No IPv6 traffic (Init7)
-
Sometimes the best thing to do is start from scratch. Very often it's possible to mess something up, without realizing it.
One thing you could do is capture the entire DHCPv6 sequence and post the capture file here.
-
Gerne, kriegen wir schon hin :) This is a similar setup, except for /48 in your case everything should be the same.
Please post the dhcp6c log. Maybe we can find something there.
-
-
@seyfidin
Dankeschön soweit! Leider hatte ich bis anhin kein Glück.I have installed a vanilla pfsense on my proxmox and have a distinct IPv4 and IPv6 pfsense running in parallel (rather convenient actually).
The "new" IPv6-Pfsense behaves the same as my original installation. I have again, a link local on the WAN side and a static/DHCP (and working) LAN side. IPv6 traffic does not go through and is blocked with IPv6 default block rule. Hurray, I can replicate non-working things with high probability. :-)
Please find below the DHCP log (you might ignore messages about the rouge DHCP server, thats from the parallel setup and former DHCPv6 server).
TIME Process PID Message 01.07.31 22:54 dhcpd 26047 send_packet6: No route to host 01.07.31 22:54 dhcpd 26047 dhcpv6: send_packet6() sent -1 of 84 bytes 01.07.31 22:54 dhcpd 26047 Solicit message from fe80::aaaa:bbbb:cccc:ae41 port 546, transaction ID 0x252D3200 01.07.31 22:54 dhcpd 26047 Picking pool address 2a02:XXXX:XXXX:3::2000 01.07.31 22:54 dhcpd 26047 Advertise NA: address 2a02:XXXX:XXXX:3::2000 to client with duid 00:01:00:01:2a:6a:b2:7d:3c:06:30:31:a2:8b iaid = 0 valid for 7200 seconds 01.07.31 22:54 dhcpd 26047 Sending Advertise to fe80::aaaa:bbbb:cccc:ae41 port 546 01.07.31 22:54 dhcpd 26047 send_packet6: No route to host 01.07.31 22:54 dhcpd 26047 dhcpv6: send_packet6() sent -1 of 84 bytes 01.07.31 22:55 dhcpd 26047 Solicit message from fe80::8f4:xxxxx:9278 port 546, transaction ID 0x6EA16000 01.07.31 22:55 dhcpd 26047 Picking pool address 2a02:XXXX:XXXX:3::2000 01.07.31 22:55 dhcpd 26047 Advertise NA: address 2a02:XXXX:XXXX:3::2000 to client with duid 00:02:00:00:ab:11:f7:a9:50:ab:cf:12:80:15 iaid = -900527782 valid for 7200 seconds 01.07.31 22:55 dhcpd 26047 Sending Advertise to fe80::xxxxx:9278 port 546 01.07.31 22:55 dhcpd 26047 send_packet6: No route to host 01.07.31 22:55 dhcpd 26047 dhcpv6: send_packet6() sent -1 of 84 bytes 01.07.31 22:55 dhcpd 26047 Solicit message from XXXXX port 546, transaction ID 0x51988400 01.07.31 22:55 dhcpd 26047 Discarding Renew from fe80::aaa2:bbb2:ccc2:3cac; not our server identifier (CLIENTID 00:04:0c:55:e2:3b:db:f7:b8:6b:eb:6b:40:18:1e:0d:47:62, SERVERID 00:01:00:01:2a:77:00:16:06:14:dc:19:57:d9, server DUID 00:01:00:01:2a:79:a7:5e:9e:f5:c6:fb:d1:7b) 01.07.31 22:55 dhcpd 26047 Solicit message from XXXXX port 546, transaction ID 0x51988400 01.07.31 22:55 dhcpd 26047 Picking pool address 2a02:XXXX:XXXX:3::2000 01.07.31 22:55 dhcpd 26047 Advertise NA: address 2a02:XXXX:XXXX:3::2000 to client with duid 00:03:00:01:00:11:32:0d:81:f7 iaid = 839746039 valid for 7200 seconds 01.07.31 22:55 dhcpd 26047 Sending Advertise to fe80::xxxxxxxxxx port 546 01.07.31 22:55 dhcpd 26047 send_packet6: No route to host 01.07.31 22:55 dhcpd 26047 dhcpv6: send_packet6() sent -1 of 80 bytes 01.07.31 22:55 dhcpd 26047 Solicit message from XXXXX port 546, transaction ID 0x51988400 01.07.31 22:55 dhcpd 26047 Picking pool address 2a02:XXXX:XXXX:3::2000 01.07.31 22:55 dhcpd 26047 Advertise NA: address 2a02:XXXX:XXXX:3::2000 to client with duid 00:02:00:00:ab:11:e6:87:ce:95:e3:b5:db:58 iaid = -900527782 valid for 7200 seconds 01.07.31 22:55 dhcpd 26047 Sending Advertise to fe80::xxxxxx port 546
I gain the impression, my issue is related to proxmox or the unifi switches...
So long,
n3 -
Unfortunately the log doesn't show the dhcp6c process. Just set the filter like in the picture in my previous post. Thats the process we need to look into.
-
@syhm said in No IPv6 traffic (Init7):
dhcp6c
Thank you. Thats the full log more or less. There are no more entries. And no entries related with process dhcp6c.
Is it the intention to see the dhcp settings releated to the WAN side?
-
@syhm said in No IPv6 traffic (Init7):
Unfortunately the log doesn't show the dhcp6c process.
-
Uugh. I need a moment to prepare that setup... I did a packet capture session for now.
(fe80::aaaa:bbbb:cccc:4b11 is the link local address of the WAN port)
22:34:10.389487 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:fff3:4b11: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::aaaa:bbbb:cccc:4b11 unknown option (14), length 8 (1): 0x0000: 24e4 2075 0d32 22:34:12.505358 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::aaaa:bbbb:cccc:4b11 > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): ae:2e:85:f3:4b:11 0x0000: ae2e 85f3 4b11 22:34:16.510649 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::aaaa:bbbb:cccc:4b11 > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): ae:2e:85:f3:4b:11 0x0000: ae2e 85f3 4b11 22:34:20.535123 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::aaaa:bbbb:cccc:4b11 > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): ae:2e:85:f3:4b:11 0x0000: ae2e 85f3 4b11
-
Please upload the capture file. It contains a lot more info that what you show. When you open it in Wireshark, you can see a lot of detail.
Here's an example of one I did a few years ago.
DHCPv6 Solicit and Renew.pcapng -
@jknott said in No IPv6 traffic (Init7):
show full capture file
A long time ago that I used wireshark, my old friend.... Please see the capture file attached this post (not much of use in it I guess).
-
I thought you had a problem with dhcpv6. There is none of that in the capture. You have to filter on port 546 or 547 to capture dhcpv6.
-
@jknott
I unfortunately haven't got the slightest idea what to investigate. Mybe its DHCP, maybe its something else... So far, I went through anything, tryed any combination on the WAN interface settings, googled (people with the same setup/ provider habe a working environment with the settings stated in the initial post) - I even checked the cables and switches.I just don't get any traffic on IPv6 on the WAN-side. LAN-side works well and I can reach the LAN side of pfsense by its (LAN-)IPv6 address.
What I see, is that any traffic is blocked by a default rule
Default deny rule IPv6
and a pending gateway
@syhm was asking for dhcp6c log entries, which I have found eventualy under "general".
Its as below and only just this repeating.Aug 9 22:46:15 php 420 rc.bootup: Unbound start waiting on dhcp6c. Aug 9 22:46:16 php 420 rc.bootup: Unbound start waiting on dhcp6c. Aug 9 22:46:17 php 420 rc.bootup: Unbound start waiting on dhcp6c. Aug 9 22:46:18 php 420 rc.bootup: Unbound start waiting on dhcp6c.
However, the interfaces seem to be.. well... there
So long....
n3 -
Start by providing the dhcpv6 capture file as I have now requested a couple of times. Here again are the instructions.
-
@jknott
Roger that.
There isn't actually any thing more than what was captured in the attached file above. There is just nothing related to IPv6 coming on that WAN port.I'll connect a laptop directly to the switch but need to organize an ethernet dongle first and reconfigure the switch (the only non-company-locked laptop I have at hand has a USB C port only).
I'll report back. Takes a moment.
-
There is a lot more in a capture file than what you have provided. That's why I keep asking for it. To fully see what's happening, you examine the actual capture file with Wireshark. This will provide a lot more info than you have.
-
Here's an example of what I'm looking for in the captures. This is just part of one packet of 8.