Page MenuHomeVyOS Platform
Create Task
Maniphest T2335

Unable to assign IPv6 from ISP
Closed, ResolvedPublicBUG
Actions

Description

After upgrading to vyos 1.3-rolling-202004180117, IPv6 cannot be allocated from ISP using PPPoE protocol. Although the previous 1.2 also has it, it seems that it has been fixed by you. I once obtained the IPv6 address. However, after upgrading to vyos 1.3-rolling-202004180117, the IPv6 address disappears.

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3-rolling-202004180117
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

jack9603301 created this task.Apr 19 2020, 8:32 AM
jack9603301 updated the task description. (Show Details)
pasik added a subscriber: pasik.Apr 19 2020, 8:35 AM
jack9603301 changed Difficulty level from Easy (less than an hour) to Unknown (require assessment).Apr 19 2020, 8:36 AM
c-po added a subscriber: c-po.EditedApr 19 2020, 9:59 AM

Please share your configuration and where you expect an IPv6 address to pop up

jack9603301 added a comment.Apr 19 2020, 10:06 AM

The configuration is as follows:

firewall {
    all-ping enable
    broadcast-ping enable
    config-trap disable
    ipv6-receive-redirects enable
    ipv6-src-route enable
    ip-src-route enable
    log-martians enable
    name wan {
        default-action drop
        rule 1 {
            action accept
            state {
                established enable
                related enable
            }
        }
    }
    name wan-local {
        default-action drop
        rule 1 {
            action accept
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action accept
            icmp {
                type-name echo-request
            }
            protocol icmp
            state {
                new enable
            }
        }
        rule 3 {
            action drop
            destination {
                port 22
            }
            protocol tcp
            recent {
                count 4
                time 60
            }
            state {
                new enable
            }
        }
        rule 4 {
            action accept
            protocol tcp
            state {
                new enable
            }
        }
    }
    options {
        interface pppoe0 {
            adjust-mss 1452
            adjust-mss6 1280
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    state-policy {
        established {
            action accept
            log {
                enable
            }
        }
        invalid {
            action accept
            log {
                enable
            }
        }
        related {
            action accept
            log {
                enable
            }
        }
    }
    syn-cookies enable
    twa-hazards-protection disable
}
interfaces {
    bridge br1 {
        address 192.168.0.1/24
        address fc00:470:f1cd::1/64
        description "lan 0"
        dhcpv6-options {
            temporary
        }
        ipv6 {
            address {
                autoconf
                eui64 fc00:470:f1cd::/64
            }
            dup-addr-detect-transmits 1
        }
        member {
            interface eth1.1 {
            }
            interface eth2 {
            }
        }
        stp
    }
    bridge br2 {
        address 192.168.101.1/24
        address fc00:470:f1cd:101::1/64
        description "lan 101"
        dhcpv6-options {
            temporary
        }
        ipv6 {
            address {
                autoconf
                eui64 fc00:470:f1cd:101::/64
            }
            dup-addr-detect-transmits 1
        }
        member {
            interface eth0 {
            }
            interface eth1.2 {
            }
            interface eth3 {
            }
            interface eth4 {
            }
        }
        stp
    }
    ethernet eth0 {
        description LAN
        ipv6 {
            address {
            }
            dup-addr-detect-transmits 1
        }
    }
    ethernet eth1 {
        description Trunk
        vif 1 {
            description "vlan 1 of eth1"
        }
        vif 2 {
            description "vlan 2 of eth1"
        }
    }
    ethernet eth2 {
        description LAN
    }
    ethernet eth3 {
        description LAN
    }
    ethernet eth4 {
        description LAN
    }
    ethernet eth5 {
        description WAN
        disable-flow-control
        firewall {
            in {
                name wan
            }
            local {
                name wan-local
            }
        }
    }
    pppoe pppoe0 {
        authentication {
            password ****************
            user user
        }
        default-route auto
        description ISP
        ipv6 {
            enable
        }
        mtu 1492
        source-interface eth5
    }
}
nat {
    nptv6 {
        rule 2 {
            description "IPv6 NPT"
            outbound-interface pppoe0
            source {
                prefix fc00:470:f1cd::/48
            }
            translation {
                prefix 240e:fc:7d:dc27::/64
            }
        }
    }
    source {
        rule 1 {
            description PUBLIC
            log enable
            outbound-interface pppoe0
            protocol all
            source {
                address 0.0.0.0/0
            }
            translation {
                address masquerade
            }
        }
    }
}
protocols {
    static {
        interface-route 0.0.0.0/0 {
            next-hop-interface pppoe0 {
            }
        }
        interface-route6 ::/0 {
            next-hop-interface pppoe0 {
            }
        }
        table 150 {
            interface-route 0.0.0.0/0 {
                next-hop-interface pppoe0 {
                }
            }
            interface-route6 ::/0 {
                next-hop-interface pppoe0 {
                }
            }
        }
    }
}
service {
    dhcp-server {
        shared-network-name pri101 {
            description "DHCP 101"
            subnet 192.168.101.0/24 {
                default-router 192.168.101.1
                dns-server 192.168.0.254
                dns-server 192.168.101.1
                dns-server 192.168.0.1
                lease 86400
                ntp-server 192.168.101.1
                range 0 {
                    start 192.168.101.8
                    stop 192.168.101.254
                }
            }
        }
    }
    dhcpv6-server {
        preference 0
        shared-network-name pri101 {
            subnet fc00:470:f1cd:101::/64 {
                address-range {
                    start fc00:470:f1cd:101::8 {
                        stop fc00:470:f1cd:101:ffff:ffff:ffff:ffff
                    }
                }
                name-server fc00:470:f1cd::ff00
                name-server fc00:470:f1cd::1
                name-server fc00:470:f1cd:101::1
            }
        }
    }
    dns {
        forwarding {
            allow-from 192.168.0.0/16
            allow-from 2001:470:f1cd::/48
            cache-size 1024
            domain pve. {
                server 192.168.0.47
                server 2001:470:f1cd::47
            }
            listen-address 0.0.0.0
            listen-address ::
            name-server 114.114.114.114
            name-server 1.1.1.1
            name-server 1.0.0.1
            name-server 2001:470:f1cd::ff00
            name-server 192.168.0.254
            system
        }
    }
    https {
        virtual-host vhost0 {
            listen-address "*"
            server-name 192.168.0.1
        }
    }
    mdns {
        repeater {
            interface br1
            interface br2
        }
    }
    router-advert {
        interface br1 {
        }
        interface br2 {
        }
    }
    ssh {
        listen-address 0.0.0.0
    }
}
system {
    acceleration {
    }
    config-management {
        commit-revisions 100
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    domain-name router
    host-name vyos
    ip {
        arp {
            table-size 2048
        }
        multipath {
            layer4-hashing
        }
    }
    ipv6 {
        multipath {
            layer4-hashing
        }
        neighbor {
            table-size 2048
        }
        strict-dad
    }
    login {
        user vyos {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
        }
    }
    name-server 192.168.0.1
    ntp {
        allow-clients {
            address 192.168.0.0/16
            address fc00:470:f1cd::/48
        }
        listen-address ::
        listen-address 0.0.0.0
        server 0.centos.pool.ntp.org {
        }
        server 1.centos.pool.ntp.org {
        }
        server 2.centos.pool.ntp.org {
        }
        server 3.centos.pool.ntp.org {
        }
        server ntp.qhjack.cn {
        }
    }
    sysctl {
        custom net.ipv4.conf.all.rp_filter {
            value 0
        }
        custom net.ipv4.conf.default.rp_filter {
            value 0
        }
        custom net.ipv4.conf.eth0.rp_filter {
            value 0
        }
        custom net.ipv6.conf.all.accept_ra {
            value 2
        }
        custom net.ipv6.conf.all.forwarding {
            value 1
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone Asia/Shanghai
}

I hope to get IPv6 address in PPPoE dial-up, which seems to have been fixed in the previous vyos version, and I got the IPv6 address assigned by ISP. However, in the new version, IPv6 cannot be obtained, so I can only get the IPv4 address!

c-po added a comment.Apr 19 2020, 11:05 AM

Can you please post the configuration as show configuration commands from op-mode level? Then it will become easier to reproduce it. Thanks

jack9603301 added a comment.Apr 19 2020, 11:29 AM
set firewall all-ping 'enable'
set firewall broadcast-ping 'enable'
set firewall config-trap 'disable'
set firewall ipv6-receive-redirects 'enable'
set firewall ipv6-src-route 'enable'
set firewall ip-src-route 'enable'
set firewall log-martians 'enable'
set firewall name wan default-action 'drop'
set firewall name wan rule 1 action 'accept'
set firewall name wan rule 1 state established 'enable'
set firewall name wan rule 1 state related 'enable'
set firewall name wan-local default-action 'drop'
set firewall name wan-local rule 1 action 'accept'
set firewall name wan-local rule 1 state established 'enable'
set firewall name wan-local rule 1 state related 'enable'
set firewall name wan-local rule 2 action 'accept'
set firewall name wan-local rule 2 icmp type-name 'echo-request'
set firewall name wan-local rule 2 protocol 'icmp'
set firewall name wan-local rule 2 state new 'enable'
set firewall name wan-local rule 3 action 'drop'
set firewall name wan-local rule 3 destination port '22'
set firewall name wan-local rule 3 protocol 'tcp'
set firewall name wan-local rule 3 recent count '4'
set firewall name wan-local rule 3 recent time '60'
set firewall name wan-local rule 3 state new 'enable'
set firewall name wan-local rule 4 action 'accept'
set firewall name wan-local rule 4 protocol 'tcp'
set firewall name wan-local rule 4 state new 'enable'
set firewall options interface pppoe0 adjust-mss '1452'
set firewall options interface pppoe0 adjust-mss6 '1280'
set firewall receive-redirects 'disable'
set firewall send-redirects 'enable'
set firewall source-validation 'disable'
set firewall state-policy established action 'accept'
set firewall state-policy established log enable
set firewall state-policy invalid action 'accept'
set firewall state-policy invalid log enable
set firewall state-policy related action 'accept'
set firewall state-policy related log enable
set firewall syn-cookies 'enable'
set firewall twa-hazards-protection 'disable'
set interfaces bridge br1 address '192.168.0.1/24'
set interfaces bridge br1 address 'fc00:470:f1cd::1/64'
set interfaces bridge br1 description 'lan 0'
set interfaces bridge br1 dhcpv6-options temporary
set interfaces bridge br1 ipv6 address autoconf
set interfaces bridge br1 ipv6 address eui64 'fc00:470:f1cd::/64'
set interfaces bridge br1 ipv6 dup-addr-detect-transmits '1'
set interfaces bridge br1 member interface eth1.1
set interfaces bridge br1 member interface eth2
set interfaces bridge br1 stp
set interfaces bridge br2 address '192.168.101.1/24'
set interfaces bridge br2 address 'fc00:470:f1cd:101::1/64'
set interfaces bridge br2 description 'lan 101'
set interfaces bridge br2 dhcpv6-options temporary
set interfaces bridge br2 ipv6 address autoconf
set interfaces bridge br2 ipv6 address eui64 'fc00:470:f1cd:101::/64'
set interfaces bridge br2 ipv6 dup-addr-detect-transmits '1'
set interfaces bridge br2 member interface eth0
set interfaces bridge br2 member interface eth1.2
set interfaces bridge br2 member interface eth3
set interfaces bridge br2 member interface eth4
set interfaces bridge br2 stp
set interfaces ethernet eth0 description 'LAN'
set interfaces ethernet eth0 ipv6 address
set interfaces ethernet eth0 ipv6 dup-addr-detect-transmits '1'
set interfaces ethernet eth1 description 'Trunk'
set interfaces ethernet eth1 vif 1 description 'vlan 1 of eth1'
set interfaces ethernet eth1 vif 2 description 'vlan 2 of eth1'
set interfaces ethernet eth2 description 'LAN'
set interfaces ethernet eth3 description 'LAN'
set interfaces ethernet eth4 description 'LAN'
set interfaces ethernet eth5 description 'WAN'
set interfaces ethernet eth5 disable-flow-control
set interfaces ethernet eth5 firewall in name 'wan'
set interfaces ethernet eth5 firewall local name 'wan-local'
set interfaces pppoe pppoe0 authentication password 'password'
set interfaces pppoe pppoe0 authentication user 'username'
set interfaces pppoe pppoe0 default-route 'auto'
set interfaces pppoe pppoe0 description 'ISP'
set interfaces pppoe pppoe0 ipv6 enable
set interfaces pppoe pppoe0 mtu '1492'
set interfaces pppoe pppoe0 source-interface 'eth5'
set nat nptv6 rule 2 description 'IPv6 NPT'
set nat nptv6 rule 2 outbound-interface 'pppoe0'
set nat nptv6 rule 2 source prefix 'fc00:470:f1cd::/48'
set nat nptv6 rule 2 translation prefix '240e:fc:7d:dc27::/64'
set nat source rule 1 description 'PUBLIC'
set nat source rule 1 log 'enable'
set nat source rule 1 outbound-interface 'pppoe0'
set nat source rule 1 protocol 'all'
set nat source rule 1 source address '0.0.0.0/0'
set nat source rule 1 translation address 'masquerade'
set protocols static interface-route 0.0.0.0/0 next-hop-interface pppoe0
set protocols static interface-route6 ::/0 next-hop-interface pppoe0
set protocols static table 150 interface-route 0.0.0.0/0 next-hop-interface pppoe0
set protocols static table 150 interface-route6 ::/0 next-hop-interface pppoe0
set service dhcp-server shared-network-name pri101 description 'DHCP 101'
set service dhcp-server shared-network-name pri101 subnet 192.168.101.0/24 default-router '192.168.101.1'
set service dhcp-server shared-network-name pri101 subnet 192.168.101.0/24 dns-server '192.168.0.254'
set service dhcp-server shared-network-name pri101 subnet 192.168.101.0/24 dns-server '192.168.101.1'
set service dhcp-server shared-network-name pri101 subnet 192.168.101.0/24 dns-server '192.168.0.1'
set service dhcp-server shared-network-name pri101 subnet 192.168.101.0/24 lease '86400'
set service dhcp-server shared-network-name pri101 subnet 192.168.101.0/24 ntp-server '192.168.101.1'
set service dhcp-server shared-network-name pri101 subnet 192.168.101.0/24 range 0 start '192.168.101.8'
set service dhcp-server shared-network-name pri101 subnet 192.168.101.0/24 range 0 stop '192.168.101.254'
set service dhcpv6-server preference '0'
set service dhcpv6-server shared-network-name pri101 subnet fc00:470:f1cd:101::/64 address-range start fc00:470:f1cd:101::8 stop 'fc00:470:f1cd:101:ffff:ffff:ffff:ffff'
set service dhcpv6-server shared-network-name pri101 subnet fc00:470:f1cd:101::/64 name-server 'fc00:470:f1cd::ff00'
set service dhcpv6-server shared-network-name pri101 subnet fc00:470:f1cd:101::/64 name-server 'fc00:470:f1cd::1'
set service dhcpv6-server shared-network-name pri101 subnet fc00:470:f1cd:101::/64 name-server 'fc00:470:f1cd:101::1'
set service dns forwarding allow-from '192.168.0.0/16'
set service dns forwarding allow-from '2001:470:f1cd::/48'
set service dns forwarding cache-size '1024'
set service dns forwarding domain pve. server '192.168.0.47'
set service dns forwarding domain pve. server '2001:470:f1cd::47'
set service dns forwarding listen-address '0.0.0.0'
set service dns forwarding listen-address '::'
set service dns forwarding name-server '114.114.114.114'
set service dns forwarding name-server '1.1.1.1'
set service dns forwarding name-server '1.0.0.1'
set service dns forwarding name-server '2001:470:f1cd::ff00'
set service dns forwarding name-server '192.168.0.254'
set service dns forwarding system
set service https virtual-host vhost0 listen-address '*'
set service https virtual-host vhost0 server-name '192.168.0.1'
set service mdns repeater interface 'br1'
set service mdns repeater interface 'br2'
set service router-advert interface br1
set service router-advert interface br2
set service ssh listen-address '0.0.0.0'
set system acceleration
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
...skipping...
set service dhcpv6-server shared-network-name pri101 subnet fc00:470:f1cd:101::/64 name-server 'fc00:470:f1cd::ff00'
set service dhcpv6-server shared-network-name pri101 subnet fc00:470:f1cd:101::/64 name-server 'fc00:470:f1cd::1'
set service dhcpv6-server shared-network-name pri101 subnet fc00:470:f1cd:101::/64 name-server 'fc00:470:f1cd:101::1'
set service dns forwarding allow-from '192.168.0.0/16'
set service dns forwarding allow-from '2001:470:f1cd::/48'
set service dns forwarding cache-size '1024'
set service dns forwarding domain pve. server '192.168.0.47'
set service dns forwarding domain pve. server '2001:470:f1cd::47'
set service dns forwarding listen-address '0.0.0.0'
set service dns forwarding listen-address '::'
set service dns forwarding name-server '114.114.114.114'
set service dns forwarding name-server '1.1.1.1'
set service dns forwarding name-server '1.0.0.1'
set service dns forwarding name-server '2001:470:f1cd::ff00'
set service dns forwarding name-server '192.168.0.254'
set service dns forwarding system
set service https virtual-host vhost0 listen-address '*'
set service https virtual-host vhost0 server-name '192.168.0.1'
set service mdns repeater interface 'br1'
set service mdns repeater interface 'br2'
set service router-advert interface br1
set service router-advert interface br2
set service ssh listen-address '0.0.0.0'
set system acceleration
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system domain-name 'router'
set system host-name 'vyos'
set system ip arp table-size '2048'
set system ip multipath layer4-hashing
set system ipv6 multipath layer4-hashing
set system ipv6 neighbor table-size '2048'
set system ipv6 strict-dad
set system login user vyos authentication encrypted-password '$6$UaXQViDvJ.Hr$85U/9Q5d/tc9hdtrnntMVgrztOCext..OJCHaJYZUo82GAdD95lchvSjI3vCZJTNte7cIAs87YctYlXODGXAz1'
set system login user vyos authentication plaintext-password ''
set system name-server '192.168.0.1'
set system ntp allow-clients address '192.168.0.0/16'
set system ntp allow-clients address 'fc00:470:f1cd::/48'
set system ntp listen-address '::'
set system ntp listen-address '0.0.0.0'
set system ntp server 0.centos.pool.ntp.org
set system ntp server 1.centos.pool.ntp.org
set system ntp server 2.centos.pool.ntp.org
set system ntp server 3.centos.pool.ntp.org
set system ntp server ntp.qhjack.cn
set system sysctl custom net.ipv4.conf.all.rp_filter value '0'
set system sysctl custom net.ipv4.conf.default.rp_filter value '0'
set system sysctl custom net.ipv4.conf.eth0.rp_filter value '0'
set system sysctl custom net.ipv6.conf.all.accept_ra value '2'
set system sysctl custom net.ipv6.conf.all.forwarding value '1'
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
set system time-zone 'Asia/Shanghai'
c-po claimed this task.Apr 19 2020, 4:01 PM
c-po added a comment.Apr 19 2020, 5:04 PM

My best bet is due to the missing set interfaces pppoe pppoe0 ipv6 address autoconf option.

jack9603301 added a comment.EditedApr 20 2020, 7:11 AM

Thank you, but I think I found a new bug. After executing the following command, I found that PPPoE frequently relinked, and it seems to return to normal after restarting!

set interfaces pppoe pppoe0 ipv6 address autoconf
commit
save
run disconnect interface pppoe0
run connect interface pppoe0
c-po added a comment.Apr 20 2020, 3:26 PM

What do you mean by:

found that PPPoE frequently relinked,

When you issue the configuration command and commit the PPPoE is torn down and re-estabished via systemd - I do not consider this a bug. Can you provide more logs?

jack9603301 added a comment.EditedApr 20 2020, 4:47 PM

If I execute the above command, it seems that IPv6 settings can't really take effect, and the PPPoE link will be broken every ten seconds. Of course, if I restart vyos, it will return to normal and obtain IPv6 normally! Of course, this is just a problem when I execute these commands in my situation. It doesn't mean that it's the only condition to reproduce this bug!

c-po added a comment.Apr 20 2020, 6:01 PM

Weird - does not happen on my PPPoE test server. Please update us if you find the root cause on this odd behavior with your ISP. Closing this.

c-po closed this task as Resolved.Apr 20 2020, 6:02 PM
jack9603301 added a comment.Apr 21 2020, 10:37 AM

When the GNS emulator is running, new errors are found. For details:

https://phabricator.vyos.net/T2348

jack9603301 mentioned this in T2380: After PPPoE 0 is restarted, the default static route is lost.Apr 24 2020, 12:24 PM
jack9603301 added a comment.Apr 24 2020, 12:29 PM

I have extracted this question to T2380 alone!

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.May 21 2020, 5:22 PM
erkin set Issue type to Bug (incorrect behavior).Aug 30 2021, 6:46 AM
erkin removed a subscriber: Active contributors.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 30 2022, 2:01 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.