I ended up cheating by having this setup enable both wide-dhcpv6 for the IP address, and SLAAC for the routing information. It's really odd how the configuration built into the system doesn't allow it.
/etc/network/interfaces > auto eth-external > iface eth-external inet dhcp > pre-up modprobe ipv6 > post-up /etc/init.d/wide-dhcpv6-client start > pre-down /etc/init.d/wide-dhcpv6-client stop > > iface eth-external inet6 auto /etc/wide-dhcpv6/dhcp6c.conf > interface eth-external { > send ia-na 1; > send rapid-commit; > script "/etc/wide-dhcpv6/dhcp6c-script"; > }; > > id-assoc na 1 { }; Why in the world does enabling DHCPv6 for the IP address cause the kernel to ignore router advertisements? That's a common use case for IPv6. Thank you, - Neil On Thu, Nov 14, 2019 at 07:01:47PM -0800, Neil E. Hodges wrote: > Hello everybody, > > I've been having a bear of a time trying to get my Debian Buster-based router > to operate with Comcast's native IPv6 configuration. I'm not looking > for prefix delegation, just a public address and a default gateway. I'm > using the ISC DHCP client for both v4 and v6 since it's generally worked > for me other than this. > > I've tried two approaches, with eth-external being the name I configured > for the interface in udev. > > 1. iface eth-external inet6 dhcp > > This gets me an IPv6 address just fine, but no route whatsoever unless I > manually configure it. I see the router advertisements coming in when > running tcpdump, but the kernel just disregards them. > > 2. iface eth-external inet6 auto > dhcp 1 > request_prefix 1 > > This usually gets me a /64 prefix and a route, but not an IPv6 address. > > The usual sysctl suspects don't reveal anything significant: > > > # sysctl -a | grep -i 'eth-external.*ra' > > net.ipv4.conf.eth-external.drop_gratuitous_arp = 0 > > net.ipv4.neigh.eth-external.retrans_time_ms = 1000 > > net.ipv6.conf.eth-external.accept_ra = 2 > > net.ipv6.conf.eth-external.accept_ra_defrtr = 1 > > net.ipv6.conf.eth-external.accept_ra_from_local = 0 > > net.ipv6.conf.eth-external.accept_ra_min_hop_limit = 1 > > net.ipv6.conf.eth-external.accept_ra_mtu = 1 > > net.ipv6.conf.eth-external.accept_ra_pinfo = 1 > > net.ipv6.conf.eth-external.accept_ra_rt_info_max_plen = 0 > > net.ipv6.conf.eth-external.accept_ra_rt_info_min_plen = 0 > > net.ipv6.conf.eth-external.accept_ra_rtr_pref = 1 > > net.ipv6.conf.eth-external.dad_transmits = 1 > > net.ipv6.conf.eth-external.suppress_frag_ndisc = 1 > > net.ipv6.neigh.eth-external.retrans_time_ms = 1000 > > And no packets are being dropped, as I have rules to allow ICMPv6 and > DHCP: > > -A INPUT -p ipv6-icmp -j ACCEPT > > -A INPUT -s fe80::/10 -i eth-external -p udp -m udp --sport 546 --dport 547 > > -j ACCEPT > > -A INPUT -s fe80::/10 -i eth-external -p udp -m udp --sport 547 --dport 546 > > -j ACCEPT > > Nothing is logged matching those, and, again, tcpdump shows the RAs > coming in. > > I've been fighting this for the past few weeks, and nothing I've found > when searching online has helped. I've also seen odd cases where I'm > able to get both a public IPv6 address and a default gateway, but only > on rare occasions. > > Does anybody have any suggestions? > > Thank you, > > - Neil