Auteur Sujet: [Saison 2] OpenWRT + SLAAC = problèmes (Lu 1892 fois)

mirtouf · « **le:** 04 décembre 2021 à 21:25:02 »

Bonsoir,

pour faire la suite de mon précédent essai:
https://lafibre.info/ipv6/tunnel-ipv6-he-openwrt-slaac-panique-sur-le-lan/
maintenant que ByTel propose l'IPv6 en natif, je me suis remis sur le sujet et j'ai toujours le même problème.

Les RA sont diffusés sur le réseau, les clients reçoivent la route, s'auto-configurent et ne perdent pas la route mais sans intervention de ma part, le trafic IPv6 ne passe pas.
Pour que cela fonctionne, je dois faire un ping sur l'adresse globale de l'interface LAN, dans mon cas 2001:861:490d:df60::e1

Le client:

Citer

ip -6 r
::1 dev lo proto kernel metric 256 pref medium
2001:861:490d:df60::/64 dev enp9s0 proto ra metric 100 pref medium
fe80::/64 dev enp9s0 proto kernel metric 100 pref medium
default via fe80::5401:adff:fe4e:a759 dev enp9s0 proto ra metric 100 pref medium

ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp9s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:861:490d:df60:ebae:f921:30d7:9b16/64 scope global temporary dynamic
valid_lft 5322sec preferred_lft 3522sec
inet6 2001:861:490d:df60:25f1:9403:f2e8:58f7/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 5322sec preferred_lft 3522sec
inet6 fe80::d1fc:989:14d6:91e2/64 scope link noprefixroute
valid_lft forever preferred_lft forever

OpenWRT

Code: [Sélectionner]

cat /etc/config/network 

config interface 'loopback'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'
	option device 'lo'

config globals 'globals'
	option packet_steering '1'

config interface 'lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	list dns '192.168.1.33'
	list dns '192.168.1.4'
	list dns '80.67.169.40'
	option ip6ifaceid '::e1'
	option ip6assign '64'
	option device 'br-lan'

config interface 'wan'
	option proto 'dhcp'
	option macaddr '28:9E:FC:xx:xx:x'
	option vendorid 'BYGTELIAD'
	option device 'eth1.100'
	option delegate '0'

config interface 'wan6'
	option macaddr '28:9E:FC:xx:xx:xx'
	option proto 'dhcpv6'
	option clientid '00030001289EFCxxxxxx'
	option reqprefix 'auto'
	option reqaddress 'try'
	option device 'eth1.100'
	option ip6assign '64'
	option ip6ifaceid '::1'

config interface 'telephone'
	option proto 'static'
	option ipaddr '192.168.9.1'
	option netmask '255.255.255.0'
	option device 'br-telephone'

config interface 'ONT'
	option proto 'static'
	option ipaddr '192.168.100.99'
	option netmask '255.255.255.0'
	option device 'eth1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'
	list ports 'eth2'
	option igmp_snooping '1'
	option igmpversion '2'
	option acceptlocal '1'
	option sendredirects '0'

config device
	option name 'br-telephone'
	option type 'bridge'
	list ports 'br-lan.100'
	option igmp_snooping '1'
	option igmpversion '2'

config device
	option name 'eth1.100'
	option type '8021q'
	option ifname 'eth1'
	option vid '100'
	option igmpversion '2'
	option macaddr '28:9E:FC:xx:xx:xx'

Code: [Sélectionner]

cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'
	option filterwin2k '1'
	option quietdhcp '1'
	option tftp_root '/etc/perso/tftp'
	option enable_tftp '1'
	list server '80.67.169.40'
	list server '80.67.169.12'
	list server '192.168.1.33'

config dhcp 'lan'
	option interface 'lan'
	option limit '150'
	option start '10'
	list dhcp_option '6,192.168.1.33,192.168.1.4'
	option force '1'
	option leasetime '2h'
	option dhcpv6 'relay'
	option ra 'server'
	option ra_default '1'
	list ra_flags 'none'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'telephone'
	option start '100'
	option leasetime '12h'
	option limit '150'
	option interface 'telephone'

config dhcp 'wan6'
	option interface 'wan6'
	option ignore '1'
	option ra 'hybrid'
	option dns_service '0'
	option ra_slaac '0'
	list ra_flags 'none'

Bien sûr, tant que le client utilise IPv6, aucun souci ; dès qu'IPv6 n'est pas utilisé un certain temps, il faut de nouveau faire un ping sur l'interface LAN.

Est-ce que j'ai loupé une option côté proxmox ou openwrt ?
Est-ce ma configuration (VM openwrt) peut générer des effets de bord ?
Est-ce une variable sysctl qui n'est pas bonne ?

Code: [Sélectionner]

net.ipv6.conf.vmbr0.accept_dad = 1
net.ipv6.conf.vmbr0.accept_ra = 2
net.ipv6.conf.vmbr0.accept_ra_defrtr = 1
net.ipv6.conf.vmbr0.accept_ra_from_local = 0
net.ipv6.conf.vmbr0.accept_ra_min_hop_limit = 1
net.ipv6.conf.vmbr0.accept_ra_mtu = 1
net.ipv6.conf.vmbr0.accept_ra_pinfo = 1
net.ipv6.conf.vmbr0.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.vmbr0.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.vmbr0.accept_ra_rtr_pref = 1
net.ipv6.conf.vmbr0.accept_redirects = 1
net.ipv6.conf.vmbr0.accept_source_route = 0
net.ipv6.conf.vmbr0.addr_gen_mode = 0
net.ipv6.conf.vmbr0.autoconf = 1
net.ipv6.conf.vmbr0.dad_transmits = 1
net.ipv6.conf.vmbr0.disable_ipv6 = 0
net.ipv6.conf.vmbr0.disable_policy = 0
net.ipv6.conf.vmbr0.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.vmbr0.drop_unsolicited_na = 0
net.ipv6.conf.vmbr0.enhanced_dad = 1
net.ipv6.conf.vmbr0.force_mld_version = 0
net.ipv6.conf.vmbr0.force_tllao = 0
net.ipv6.conf.vmbr0.forwarding = 1
net.ipv6.conf.vmbr0.hop_limit = 64
net.ipv6.conf.vmbr0.ignore_routes_with_linkdown = 0
net.ipv6.conf.vmbr0.keep_addr_on_down = 0
net.ipv6.conf.vmbr0.max_addresses = 16
net.ipv6.conf.vmbr0.max_desync_factor = 600
net.ipv6.conf.vmbr0.mc_forwarding = 0
net.ipv6.conf.vmbr0.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.vmbr0.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.vmbr0.mtu = 1500
net.ipv6.conf.vmbr0.ndisc_notify = 0
net.ipv6.conf.vmbr0.ndisc_tclass = 0
net.ipv6.conf.vmbr0.proxy_ndp = 1
net.ipv6.conf.vmbr0.ra_defrtr_metric = 1024
net.ipv6.conf.vmbr0.regen_max_retry = 3
net.ipv6.conf.vmbr0.router_probe_interval = 60
net.ipv6.conf.vmbr0.router_solicitation_delay = 1
net.ipv6.conf.vmbr0.router_solicitation_interval = 4
net.ipv6.conf.vmbr0.router_solicitation_max_interval = 3600
net.ipv6.conf.vmbr0.router_solicitations = -1
net.ipv6.conf.vmbr0.rpl_seg_enabled = 0
net.ipv6.conf.vmbr0.seg6_enabled = 0
net.ipv6.conf.vmbr0.seg6_require_hmac = 0
net.ipv6.conf.vmbr0.suppress_frag_ndisc = 1
net.ipv6.conf.vmbr0.temp_prefered_lft = 86400
net.ipv6.conf.vmbr0.temp_valid_lft = 604800
net.ipv6.conf.vmbr0.use_oif_addrs_only = 0
net.ipv6.conf.vmbr0.use_tempaddr = 2
net.ipv6.neigh.vmbr0.anycast_delay = 100
net.ipv6.neigh.vmbr0.app_solicit = 0
net.ipv6.neigh.vmbr0.base_reachable_time_ms = 30000
net.ipv6.neigh.vmbr0.delay_first_probe_time = 5
net.ipv6.neigh.vmbr0.gc_stale_time = 60
net.ipv6.neigh.vmbr0.locktime = 0
net.ipv6.neigh.vmbr0.mcast_resolicit = 0
net.ipv6.neigh.vmbr0.mcast_solicit = 3
net.ipv6.neigh.vmbr0.proxy_delay = 80
net.ipv6.neigh.vmbr0.proxy_qlen = 64
net.ipv6.neigh.vmbr0.retrans_time_ms = 1000
net.ipv6.neigh.vmbr0.ucast_solicit = 3
net.ipv6.neigh.vmbr0.unres_qlen = 101
net.ipv6.neigh.vmbr0.unres_qlen_bytes = 212992

Bref, toute bonne idée est la bienvenue.

mirtouf · « **Réponse #1 le:** 04 décembre 2021 à 21:26:05 »

En capturant un client:

Code: [Sélectionner]

20:29:38.523184 IP6 (flowlabel 0x100f4, hlim 255, next-header ICMPv6 (58) payload length: 96) _gateway > ip6-allnodes.lan: [icmp6 sum ok] ICMP6, router advertisement, length 96
	hop limit 64, Flags [none], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
	  source link-address option (1), length 8 (1): 56:01:ad:4e:a7:59
	    0x0000:  5601 ad4e a759
	  mtu option (5), length 8 (1):  1500
	    0x0000:  0000 0000 05dc
	  prefix info option (3), length 32 (4): 2001:861:490d:df60::/64, Flags [onlink, auto], valid time 5311s, pref. time 3511s
	    0x0000:  40c0 0000 14bf 0000 0db7 0000 0000 2001
	    0x0010:  0861 490d df60 0000 0000 0000 0000
	  rdnss option (25), length 24 (3):  lifetime 1800s, addr: 2001:861:490d:df60::e1
	    0x0000:  0000 0000 0708 2001 0861 490d df60 0000
	    0x0010:  0000 0000 00e1
	  advertisement interval option (7), length 8 (1):  600000ms
	    0x0000:  0000 0009 27c0
20:29:38.523759 IP6 (flowlabel 0xdf1e6, hlim 255, next-header ICMPv6 (58) payload length: 32) pi.hole > ip6-allnodes.lan: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:861:490d:df60:d91e:64ef:d89:dca, Flags [override]
	  destination link-address option (2), length 8 (1): b2:98:84:8b:82:47
	    0x0000:  b298 848b 8247
20:29:38.532001 IP6 (hlim 1, next-header Options (0) payload length: 76) manjaro > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 3 group record(s) [gaddr ff02::1:ffd7:9b16 to_ex { }] [gaddr ff02::1:ffe8:58f7 to_ex { }] [gaddr ff02::1:ffd6:91e2 to_ex { }]
20:29:38.615329 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:ffe8:58f7: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has manjaro
	  unknown option (14), length 8 (1): 
	    0x0000:  3fac 056d 5510
20:29:38.895333 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:ffd7:9b16: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has manjaro
	  unknown option (14), length 8 (1): 
	    0x0000:  90fe ad95 3eca
20:29:39.055327 IP6 (hlim 1, next-header Options (0) payload length: 76) manjaro > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 3 group record(s) [gaddr ff02::1:ffd7:9b16 to_ex { }] [gaddr ff02::1:ffe8:58f7 to_ex { }] [gaddr ff02::1:ffd6:91e2 to_ex { }]
20:29:39.524295 IP6 (flowlabel 0xdf1e6, hlim 255, next-header ICMPv6 (58) payload length: 32) pi.hole > ip6-allnodes.lan: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:861:490d:df60:d91e:64ef:d89:dca, Flags [override]
	  destination link-address option (2), length 8 (1): b2:98:84:8b:82:47
	    0x0000:  b298 848b 8247
20:29:39.525087 IP6 (flowlabel 0x9f8b5, hlim 64, next-header TCP (6) payload length: 40) manjaro.51754 > 2600:1901:0:38d7::.http: Flags [S], cksum 0xf8c5 (incorrect -> 0xc2d6), seq 3819549711, win 64800, options [mss 1440,sackOK,TS val 1904065491 ecr 0,nop,wscale 7], length 0
20:29:40.525108 IP6 (flowlabel 0xdf1e6, hlim 255, next-header ICMPv6 (58) payload length: 32) pi.hole > ip6-allnodes.lan: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:861:490d:df60:d91e:64ef:d89:dca, Flags [override]
	  destination link-address option (2), length 8 (1): b2:98:84:8b:82:47
	    0x0000:  b298 848b 8247
20:29:44.541804 IP6 (flowlabel 0x11046, hlim 64, next-header TCP (6) payload length: 40) manjaro.40646 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0xb447), seq 1179900031, win 64800, options [mss 1440,sackOK,TS val 882059976 ecr 0,nop,wscale 7], length 0
20:29:44.542056 IP6 (flowlabel 0x62c09, hlim 64, next-header TCP (6) payload length: 40) manjaro.40648 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0x662f), seq 2903228381, win 64800, options [mss 1440,sackOK,TS val 882059976 ecr 0,nop,wscale 7], length 0
20:29:44.548663 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) manjaro > _gateway: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has _gateway
	  source link-address option (1), length 8 (1): 70:85:c2:3e:97:c6
	    0x0000:  7085 c23e 97c6
20:29:44.548807 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) _gateway > manjaro: [icmp6 sum ok] ICMP6, neighbor advertisement, length 24, tgt is _gateway, Flags [router, solicited]
20:29:45.562191 IP6 (flowlabel 0x5fadd, hlim 64, next-header TCP (6) payload length: 40) manjaro.40648 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0x6233), seq 2903228381, win 64800, options [mss 1440,sackOK,TS val 882060996 ecr 0,nop,wscale 7], length 0
20:29:45.562191 IP6 (flowlabel 0x832bd, hlim 64, next-header TCP (6) payload length: 40) manjaro.40646 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0xb04b), seq 1179900031, win 64800, options [mss 1440,sackOK,TS val 882060996 ecr 0,nop,wscale 7], length 0
20:29:47.748850 IP6 (flowlabel 0x3fd36, hlim 64, next-header TCP (6) payload length: 40) manjaro.40646 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0xa7c0), seq 1179900031, win 64800, options [mss 1440,sackOK,TS val 882063183 ecr 0,nop,wscale 7], length 0
20:29:47.748857 IP6 (flowlabel 0x64625, hlim 64, next-header TCP (6) payload length: 40) manjaro.40648 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0x59a8), seq 2903228381, win 64800, options [mss 1440,sackOK,TS val 882063183 ecr 0,nop,wscale 7], length 0
20:29:47.899024 IP6 (flowlabel 0xb5ca7, hlim 64, next-header TCP (6) payload length: 40) manjaro.35674 > mirror.cedia.org.ec.https: Flags [S], cksum 0xe8e6 (incorrect -> 0x3540), seq 3738130115, win 64800, options [mss 1440,sackOK,TS val 3289425473 ecr 0,nop,wscale 7], length 0
20:29:48.670190 IP6 (flowlabel 0xc0b32, hlim 64, next-header ICMPv6 (58) payload length: 64) manjaro > par21s04-in-x03.1e100.net: [icmp6 sum ok] ICMP6, echo request, id 1, seq 1
20:29:48.924685 IP6 (flowlabel 0x62119, hlim 64, next-header UDP (17) payload length: 1345) manjaro.50305 > edge-star-mini6-shv-02-mrs2.facebook.com.https: [bad udp cksum 0x1ce3 -> 0x424f!] UDP, length 1337
20:29:48.936975 IP6 (flowlabel 0x62119, hlim 64, next-header UDP (17) payload length: 1345) manjaro.50305 > edge-star-mini6-shv-02-mrs2.facebook.com.https: [bad udp cksum 0x1ce3 -> 0x465c!] UDP, length 1337
20:29:48.937011 IP6 (flowlabel 0x62119, hlim 64, next-header UDP (17) payload length: 1345) manjaro.50305 > edge-star-mini6-shv-02-mrs2.facebook.com.https: [bad udp cksum 0x1ce3 -> 0x4526!] UDP, length 1337
20:29:48.961296 IP6 (flowlabel 0x62119, hlim 64, next-header UDP (17) payload length: 1345) manjaro.50305 > edge-star-mini6-shv-02-mrs2.facebook.com.https: [bad udp cksum 0x1ce3 -> 0x1d27!] UDP, length 1337
20:29:48.961331 IP6 (flowlabel 0x62119, hlim 64, next-header UDP (17) payload length: 1345) manjaro.50305 > edge-star-mini6-shv-02-mrs2.facebook.com.https: [bad udp cksum 0x1ce3 -> 0xc754!] UDP, length 1337
20:29:49.009770 IP6 (flowlabel 0x62119, hlim 64, next-header UDP (17) payload length: 1345) manjaro.50305 > edge-star-mini6-shv-02-mrs2.facebook.com.https: [bad udp cksum 0x1ce3 -> 0x04d1!] UDP, length 1337
20:29:49.009805 IP6 (flowlabel 0x62119, hlim 64, next-header UDP (17) payload length: 1345) manjaro.50305 > edge-star-mini6-shv-02-mrs2.facebook.com.https: [bad udp cksum 0x1ce3 -> 0xd51f!] UDP, length 1337
20:29:49.019953 IP6 (flowlabel 0xb55f8, hlim 64, next-header TCP (6) payload length: 40) manjaro.47342 > edge-star-mini6-shv-02-mrs2.facebook.com.https: Flags [S], cksum 0x17bf (incorrect -> 0xe3c0), seq 1540600323, win 64800, options [mss 1440,sackOK,TS val 21136863 ecr 0,nop,wscale 7], length 0
20:29:49.106161 IP6 (flowlabel 0x62119, hlim 64, next-header UDP (17) payload length: 1345) manjaro.50305 > edge-star-mini6-shv-02-mrs2.facebook.com.https: [bad udp cksum 0x1ce3 -> 0x8e8b!] UDP, length 1337
20:29:49.106189 IP6 (flowlabel 0x62119, hlim 64, next-header UDP (17) payload length: 1345) manjaro.50305 > edge-star-mini6-shv-02-mrs2.facebook.com.https: [bad udp cksum 0x1ce3 -> 0x6968!] UDP, length 1337
20:29:49.298837 IP6 (flowlabel 0x62119, hlim 64, next-header UDP (17) payload length: 1345) manjaro.50305 > edge-star-mini6-shv-02-mrs2.facebook.com.https: [bad udp cksum 0x1ce3 -> 0x6f82!] UDP, length 1337
20:29:49.298883 IP6 (flowlabel 0x62119, hlim 64, next-header UDP (17) payload length: 1345) manjaro.50305 > edge-star-mini6-shv-02-mrs2.facebook.com.https: [bad udp cksum 0x1ce3 -> 0x85ea!] UDP, length 1337
20:29:49.309068 IP6 (flowlabel 0x62119, hlim 64, next-header UDP (17) payload length: 91) manjaro.50305 > edge-star-mini6-shv-02-mrs2.facebook.com.https: [bad udp cksum 0x17fd -> 0x7224!] UDP, length 83
20:29:49.658184 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) _gateway > manjaro: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has manjaro
	  source link-address option (1), length 8 (1): 56:01:ad:4e:a7:59
	    0x0000:  5601 ad4e a759
20:29:49.658234 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) manjaro > _gateway: [icmp6 sum ok] ICMP6, neighbor advertisement, length 24, tgt is manjaro, Flags [solicited]

mirtouf · « **Réponse #2 le:** 04 décembre 2021 à 21:26:15 »

Code: [Sélectionner]

20:29:49.695353 IP6 (flowlabel 0xc0b32, hlim 64, next-header ICMPv6 (58) payload length: 64) manjaro > par21s04-in-x03.1e100.net: [icmp6 sum ok] ICMP6, echo request, id 1, seq 2
20:29:49.803166 IP6 (flowlabel 0x4e301, hlim 64, next-header TCP (6) payload length: 40) manjaro.40664 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0xa9b0), seq 2510520103, win 64800, options [mss 1440,sackOK,TS val 882065237 ecr 0,nop,wscale 7], length 0
20:29:49.803166 IP6 (flowlabel 0xf741b, hlim 64, next-header TCP (6) payload length: 40) manjaro.40662 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0x4024), seq 2292184505, win 64800, options [mss 1440,sackOK,TS val 882065237 ecr 0,nop,wscale 7], length 0
20:29:50.708764 IP6 (flowlabel 0xc0b32, hlim 64, next-header ICMPv6 (58) payload length: 64) manjaro > par21s04-in-x03.1e100.net: [icmp6 sum ok] ICMP6, echo request, id 1, seq 3
20:29:50.815321 IP6 (flowlabel 0x4eb35, hlim 64, next-header TCP (6) payload length: 40) manjaro.40664 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0xa5bc), seq 2510520103, win 64800, options [mss 1440,sackOK,TS val 882066249 ecr 0,nop,wscale 7], length 0
20:29:50.815326 IP6 (flowlabel 0x9f24b, hlim 64, next-header TCP (6) payload length: 40) manjaro.40662 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0x3c30), seq 2292184505, win 64800, options [mss 1440,sackOK,TS val 882066249 ecr 0,nop,wscale 7], length 0
20:29:51.802005 IP6 (flowlabel 0x63e9f, hlim 64, next-header TCP (6) payload length: 40) manjaro.40648 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0x49d3), seq 2903228381, win 64800, options [mss 1440,sackOK,TS val 882067236 ecr 0,nop,wscale 7], length 0
20:29:51.802011 IP6 (flowlabel 0xb3ff6, hlim 64, next-header TCP (6) payload length: 40) manjaro.40646 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0x97eb), seq 1179900031, win 64800, options [mss 1440,sackOK,TS val 882067236 ecr 0,nop,wscale 7], length 0
20:29:52.868682 IP6 (flowlabel 0x4b53b, hlim 64, next-header TCP (6) payload length: 40) manjaro.40664 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0x9db6), seq 2510520103, win 64800, options [mss 1440,sackOK,TS val 882068303 ecr 0,nop,wscale 7], length 0
20:29:52.868859 IP6 (flowlabel 0x8073c, hlim 64, next-header TCP (6) payload length: 40) manjaro.40662 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0x342a), seq 2292184505, win 64800, options [mss 1440,sackOK,TS val 882068303 ecr 0,nop,wscale 7], length 0
20:29:54.495649 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) manjaro > ff02::1:ff00:e1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2001:861:490d:df60::e1
	  source link-address option (1), length 8 (1): 70:85:c2:3e:97:c6
	    0x0000:  7085 c23e 97c6
20:29:54.495894 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) 2001:861:490d:df60::e1 > manjaro: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:861:490d:df60::e1, Flags [router, solicited, override]
	  destination link-address option (2), length 8 (1): 56:01:ad:4e:a7:59
	    0x0000:  5601 ad4e a759
20:29:54.495929 IP6 (flowlabel 0x313c7, hlim 64, next-header ICMPv6 (58) payload length: 64) manjaro > 2001:861:490d:df60::e1: [icmp6 sum ok] ICMP6, echo request, id 2, seq 1
20:29:54.496960 IP6 (flowlabel 0xa18e9, hlim 64, next-header ICMPv6 (58) payload length: 64) 2001:861:490d:df60::e1 > manjaro: [icmp6 sum ok] ICMP6, echo reply, id 2, seq 1
20:29:54.917066 IP6 (flowlabel 0x31057, hlim 61, next-header TCP (6) payload length: 40) 2600:1901:0:38d7::.http > manjaro.40662: Flags [S.], cksum 0x0a35 (correct), seq 1321748229, ack 2292184506, win 65535, options [mss 1440,sackOK,TS val 598899070 ecr 882065237,nop,wscale 8], length 0
20:29:54.917093 IP6 (flowlabel 0x8073c, hlim 64, next-header TCP (6) payload length: 32) manjaro.40662 > 2600:1901:0:38d7::.http: Flags [.], cksum 0x798d (incorrect -> 0x22f9), seq 1, ack 1, win 507, options [nop,nop,TS val 882070351 ecr 598899070], length 0
20:29:54.917361 IP6 (flowlabel 0x8073c, hlim 64, next-header TCP (6) payload length: 342) manjaro.40662 > 2600:1901:0:38d7::.http: Flags [P.], cksum 0x7ac3 (incorrect -> 0x3dc6), seq 1:311, ack 1, win 507, options [nop,nop,TS val 882070351 ecr 598899070], length 310: HTTP, length: 310
	GET /success.txt?ipv6 HTTP/1.1
	Host: detectportal.firefox.com
	User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0
	Accept: */*
	Accept-Language: fr,en-US;q=0.7,en;q=0.3
	Accept-Encoding: gzip, deflate
	DNT: 1
	Connection: keep-alive
	Pragma: no-cache
	Cache-Control: no-cache
	
20:29:54.921442 IP6 (flowlabel 0x31057, hlim 61, next-header TCP (6) payload length: 32) 2600:1901:0:38d7::.http > manjaro.40662: Flags [.], cksum 0x22b5 (correct), seq 1, ack 311, win 261, options [nop,nop,TS val 598899074 ecr 882070351], length 0
20:29:54.921880 IP6 (flowlabel 0x26954, hlim 61, next-header TCP (6) payload length: 252) 2600:1901:0:38d7::.http > manjaro.40662: Flags [P.], cksum 0x7e40 (correct), seq 1:221, ack 311, win 261, options [nop,nop,TS val 598899075 ecr 882070351], length 220: HTTP, length: 220
	HTTP/1.1 200 OK
	Server: nginx
	Date: Sat, 04 Dec 2021 02:29:28 GMT
	Content-Type: text/plain
	Content-Length: 8
	Via: 1.1 google
	Age: 61226
	Cache-Control: public, must-revalidate, max-age=0, s-maxage=86400
	
	success
20:29:54.921889 IP6 (flowlabel 0x8073c, hlim 64, next-header TCP (6) payload length: 32) manjaro.40662 > 2600:1901:0:38d7::.http: Flags [.], cksum 0x798d (incorrect -> 0x20de), seq 311, ack 221, win 506, options [nop,nop,TS val 882070356 ecr 598899075], length 0
20:29:54.933168 IP6 (flowlabel 0x0158f, hlim 61, next-header TCP (6) payload length: 40) 2600:1901:0:38d7::.http > manjaro.40664: Flags [S.], cksum 0x4f04 (correct), seq 1462025731, ack 2510520104, win 65535, options [mss 1440,sackOK,TS val 1607328453 ecr 882065237,nop,wscale 8], length 0
20:29:54.933185 IP6 (flowlabel 0x4b53b, hlim 64, next-header TCP (6) payload length: 32) manjaro.40664 > 2600:1901:0:38d7::.http: Flags [.], cksum 0x798d (incorrect -> 0x67b8), seq 1, ack 1, win 507, options [nop,nop,TS val 882070367 ecr 1607328453], length 0
20:29:54.933318 IP6 (flowlabel 0x4b53b, hlim 64, next-header TCP (6) payload length: 352) manjaro.40664 > 2600:1901:0:38d7::.http: Flags [P.], cksum 0x7acd (incorrect -> 0xb87e), seq 1:321, ack 1, win 507, options [nop,nop,TS val 882070367 ecr 1607328453], length 320: HTTP, length: 320
	GET /success.txt?ipv6 HTTP/1.1
	Host: detectportal.firefox.com
	User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.2
	Accept: */*
	Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
	Accept-Encoding: gzip, deflate
	Connection: keep-alive
	Pragma: no-cache
	Cache-Control: no-cache
	
20:29:54.937297 IP6 (flowlabel 0x0158f, hlim 61, next-header TCP (6) payload length: 32) 2600:1901:0:38d7::.http > manjaro.40664: Flags [.], cksum 0x676a (correct), seq 1, ack 321, win 261, options [nop,nop,TS val 1607328457 ecr 882070367], length 0
20:29:54.937409 IP6 (flowlabel 0xc92d2, hlim 61, next-header TCP (6) payload length: 252) 2600:1901:0:38d7::.http > manjaro.40664: Flags [P.], cksum 0xc2f5 (correct), seq 1:221, ack 321, win 261, options [nop,nop,TS val 1607328458 ecr 882070367], length 220: HTTP, length: 220
	HTTP/1.1 200 OK
	Server: nginx
	Date: Sat, 04 Dec 2021 02:29:28 GMT
	Content-Type: text/plain
	Content-Length: 8
	Via: 1.1 google
	Age: 61226
	Cache-Control: public, must-revalidate, max-age=0, s-maxage=86400
	
	success
20:29:54.937414 IP6 (flowlabel 0x4b53b, hlim 64, next-header TCP (6) payload length: 32) manjaro.40664 > 2600:1901:0:38d7::.http: Flags [.], cksum 0x798d (incorrect -> 0x6594), seq 321, ack 221, win 506, options [nop,nop,TS val 882070371 ecr 1607328458], length 0
20:29:55.129168 IP6 (hlim 52, next-header TCP (6) payload length: 40) mirror.cedia.org.ec.https > manjaro.35674: Flags [S.], cksum 0xa5ae (correct), seq 1762699492, ack 3738130116, win 28560, options [mss 1440,sackOK,TS val 989384737 ecr 3289425473,nop,wscale 9], length 0
20:29:55.129180 IP6 (flowlabel 0x8a6b2, hlim 64, next-header TCP (6) payload length: 20) manjaro.35674 > mirror.cedia.org.ec.https: Flags [R], cksum 0xe8d2 (incorrect -> 0x047f), seq 3738130116, win 0, length 0
20:29:55.294509 IP6 (hlim 58, next-header UDP (17) payload length: 1240) edge-star-mini6-shv-02-mrs2.facebook.com.https > manjaro.50305: [udp sum ok] UDP, length 1232
20:29:55.294509 IP6 (hlim 58, next-header UDP (17) payload length: 1240) edge-star-mini6-shv-02-mrs2.facebook.com.https > manjaro.50305: [udp sum ok] UDP, length 1232
20:29:55.294509 IP6 (hlim 58, next-header UDP (17) payload length: 1240) edge-star-mini6-shv-02-mrs2.facebook.com.https > manjaro.50305: [udp sum ok] UDP, length 1232
20:29:55.294509 IP6 (hlim 58, next-header UDP (17) payload length: 65) edge-star-mini6-shv-02-mrs2.facebook.com.https > manjaro.50305: [udp sum ok] UDP, length 57
20:29:55.294547 IP6 (flowlabel 0x328a1, hlim 64, next-header ICMPv6 (58) payload length: 1240) manjaro > edge-star-mini6-shv-02-mrs2.facebook.com: [icmp6 sum ok] ICMP6, destination unreachable, unreachable port, manjaro udp port 50305
20:29:55.294554 IP6 (flowlabel 0x328a1, hlim 64, next-header ICMPv6 (58) payload length: 1240) manjaro > edge-star-mini6-shv-02-mrs2.facebook.com: [icmp6 sum ok] ICMP6, destination unreachable, unreachable port, manjaro udp port 50305
20:29:55.294558 IP6 (flowlabel 0x328a1, hlim 64, next-header ICMPv6 (58) payload length: 1240) manjaro > edge-star-mini6-shv-02-mrs2.facebook.com: [icmp6 sum ok] ICMP6, destination unreachable, unreachable port, manjaro udp port 50305
20:29:55.294597 IP6 (flowlabel 0x328a1, hlim 64, next-header ICMPv6 (58) payload length: 113) manjaro > edge-star-mini6-shv-02-mrs2.facebook.com: [icmp6 sum ok] ICMP6, destination unreachable, unreachable port, manjaro udp port 50305
20:29:55.497110 IP6 (flowlabel 0x313c7, hlim 64, next-header ICMPv6 (58) payload length: 64) manjaro > 2001:861:490d:df60::e1: [icmp6 sum ok] ICMP6, echo request, id 2, seq 2
20:29:55.497472 IP6 (flowlabel 0xa18e9, hlim 64, next-header ICMPv6 (58) payload length: 64) 2001:861:490d:df60::e1 > manjaro: [icmp6 sum ok] ICMP6, echo reply, id 2, seq 2
20:29:55.818361 IP6 (flowlabel 0x274de, hlim 61, next-header TCP (6) payload length: 40) 2600:1901:0:38d7::.http > manjaro.40648: Flags [S.], cksum 0x5538 (correct), seq 2517653979, ack 2903228382, win 65535, options [mss 1440,sackOK,TS val 529727111 ecr 882059976,nop,wscale 8], length 0
20:29:55.818435 IP6 (flowlabel 0x63e9f, hlim 64, next-header TCP (6) payload length: 32) manjaro.40648 > 2600:1901:0:38d7::.http: Flags [.], cksum 0x798d (incorrect -> 0x55ea), seq 1, ack 1, win 507, options [nop,nop,TS val 882071252 ecr 529727111], length 0
20:29:56.136951 IP6 (hlim 248, next-header TCP (6) payload length: 40) edge-star-mini6-shv-02-mrs2.facebook.com.https > manjaro.47342: Flags [S.], cksum 0xa69c (correct), seq 3134294272, ack 1540600324, win 65535, options [mss 1392,sackOK,TS val 2559270405 ecr 21136863,nop,wscale 8], length 0
20:29:56.137001 IP6 (flowlabel 0xdcaed, hlim 64, next-header TCP (6) payload length: 20) manjaro.47342 > edge-star-mini6-shv-02-mrs2.facebook.com.https: Flags [R], cksum 0x17ab (incorrect -> 0xcfce), seq 1540600324, win 0, length 0
20:29:56.638618 IP6 (flowlabel 0xc0b32, hlim 64, next-header ICMPv6 (58) payload length: 64) manjaro > par21s04-in-x03.1e100.net: [icmp6 sum ok] ICMP6, echo request, id 3, seq 1
20:29:56.642765 IP6 (flowlabel 0xc0b32, hlim 118, next-header ICMPv6 (58) payload length: 64) par21s04-in-x03.1e100.net > manjaro: [icmp6 sum ok] ICMP6, echo reply, id 3, seq 1
20:29:57.640355 IP6 (flowlabel 0xc0b32, hlim 64, next-header ICMPv6 (58) payload length: 64) manjaro > par21s04-in-x03.1e100.net: [icmp6 sum ok] ICMP6, echo request, id 3, seq 2
20:29:57.644739 IP6 (flowlabel 0xc0b32, hlim 118, next-header ICMPv6 (58) payload length: 64) par21s04-in-x03.1e100.net > manjaro: [icmp6 sum ok] ICMP6, echo reply, id 3, seq 2
20:29:59.641653 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) _gateway > manjaro: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has manjaro
	  source link-address option (1), length 8 (1): 56:01:ad:4e:a7:59
	    0x0000:  5601 ad4e a759
20:29:59.641678 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) manjaro > _gateway: [icmp6 sum ok] ICMP6, neighbor advertisement, length 24, tgt is manjaro, Flags [solicited]
20:29:59.908678 IP6 (flowlabel 0x4db96, hlim 64, next-header TCP (6) payload length: 40) manjaro.40646 > 2600:1901:0:38d7::.http: Flags [S], cksum 0x7995 (incorrect -> 0x7840), seq 1179900031, win 64800, options [mss 1440,sackOK,TS val 882075343 ecr 0,nop,wscale 7], length 0
20:29:59.912508 IP6 (flowlabel 0xe22d7, hlim 124, next-header TCP (6) payload length: 40) 2600:1901:0:38d7::.http > manjaro.40646: Flags [S.], cksum 0xb306 (correct), seq 1826853022, ack 1179900032, win 65535, options [mss 1440,sackOK,TS val 3910080446 ecr 882059976,nop,wscale 8], length 0
20:29:59.912527 IP6 (flowlabel 0x4db96, hlim 64, next-header TCP (6) payload length: 32) manjaro.40646 > 2600:1901:0:38d7::.http: Flags [.], cksum 0x798d (incorrect -> 0xa3b9), seq 1, ack 1, win 507, options [nop,nop,TS val 882075347 ecr 3910080446], length 0

mirtouf · « **Réponse #3 le:** 04 décembre 2021 à 21:53:16 »

Je me demande aussi si l'IGMP snooping pourrait poser problème (normalement non mais on sait jamais).

mirtouf · « **Réponse #4 le:** 04 décembre 2021 à 22:53:27 »

Bon bah, en passant en mode relais sans SLAAC et en ajoutant une IPv6 à l'interface réseau idoine, tout roule.
Avec ce mode de fonctionnement, l'AppleTV et les smartphones Android n'auront pas d'accès IPv6...

EDIT: un fil intéressant https://forum.openwrt.org/t/odhcpd-relayed-ra-causing-wifi-drops-for-lineageos-17-1-phones/84879

mirtouf · « **Réponse #5 le:** 05 décembre 2021 à 18:46:13 »

Le Wiki OpenWRT n'est pas des plus étoffés et des plus utiles.
En testant, il semblerait qu'activer les RA uniquement côté LAN n'est pas suffisant, il faut aussi indiquer que l'interface WAN6 est 'master' et relaie les RA.
/etc/config/dhcp

Code: [Sélectionner]

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'
	option filterwin2k '1'
	option quietdhcp '1'
	option tftp_root '/etc/perso/tftp'
	option enable_tftp '1'
	list server '80.67.169.40'
	list server '80.67.169.12'
	list server '192.168.1.33'

config dhcp 'lan'
	option interface 'lan'
	option limit '150'
	option start '10'
	list dhcp_option '6,192.168.1.33,192.168.1.4'
	option force '1'
	option leasetime '2h'
	option dhcpv6 'server'
	option ra 'server'
	option ra_default '1'
	list ra_flags 'none'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'telephone'
	option start '100'
	option leasetime '12h'
	option limit '150'
	option interface 'telephone'

config dhcp 'wan6'
	option interface 'wan6'
	option ra 'relay'
	option dhcpv6 'relay'
	option master '1'
	list ra_flags 'none'