[opensuse-factory] IPv6 with NetworkManger broken?
NetworkManager 1.26.2-1.2 (Tumbleweed) I just noticed that IPv6 (WiFi) seems to be broken when using NetworkManager for network configuration. IPv6 in the LAN seems to be unaffected, but WAN traffic is completely broken. All is well when using wicked however, so I suspect a change in NetworkMananger broke it recently (it has worked in the past). Anyone else noticed problems with this? NetworkManager: # ip -6 route show dev wlp2s0 2001:xxxx:xxxx:xxxx::/64 via fe80::7eff:4dff:fea9:7368 proto ra metric 600 pref medium fe80::/64 proto kernel metric 600 pref medium default via fe80::7eff:4dff:fea9:7368 proto ra metric 600 pref medium wicked: # ip -6 route show dev wlp2s0 2001:xxxx:xxxx:xxxx::/64 proto kernel metric 256 expires 6976sec pref medium fe80::/64 proto kernel metric 256 pref medium default via fe80::7eff:4dff:fea9:7368 proto ra metric 1024 expires 1576sec mtu 1472 hoplimit 255 pref medium -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 9/1/20 4:50 PM, Arjen de Korte wrote:
Anyone else noticed problems with this?
I haven't, but I'm running Leap.
ip -6 route show dev wlan0 2607:fea8:4c80:b00::/64 proto ra metric 600 pref medium fd48:1a37:2160::/64 proto ra metric 600 pref medium fe80::/64 proto kernel metric 600 pref medium default via fe80::1:1 proto ra metric 600 pref medium -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tuesday 2020-09-01 22:50, Arjen de Korte wrote:
NetworkManager 1.26.2-1.2 (Tumbleweed)
NetworkManager: # ip -6 route show dev wlp2s0 2001:xxxx:xxxx:xxxx::/64 via fe80::7eff:4dff:fea9:7368 proto ra metric 600 pref medium fe80::/64 proto kernel metric 600 pref medium default via fe80::7eff:4dff:fea9:7368 proto ra metric 600 pref medium
wicked: # ip -6 route show dev wlp2s0 2001:xxxx:xxxx:xxxx::/64 proto kernel metric 256 expires 6976sec pref medium
I have NM 1.26.2-1.2 too, but no via_fe80 option is used for the local network. Which suggests to me to look into the RA packet for obvious differences to a normal router... such as extra routes with a gateway. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Citeren Jan Engelhardt <jengelh@inai.de>:
On Tuesday 2020-09-01 22:50, Arjen de Korte wrote:
NetworkManager 1.26.2-1.2 (Tumbleweed)
NetworkManager: # ip -6 route show dev wlp2s0 2001:xxxx:xxxx:xxxx::/64 via fe80::7eff:4dff:fea9:7368 proto ra metric 600 pref medium fe80::/64 proto kernel metric 600 pref medium default via fe80::7eff:4dff:fea9:7368 proto ra metric 600 pref medium
wicked: # ip -6 route show dev wlp2s0 2001:xxxx:xxxx:xxxx::/64 proto kernel metric 256 expires 6976sec pref medium
I have NM 1.26.2-1.2 too, but no via_fe80 option is used for the local network.
You probably don't have DHCPv6 enabled on your network then. It seems NetworkManager is thoroughly confused by that since recently. Which is fairly strange, since systemd-networkd, wicked and Windows 10 clients deal with that just fine. I have a hunch that NetworkManager is at fault here.
Which suggests to me to look into the RA packet for obvious differences to a normal router... such as extra routes with a gateway.
There is absolutely nothing extraordinary in the RA packets. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wednesday 2020-09-02 10:31, Arjen de Korte wrote:
# ip -6 route show dev wlp2s0 2001:xxxx:xxxx:xxxx::/64 via fe80::7eff:4dff:fea9:7368 proto ra metric 600
I have NM 1.26.2-1.2 too, but no via_fe80 option is used for the local network.
You probably don't have DHCPv6 enabled on your network then.
There is DHCPv6 enabled (NM defaults to it), and the router offers dhcp6 replies (verified by tcpdump). -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 9/2/20 4:39 AM, Jan Engelhardt wrote:
There is DHCPv6 enabled (NM defaults to it), and the router offers dhcp6 replies (verified by tcpdump).
Every IPv6 capable device has a link local (fe80::) address, whether the ISP provides IPv6 or not, and you can ping it. Public addresses start with 2 or 3. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wednesday 2020-09-02 14:58, James Knott wrote:
On 9/2/20 4:39 AM, Jan Engelhardt wrote:
There is DHCPv6 enabled (NM defaults to it), and the router offers dhcp6 replies (verified by tcpdump).
Every IPv6 capable device has a link local (fe80::) address, whether the ISP provides IPv6 or not, and you can ping it. Public addresses start with 2 or 3.
But what does that have to do with a route appearing that contains a gateway address? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 9/2/20 9:32 AM, Jan Engelhardt wrote:
Every IPv6 capable device has a link local (fe80::) address, whether the ISP provides IPv6 or not, and you can ping it. Public addresses start with 2 or 3. But what does that have to do with a route appearing that contains a gateway address?
???? Every route needs some sort of gateway address. With IPv6, it's often a link local address. For example, here's the one for my ISP: fe80::217:10ff:fe9a:a199 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wednesday 2020-09-02 15:42, James Knott wrote:
On 9/2/20 9:32 AM, Jan Engelhardt wrote:
Every IPv6 capable device has a link local (fe80::) address, whether the ISP provides IPv6 or not, and you can ping it. Public addresses start with 2 or 3. But what does that have to do with a route appearing that contains a gateway address?
????
Every route needs some sort of gateway address.
What a load of rubbish. » ip r l ... 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.73 metric 100 Direct connected ("on-link"). No gateway. Go get an LPI or something. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 9/2/20 10:15 AM, Jan Engelhardt wrote:
Every route needs some sort of gateway address. What a load of rubbish.
» ip r l ... 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.73 metric 100
Direct connected ("on-link"). No gateway. Go get an LPI or something.
If it's on link, it's not being routed anywhere. Sure, you can set up an isolated network that connects to nothing else and it will work fine for accessing anything on that local network, as you're not routing anywhere. However, if you want to reach other networks, that's where routing comes in and you need some way to reach elsewhere. That is usually a gateway or router address, but it could even be nothing more than just an interface on a point to point link. BTW, I'm a Cisco CCNA. I have also completed TCP/IP courses at a local community college and IBM, in addition to a lot of reading and self study. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wednesday 2020-09-02 16:31, James Knott wrote:
On 9/2/20 10:15 AM, Jan Engelhardt wrote:
Every route needs some sort of gateway address. What a load of rubbish. [... e.g. "on-link"] If it's on link, it's not being routed anywhere.
It still is a route, as in, an entry in the local computer's routing table. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 9/2/20 11:00 AM, Jan Engelhardt wrote:
If it's on link, it's not being routed anywhere. It still is a route, as in, an entry in the local computer's routing table.
In IP, routing means connecting to other networks. In fact, that was the original purpose of the Internet. Way back in the dark ages, there were a lot of different network types, such as Ethernet, token ring, ARCNet, DECNet, SNA, IPX and more. They couldn't talk to each other. The goal of the Internet was to provide some means to tie them together. So, right from the start, if you were using IP, then you were very likely connecting between networks. Conversely, routing is not used when connecting among devices on the local LAN. If you can read the MAC address for another device, you're not routing. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 02.09.20 um 17:00 schrieb Jan Engelhardt:
On Wednesday 2020-09-02 16:31, James Knott wrote:
On 9/2/20 10:15 AM, Jan Engelhardt wrote:
Every route needs some sort of gateway address. What a load of rubbish. [... e.g. "on-link"] If it's on link, it's not being routed anywhere.
It still is a route, as in, an entry in the local computer's routing table.
I've opened a bug report with this issue some days ago: https://bugzilla.suse.com/show_bug.cgi?id=1175641 All IPv6 packets are sending to the router - even for neighbours in the LAN. This *could* be OK, because the router informs the client that he could sent the packet directly ("ICMPv6 redirect (Code 137)"). However, Tumbleweed ignores the redirect: # sudo sysctl net.ipv6.conf.enp0s25.accept_redirects net.ipv6.conf.enp0s25.accept_redirects = 0 Dominik -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Arjen de Korte wrote:
NetworkManager 1.26.2-1.2 (Tumbleweed)
I just noticed that IPv6 (WiFi) seems to be broken when using NetworkManager for network configuration. IPv6 in the LAN seems to be unaffected, but WAN traffic is completely broken. All is well when using wicked however, so I suspect a change in NetworkMananger broke it recently (it has worked in the past). Anyone else noticed problems with this?
NetworkManager: # ip -6 route show dev wlp2s0 2001:xxxx:xxxx:xxxx::/64 via fe80::7eff:4dff:fea9:7368 proto ra metric 600 pref medium fe80::/64 proto kernel metric 600 pref medium default via fe80::7eff:4dff:fea9:7368 proto ra metric 600 pref medium
wicked: # ip -6 route show dev wlp2s0 2001:xxxx:xxxx:xxxx::/64 proto kernel metric 256 expires 6976sec pref medium fe80::/64 proto kernel metric 256 pref medium default via fe80::7eff:4dff:fea9:7368 proto ra metric 1024 expires 1576sec mtu 1472 hoplimit 255 pref medium
Unless I completely misread those two, although they are different, the end effect should be the same? It is odd to have that extra via on the 2001 route, but does it cause any problems ? -- Per Jessen, Zürich (19.9°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wednesday 2020-09-02 16:08, Per Jessen wrote:
NetworkManager: 2001:xxxx:xxxx:xxxx::/64 via fe80::7eff:4dff:fea9:7368 proto ra metric 600 pref medium
2001:xxxx:xxxx:xxxx::/64 proto kernel metric 256 expires 6976sec pref medium
Unless I completely misread those two, although they are different, the end effect should be the same? It is odd to have that extra via on the 2001 route, but does it cause any problems ?
Yes. - local network 2001:x::/64 - own machine 2001:x::1 - other machine on your LAN 2001:x::2 - ping packet from 2001:x::1 to 2001:x::2 is routed via fe80::7368[router], due to faulty route table entry - fe80::7368 would need to forward it (input interface equal to output interface is a suspect action, it's prone to packet looping, or indicative of (abused) proxies and amplification attacks) - ping response from 2001:x::2 to 2001:x::1 is direct, because of a proper route table in the 2001:x::2 machine. - 2001:x::1 may discards said ping response because it did not come from the gateway enlisted for the source address ("reverse path filtering"). -> possible nonfunctional v6 networking for communications between 2001:x::/64 and 2001:x::1, depending on firewall settings. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Jan Engelhardt wrote:
On Wednesday 2020-09-02 16:08, Per Jessen wrote:
NetworkManager: 2001:xxxx:xxxx:xxxx::/64 via fe80::7eff:4dff:fea9:7368 proto ra metric 600 pref medium
2001:xxxx:xxxx:xxxx::/64 proto kernel metric 256 expires 6976sec pref medium
Unless I completely misread those two, although they are different, the end effect should be the same? It is odd to have that extra via on the 2001 route, but does it cause any problems ?
Yes.
- local network 2001:x::/64 - own machine 2001:x::1 - other machine on your LAN 2001:x::2 - ping packet from 2001:x::1 to 2001:x::2 is routed via fe80::7368[router], due to faulty route table entry
Ah, yes of course, duh! FWIW, I've just tried enabling NM on a TW machine, I did not get such an extra via: office25:~ # ip -6 route show dev eth0 2a03:7520:b334:1::/64 dev eth0 proto ra metric 100 pref medium fe80::/64 dev eth0 proto kernel metric 100 pref medium default via fe80::1 dev eth0 proto ra metric 100 pref medium The network has radvd and dhcpv6 (for hostnames only), and it looks like NM chose to enable the privacy settings when it generated the LL address. Which duid does NM use ? -- Per Jessen, Zürich (20.9°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Per Jessen wrote:
The network has radvd and dhcpv6 (for hostnames only), and it looks like NM chose to enable the privacy settings when it generated the LL address.
Please ignore that gobbledegook, I forgot I changed the hardware yesterday. -- Per Jessen, Zürich (0.0°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (5)
-
Arjen de Korte -
James Knott -
Jan Engelhardt -
Per Jessen -
suse@kabelfunk.de