OpenWRT router can't ping FreedomBox over IPv6

Support
1

My FreedomBox is running in a virtual machine in a local Debian host. Its network is configured via cockpit in the host as “Direct Attachment” to the network hardware of the host.

The Debian host network interface is directly connected via cable to my router, a TP-Link Archer C5 v1, running stable OpenWrt 22.03.2 r19803-9a599fee93 / LuCI openwrt-22.03 branch git-22.288.45147-96ec0cd.

IPv4 is locally working fine, but my ISP Vodafone in Germany does not provide me with an IPv4 address, so I need to work with IPv6.

FreedomBox can ping the router via IPv6, including the LAN, the link local, and the global addresses. It can also access the internet via IPv6.

The router cannot ping FreedomBox via IPv6, breaking incoming connectivity for my FreedomBox.

Incoming IPv6 connectivity started to work for some time, but I don’t know what caused it to work and why it stopped again.

I tried restarting FreedomBox, restarting NetworkManager, and also flushing all ip addresses, but neither did the IPv6 address of my FreedomBox change nor did the incoming connectivity work.

I’d be thankful for any idea what could be breaking this. I have full control over the router and I can provide all data including wireshark dumps.

Information

  • FreedomBox version: 23.2
  • Hardware: amd64 kvm virtual machine
  • How did you install FreedomBox?: Installed in the virtual machine via the stable amd64 freedombox image
2

Finally I managed to make it work through trial and error - for now.

I used the sysctl command to compare settings in net.ipv6.conf.$DEVICE on the host and freedombox and noticed differences:

Host:

net.ipv6.conf.enp1s0.accept_ra = 1
net.ipv6.conf.enp1s0.addr_gen_mode = 0

Freedombox:

net.ipv6.conf.enp1s0.accept_ra = 0
net.ipv6.conf.enp1s0.addr_gen_mode = 1

I set net.ipv6.conf.enp1s0.accept_ra=1 on the freedombox and it received new IPv6 addresses with the label mngtmpaddr.

    inet6 2a12:1234:1234:1234:5054:ff:fef5:8058/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 67108sec preferred_lft 23908sec
    inet6 fd12:1234:1234:0:5054:ff:fef5:8fff/64 scope global mngtmpaddr noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 2a12:1234:1234:1234::fb5/128 scope global dynamic noprefixroute 
       valid_lft 41952sec preferred_lft 23908sec
    inet6 fd12:1234:1234::fb5/128 scope global dynamic noprefixroute 
       valid_lft 41952sec preferred_lft 23908sec
    inet6 fd12:1234:1234:0:f7e6:5d54:e43d:94ba/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 2a12:1234:1234:1234:5ff9:250:4670:3125/64 scope global dynamic noprefixroute 
       valid_lft 67109sec preferred_lft 23909sec
    inet6 fe80::1234:1234:1234:1234/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

I only receive answer to pings to the two new addresses with the label mngtmpaddr and the link-local one.

Is perhaps the default configuration of IPv6 not working in modern IPv6-only home connections in Germany?