no ipv6 access - NDP not populating for Android devices
-
Hi there,
honestly, I have exactly the same problem as in this thread since upgrading to pfsense 2.5!
Re: NDP not populating for Android devices on pfSense - no ipv6 access
But the system asked me to create a new topic....I have the following setup:
- DHCPv6 / RA:
SLAAC + Stateless DHCP + DNS via DHCPv6
interface vmx0 { AdvSendAdvert on; MinRtrAdvInterval 5; MaxRtrAdvInterval 20; AdvDefaultLifetime 60; AdvLinkMTU 1500; AdvDefaultPreference medium; AdvManagedFlag off; AdvOtherConfigFlag on; prefix xx:xx:xx:c144::/64 { DeprecatePrefix off; AdvOnLink on; AdvAutonomous on; AdvValidLifetime 86400; AdvPreferredLifetime 14400; }; route ::/0 { AdvRoutePreference medium; RemoveRoute on; }; RDNSS xx:xx:xx:c144::2 { AdvRDNSSLifetime 60; }; DNSSL hosts.example.com { }; };option domain-name "hosts.example.com"; option ldap-server code 95 = text; option domain-search-list code 119 = text; default-lease-time 7200; max-lease-time 86400; log-facility local7; one-lease-per-client true; deny duplicates; ping-check true; update-conflict-detection false; authoritative; subnet6 xx:xx:xx:c144::/64 { range6 xx:xx:xx:c144::1000 xx:xx:xx:c144::9000; do-forward-updates false; option dhcp6.name-servers xx:xx:xx:c144::2; } ddns-update-style none;An IPv6 connection with Windows 10 works without any problem. With Android 12 (Pixel 4a) unfortunately not.
A packet capture for the device in question:
My guess is, that the ICMPv6 Neighbor Advertisment (Type: 136) for the advertised prefix (Packet 1693: ICMPv6 Router Advertisement Type 134) is missing and therefor the NDP-Table is empty.
After pinging the pfsense Interface (or the IPv6 CARP interface c144::1) the connection is up and running:
Does anyone have any idea what is going on?
Best
Helge - DHCPv6 / RA:
-
@der-helge said in no ipv6 access - NDP not populating for Android devices:
My guess is, that the ICMPv6 Neighbor Advertisment (Type: 136) for the advertised prefix (Packet 1693: ICMPv6 Router Advertisement Type 134) is missing and therefor the NDP-Table is empty.
Instead of guessing do some packet captures to see what's actually happening.
-
@jknott said in no ipv6 access - NDP not populating for Android devices:
Instead of guessing do some packet captures to see what's actually happening.
Hi, well... the NA is obviously missing as could be seen in the first depicted packet capture.
My guess was more or less a first: "this could lead to the problem". Misleading informations, sorry for that.
-
When you post a packet capture, attach the capture file. Screen captures don't tell you much. Also, DHCPv6 doesn't work with Android devices. You can thank some genius at Google for that. RDNSS, which is part of the RA, is used. Further, even if you don't get DNS via IPv6, it should still work via IPv4. Both protocols carry exactly the same info. Also, that pink capture above shows only link local addresses. Where are the GUA addresses?
Run packet capture on ICMP6 to catch several frames and attach the capture so we can see what's happening. I can then examine the frames with Wireshark.
-
@jknott
thank you very much for your answer. I am aware that various clients (Android) have problems with DHCPv6. Therefore SLAAC is configured and the screenshots are limited to ICMPv6. The GUA addresses are those in the screenshots with :c144::/64. But you're right: There is something missing (ICMPv6 NA as said earlier). That's why i added a second screenshot (with pinging the gateway).Thank you very much for looking at the packet captures. They are anonymised with Tracewrangler and limited to the MAC-Address (eth.addr) of the android device and IPv6 in general.
android-pixel-unsucessful-ipv6-only_anon.pcapng
android-pixel-ping-gateway-ipv6-only_anon.pcapng -
I don't see anything obvious in the capture. However, running DHCPv6 bothers me. I don't use it here, only SLAAC. Try running without DHCPv6 and with the router mode set to unmanaged. You don't need DHCPv6 for DNS addresses, as they are already provided by RDNSS in the RA.
-
Well... Actually i had quite the same problem as in the referenced thread: The issue was also caused by the WLAN infrastructure (but ExtremeNetworks AP130 AP250 Firmware 10.3.x). I have connected the conspicuous devices to the "WIFI VLAN" via USB-RJ45 adapter and have not seen any problems in the IPv6 connectivity.
I also made a case to the WIFI vendor.... Sorry for the noice.
