search

outime / ipv6-dhclient-script

IPv6 w/ dhclient configuration script (Debian/RedHat-based distros)
MIT License
67 stars 29 forks source link

Debian 9 Support #7

Closed joel0 closed 3 years ago

joel0 commented 6 years ago

Something is broken about the dhclient configuration for Debian 9 (Stretch). The files look fine, but I never get the configured IPv6 address. When I run the dhclient command (with the arguments in pre-up) in the console, it never exits and says RTNETLINK answers: Invalid argument.

(Link local IPv6 exists.)

outime commented 6 years ago

Thanks for the bug report @joel0. I can’t follow-up at the moment because I don’t have any spare machine available. What kind of service (vps/dedicated) are you using? Also, do you think you can lend it to me (my nickname @gmail.com) for a few hours let’s say tomorrow, along with IPv6 details? If you can’t, I’d try to get one myself but it can take more time.

joel0 commented 6 years ago

It's a dedicated server I have. I would be willing to give you access sometime. This week is my university's finals week, so I may not have time until later. I have also contacted Online's support and they started working on the issue before I opened this issue. If Online gives details, I'll report back with my findings.

outime commented 6 years ago

Thanks for providing the access! I was able to bring the interface up with IPv6 active, but not with the script alone. The initial process went like this:

root@dedicated:~/ipv6-dhclient-script# ./ipv6-dhclient-script.sh
WARNING: Network will restart at the end of this script so any existing connections will be dropped!
Interface where IPv6 will be enabled: enp0s20
You have the following IPv6 addreses configured for enp0s20:
(redacted)
Continue? [Y/n]: Y
Your IPv6 block address (e.g. 2001:bb8:3e23:200::): (redacted)
Subnet for your block (e.g. if it's /56, input 56): 48
Associated DUID (e.g. 00:03:00:00:34:b0:0c:47:4a:0e): (redacted)
Working...
net.ipv6.conf.enp0s20.autoconf = 0
Killed old client process
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/enp0s20/00:07:cb:0b:5c:b1
Sending on   LPF/enp0s20/00:07:cb:0b:5c:b1
Sending on   Socket/fallback
DHCPRELEASE on enp0s20 to 62.210.17.22 port 67
RTNETLINK answers: Cannot assign requested address
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/enp0s20/00:07:cb:0b:5c:b1
Sending on   LPF/enp0s20/00:07:cb:0b:5c:b1
Sending on   Socket/fallback
DHCPDISCOVER on enp0s20 to 255.255.255.255 port 67 interval 5
DHCPREQUEST of 163.172.83.128 on enp0s20 to 255.255.255.255 port 67
DHCPOFFER of 163.172.83.128 from 163.172.83.1
DHCPACK of 163.172.83.128 from 163.172.83.1
bound to 163.172.83.128 -- renewal in 2147483648 seconds.
ifup: failed to bring up enp0s20
Testing IPv6 connectivity...
connect: Network is unreachable
Something went wrong :(

If we try to do what the script does (ifdown enp0s20 && ifup enp0s20) we stumble upon the same issue:

Killed old client process
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/enp0s20/00:07:cb:0b:5c:b1
Sending on   LPF/enp0s20/00:07:cb:0b:5c:b1
Sending on   Socket/fallback
DHCPRELEASE on enp0s20 to 62.210.17.22 port 67
Killed old client process
RTNETLINK answers: Cannot assign requested address
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/enp0s20/00:07:cb:0b:5c:b1
Sending on   LPF/enp0s20/00:07:cb:0b:5c:b1
Sending on   Socket/fallback
DHCPDISCOVER on enp0s20 to 255.255.255.255 port 67 interval 7
DHCPREQUEST of 163.172.83.128 on enp0s20 to 255.255.255.255 port 67
DHCPOFFER of 163.172.83.128 from 163.172.83.1
DHCPACK of 163.172.83.128 from 163.172.83.1
bound to 163.172.83.128 -- renewal in 2147483648 seconds.
ifup: failed to bring up enp0s20

If you just type ifup enp0s20 after the script fails, then it works:

root@dedicated:/home/user# ifup enp0s20
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/enp0s20/00:07:cb:0b:5c:b1
Sending on   LPF/enp0s20/00:07:cb:0b:5c:b1
Sending on   Socket/fallback
DHCPREQUEST of 163.172.83.128 on enp0s20 to 255.255.255.255 port 67
DHCPACK of 163.172.83.128 from 163.172.83.1
RTNETLINK answers: File exists
bound to 163.172.83.128 -- renewal in 2147483648 seconds.
Waiting for DAD... Done

IPv6 connectivity will persist after reboot. So I'd need to adapt the script to restart the interface in some other way (service networking restart?) or perhaps just suggest a reboot, which would make it work as well.

So as a workaround for you, just run the script on a fresh install again and reboot - it should be fine then.

joel0 commented 6 years ago

I think I got the script to work. On the pre-up command, append & to run dhclient in the background, then add on the next line pre-up sleep 5 (just a guess for the number, other times may work). I do not know if this is a "correct" way to solve the problem, so I will not make a pull request, unless I get feedback that it's a good way to do it.

joel0 commented 6 years ago

I'm not confident in that fix I described with sleep. The IPv6 connectivity was lost some hours later. ip addr still listed the address, but there was no connectivity.

outime commented 6 years ago

@joel0 it's difficult for me to troubleshoot as I don't have my old dedicated server anymore as Online deprecated it. I tried to replicate this scenario with their Scaleway offering but with VPS you don't need to set up IPv6 as it comes configured already.

If you reboot/re-enable the interface, do you get connectivity? If not, could you please try this https://documentation.online.net/en/dedicated-server/network/ipv6/prefix#traffic_limitation_of_your_client, wait for some time and report back if it worked?

outime commented 6 years ago

In fact I'll include those lines in the script. Better safe than sorry...

Edit: I've added that and some other minor fixes seen on this issue. Try it out if you can and let me know how it goes.

chmduquesne commented 6 years ago

Hi there,

I am having similar issues on https://serverfault.com/questions/905758/networking-service-timeouts-every-second-restart

@joel0 Could you maybe let us know what online.net reported to you? How did you contact them? I have been trying to make ipv6 work on my server and I thought I had a working config, and I am a bit stuck...

joel0 commented 6 years ago

@chmduquesne Online.net worked on it for a while an came up with the conclusion of "nothing is broken". I haven't taken the time to press further, as it is still broken. I have it in a state where IPv6 works for about 10 minutes after each reboot, then fails. If I recall correctly, this is due to dhclient not repeatedly sending the advertisement.

I contacted them by creating a ticket from my dedicated server info page on the console. The support request must be on the server, not the IPv6 block.

chmduquesne commented 6 years ago

I solved my issue! This was firewall related:

http://www.iit-training.com/blog/2013/02/ipv6-prefix-delegation-and-firewall-rules

chmduquesne commented 6 years ago

I gave some tips for updating the documentation at online.net. Tech support said they will pass it over. You can look at my serverfault post for a config that (now) works (for me).

chmduquesne commented 6 years ago

Just in case they don't update the doc, here is what I told them:

1 - This needs to be appended directly to the default file /etc/dhcp/dhclient.conf instead of /etc/dhcp/dhclient6.conf

# adapt the interface name enp0s20 to your needs
interface "enp0s20" {
    send dhcp6.client-id DUID;
}

2 - This needs to be included in /etc/network/interfaces

# adapt the interface name enp0s20 to your needs
auto enp0s20
iface enp0s20 inet6 dhcp
  request_prefix 1
  accept_ra 2

3 - For people using a firewall, the following rules need to be added

# only necessary for ip6tables, not for iptables
-A INPUT -p udp --sport 547 --dport 546 -j ACCEPT
-A OUTPUT -p udp --sport 546 --dport 547 -j ACCEPT
chmduquesne commented 6 years ago

With the approach I described, no need to explicitly launch dhclient: just use the iface enp0s20 inet6 dhcp stanza and add the appropriate lines in the default dhclient.conf file, and debian will take care of launching dhclient the right way for you.

It is better that way, because if you also use dhcp on your ipv4 interface, debian makes your v6 dhclient interact nicely with the v4 dhclient process through the option -df /var/lib/dhcp/dhclient.enp0s20.leases. I recommend this approach if you want to avoid troubles/weird behaviors.

chmduquesne commented 6 years ago

Also, no need to modify /etc/sysctl.conf

outime commented 3 years ago

Closing this issue due to inactivity. If you're able to reproduce it still, please provide a full report and if possible a machine where I can play around to figure out how to solve it.