
communicate with each other.

When I want IPv6 using my OpenWRT router, I just bridge the wan and lan, and 
set ebtables to drop all !ipv6 packets. I tried to use the same method with 
N56U, but ebtables has no chain named "broute".

From my understanding, NAT is for IPv4 not IPv6, so how the router finished the 
job that make the transfer below?
LAN(clients)----------(LANIP)N56U(WANIP)----------ISP(GATEWAY)
Packet 1: From client, to ipv6.google.com, nexthop GATEWAY. Result: cannot send 
to GATEWAY
Packet 2: From client, to LANIP, nexthop none. Result: sent, since in the same 
net.
Packet 3: From WANIP, to ipv6.google.com, nexthop GATEWAY. Result: sent.
Packet 4: From client, to WANIP, nexthop none. Result:Destination host 
unreachable.

Original issue reported on code.google.com by DOSSTO...@gmail.com on 30 Jul 2014 at 4:41

[GoogleCodeExporter]

And syslog related to dnsmasq is:

Jul 30 12:45:17 dnsmasq[396]: started, version 2.68 cachesize 1000
Jul 30 12:45:17 dnsmasq[396]: compile time options: IPv6 GNU-getopt no-RTC 
no-DBus no-i18n no-IDN DHCP DHCPv6 no-scripts TFTP no-conntrack no-ipset no-auth
Jul 30 12:45:17 dnsmasq-dhcp[396]: DHCP, IP range 192.168.1.100 -- 
192.168.1.250, lease time 1d
Jul 30 12:45:17 dnsmasq-dhcp[396]: DHCPv6, static leases only on ::, lease time 
10m
Jul 30 12:45:17 dnsmasq-dhcp[396]: DHCP, sockets bound exclusively to interface 
br0
Jul 30 12:45:17 dnsmasq[396]: read /etc/hosts - 4 addresses
Jul 30 12:45:17 dnsmasq[396]: read /etc/storage/dnsmasq/hosts - 0 addresses
Jul 30 12:45:18 kernel: Ralink HW NAT v2.50.7 Module Enabled, ASIC: RT3883, 
REV: 0105, FoE Size: 16384
Jul 30 12:45:18 RT-N56U: Hardware NAT/Routing: Enabled, IPoE/PPPoE offload 
[WAN]<->[LAN/WLAN]
Jul 30 12:45:18 RT-N56U: Hardware NAT/Routing: IPv4 UDP flow offload - OFF
Jul 30 12:45:18 RT-N56U: Hardware NAT/Routing: IPv6 routes offload - OFF
Jul 30 12:45:18 kernel: eth3: ===> VirtualIF_open
Jul 30 12:45:18 dnsmasq[396]: read /etc/hosts - 4 addresses
Jul 30 12:45:18 dnsmasq[396]: read /etc/storage/dnsmasq/hosts - 0 addresses
Jul 30 12:45:18 dnsmasq[396]: using nameserver 2001:470:20::2#53
Jul 30 12:45:18 dnsmasq[396]: using nameserver 8.8.8.8#53
Jul 30 12:45:18 DHCP WAN Client: starting on eth3 ...
Jul 30 12:45:19 kernel: br0: port 4(rai1) entering forwarding state
Jul 30 12:45:19 kernel: br0: port 3(rai0) entering forwarding state
Jul 30 12:45:19 kernel: br0: port 2(ra0) entering forwarding state
Jul 30 12:45:19 kernel: br0: port 1(eth2) entering forwarding state
Jul 30 12:45:20 DHCPv6 WAN Client: starting on wan (eth3) ...
Jul 30 12:45:20 dhcp6c[443]: started
Jul 30 12:45:20 DHCP WAN Client: bound (eth3), IP: 192.168.2.11, GW: 
192.168.2.1, lease time: 7200
Jul 30 12:45:20 RT-N56U: WAN up (eth3)
Jul 30 12:45:20 dnsmasq[396]: read /etc/hosts - 4 addresses
Jul 30 12:45:20 dnsmasq[396]: read /etc/storage/dnsmasq/hosts - 0 addresses
Jul 30 12:45:20 dnsmasq[396]: using nameserver 2001:470:20::2#53
Jul 30 12:45:20 dnsmasq[396]: using nameserver 8.8.8.8#53
Jul 30 12:45:21 dropbear[465]: Running in background
Jul 30 12:45:25 kernel: icmpv6_send: no reply to icmp error

Original comment by DOSSTO...@gmail.com on 30 Jul 2014 at 4:51

[GoogleCodeExporter]

The site you use for access is on WAN or LAN side?
There is no NAT in v6 but firewall still required. See ip6tables rules.

Original comment by d...@soulblader.com on 3 Aug 2014 at 7:52

[GoogleCodeExporter]

The site is ipv6.google.com and ftp.ipv6.heanet.ie, both are on WAN side.
and I did not set ip6tables rules, they all keep default, rules are here:

/home/root # ip6tables-save
# Generated by ip6tables-save v1.4.16.3 on Mon Aug  4 10:53:51 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [24:1700]
:OUTPUT ACCEPT [52:6458]
:logaccept - [0:0]
:logdrop - [0:0]
:maclist - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 ! --icmpv6-type 128 -j ACCEPT
-A INPUT -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -s fe80::/10 -j ACCEPT
-A INPUT -d ff00::/8 -j ACCEPT
-A INPUT -p udp -m udp --dport 546 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -p ipv6-icmp -j ACCEPT
-A FORWARD -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " 
--log-tcp-sequence --log-tcp-options --log-ip-options
-A logaccept -j ACCEPT
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence 
--log-tcp-options --log-ip-options
-A logdrop -j DROP
COMMIT
# Completed on Mon Aug  4 10:53:51 2014

Original comment by DOSSTO...@gmail.com on 4 Aug 2014 at 3:16

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Yes, sorry, haven't understood you correctly.
It seems you're trying to set wrong default gateway.

On the router look for WAN address:
# ip -o -f inet6 addr show eth3
xxxx:xxxx:xxxx:xxxx:xxmm:mmmm (m - last 3 octets of eth3 mac address)

look for lan address on the same network:
# ip -o -f inet6 addr show br0
It should be the same, except mac address part (br0 mac address). This address 
should set it as a default gateway on local machine.

ip address on local machine should be the same as above, except mac address 
part (interface on local machine)

Original comment by d...@soulblader.com on 4 Aug 2014 at 6:28

[GoogleCodeExporter]

Thanks for the reply, I tried some different configurations, and messed the 
results with configurations.

What I set now is:

IPv6 Connection Type: Native DHCPv6 

WAN Connection Type: IPoE: Automatic IP 

Get WAN IPv6 Address From Source: Stateless: Router Advertisement

Get DNSv6 Servers Automatically? Yes

Get LAN IPv6 Address via DHCPv6 (IA-PD)? Yes

Enable LAN Router Advertisement? Yes 

Enable LAN DHCPv6 Server (Stateless only)? Yes

and the ip commands is:

/home/root # ip -o -f inet6 addr show eth3
3: eth3    inet6 2001:250:401:8025:4216:7eff:feMM:MMMM/64 scope global dynamic 
\       valid_lft 2591858sec preferred_lft 604658sec
3: eth3    inet6 fe80::4216:7eff:feMM:MMMM/64 scope link \       valid_lft 
forever preferred_lft forever
/home/root # ip -o -f inet6 addr show br0
7: br0    inet6 fe80::4216:7eff:feMM:MMMM/64 scope link \       valid_lft 
forever preferred_lft forever

What local machine get its address is:
Link-local IPv6 Address . . . . . : fe80::dcc0:e21e:1452:952b%42

Which is the br0(LAN side) cannot get the same prefix like eth3(WAN side). 
Something like my ISP doesn't support Prefix Delegation, if I disabled IA-PD, I 
have to manually set the address, but the router seems confused with the same 
prefix.  

Original comment by DOSSTO...@gmail.com on 5 Aug 2014 at 3:00

[GoogleCodeExporter]

Not quite correct...
Local machine doesn't get an address: fe80::dcc0:e21e:1452:952b%42, but it set 
it itself. 
(http://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-re
gistry.xhtml#iana-ipv6-special-registry-1). It is required by protocol for 
neighborhood discovery etc..

It seems there should be at least another address on br0 scope global. And then 
on local machine from the same network.
A default route on local machine can be fe80::4216:7eff:feMM:MMMM%42 (not sure 
about zone indices in Windows)

Original comment by d...@soulblader.com on 5 Aug 2014 at 7:35

[GoogleCodeExporter]

Thanks for the reply.
I contacted my network provider, they said the network use SLAAC, GATEWAY have 
a /64 scope, and use RA to announce the /64prefix, after combining self 
generated remaining 64bit address, WAN got its IPv6 address.

Also, I asked some people that also use this network, the solution they have is 
either bridge WAN+LAN and ebtables filter IPv6 traffic, or use packages that 
have NDP. ebtables seems not a good choice since I haven't found broute 
chain... I'll download ndppd package and have a look.

Original comment by DOSSTO...@gmail.com on 6 Aug 2014 at 1:13

[GoogleCodeExporter]

Tried wide-dhcpv6 packages, isc-dhcp-relay-ipv6, none of them seems working(LAN 
got nothing)
isc-dhcp-relay-ipv6 always report I need one lower and one upper stream even if 
I give it through commandline options.

ndppd, is working in someway, I have to first set static to my
WAN: PREFIX:1/96
GW: PREFIX::1
and set LAN: PREFIX:4321::1/64, enable RA, but not DHCPv6 Server.
and start ndppd.

The disadvantage is obvious: anyone with LAN prefix that on WAN side is 
inaccessible, anyone with WAN prefix but in LAN side is also inaccessible. And, 
the gateway of LAN's clients should be set to PREFIX:4321::1 not PREFIX::1

reference is : 
http://blog.asxzy.net/blog/2011/12/23/three-ways-to-make-ipv6-gateway-openwrt/ 
(in Chinese)

BTW, is that possible to intergrate ndppd when compile the firmware, or if I 
want to add some softwares in firmware, which files should I change?

Original comment by DOSSTO...@gmail.com on 9 Aug 2014 at 4:06

[GoogleCodeExporter]

Issue 1315 has been merged into this issue.

Original comment by d...@soulblader.com on 17 Aug 2014 at 11:49