Diagnosing dhcpcd failure to recognize DHCPv6 & ICMPv6 advertisements

[pgalbraith]

I'm stumped trying to figure out why dhcpcd is not recognizing dhcpv6 and icmpv6 advertisements being sent from my ISP. I have a multihomed OpenBSD router and dhcpcd is working nicely on interface em0, but I'm unable to get it to configure ip6 on the em1 interface with my second ISP.

Trimming down my config to focus just on the problem interface, I've tried this:

controlgroup wheel
duid
persistent
vendorclassid
option domain_name_servers, domain_name, domain_search
option classless_static_routes
option interface_mtu
option host_name
option rapid_commit
require dhcp_server_identifier
slaac private
nohook resolv.conf
nogateway
ipv6ra_noautoconf
debug
allowinterfaces em1

interface em1
        ipv6only
        ia_na 1
        ia_pd 1 -

In the logs I only see:

Sep 21 12:56:44 argonath dhcpcd[11968]: dhcpcd-10.0.6 starting
Sep 21 12:56:44 argonath dhcpcd[40315]: DUID 00:01:00:01:2e:80:a5:3d:00:0d:b9:5c:f3:74
Sep 21 12:56:44 argonath dhcpcd[40315]: em1: IAID b9:5c:f3:75
Sep 21 12:56:44 argonath dhcpcd[40315]: em1: IA type 3 IAID 00:00:00:01
Sep 21 12:56:44 argonath dhcpcd[40315]: em1: IA type 25 IAID 00:00:00:01
Sep 21 12:56:44 argonath dhcpcd[40315]: em1: soliciting a DHCPv6 lease
Sep 21 12:56:45 argonath dhcpcd[40315]: em1: soliciting an IPv6 router
Sep 21 12:56:57 argonath dhcpcd[40315]: em1: no IPv6 Routers available
Sep 21 12:57:14 argonath dhcpcd[40315]: timed out

Hooks are only being called with reasons PREINIT and CARRIER, nothing else.

This is the related traffic I see on em1:

dhcpv6-em1.zip

I see repeated router and dhcpv6 solicitations being sent by dhcpcd, and my ISP is responding, but dhcpcd is not recognizing the ISP advertisements for some reason which I don't understand. Can anyone offer any insight?

[rsmarples]

Are you running a separate instance of dhcpcd on em1? That could be the issue.
Try killing all dhcpcd instances and force manager mode via the -M flag or add the command manager to dhcpcd.conf

[pgalbraith]

No I don't think so. The above config was tried (and dhcpcd restarted) with only the one interface specified, the problem seems to be the particular interface/ISP response, rather than multiple interfaces. These are the running processes I have:

_dhcpcd  55575  0.0  0.0  1536  1928 ??  Ipc     7:41PM    0:00.06 dhcpcd: [manager] [ip4] [ip6] (dhcpcd)
root     23947  0.0  0.0  1340  1536 ??  I       7:41PM    0:00.04 dhcpcd: [privileged proxy] (dhcpcd)
_dhcpcd  12991  0.0  0.0  1340  1396 ??  Ipc     7:41PM    0:00.00 dhcpcd: [network proxy] (dhcpcd)
_dhcpcd  59819  0.0  0.0  1280  1368 ??  Ipc     7:41PM    0:00.00 dhcpcd: [control proxy] (dhcpcd)
_dhcpcd  36660  0.0  0.0  1372  1396 ??  Ipc     7:41PM    0:00.00 dhcpcd: [BPF ARP] em0 209.216.110.133 (dhcpcd)
_dhcpcd  33727  0.0  0.0  1372  1348 ??  Ipc     7:42PM    0:00.00 dhcpcd: [BPF ARP] em1 192.0.184.134 (dhcpcd)

Adding managed to dhcpcd.conf does not seem to make any difference.

[rsmarples]

So, looking at the logs we send a RS and a DHCP6 Solicitation. Looking at the trace we receive replies to each but they don't reach dhcpcd - otherwise it would have logged something in debug mode which you have enabled in your config.

So if there is no other process eating them then you must have something else in the way like say a firewall?

[pgalbraith]

...erf...yes...it seems to be the firewall. I just needed to change pf.conf to allow icmp6 & dhcpv6 through on both wan interfaces, rather than trying to allow it for the 'egress' interface group (for anyone using obsd: it seems manually flagging an interface as group egress will be undone by the kernel when default routes change). Sorry for wasting your time! 🤦

[rsmarples]

It's not a waste of time. People think that because DHCP can bypass a firewall, DHCPv6 can as well and that isn't the case :)