No IPv6 traffic (Init7)

JKnott

Sometimes the best thing to do is start from scratch. Very often it's possible to mess something up, without realizing it.

One thing you could do is capture the entire DHCPv6 sequence and post the capture file here.

syhm

@noviceiii

Gerne, kriegen wir schon hin :) This is a similar setup, except for /48 in your case everything should be the same.

Please post the dhcp6c log. Maybe we can find something there.

noviceiii

@seyfidin
Dankeschön soweit! Leider hatte ich bis anhin kein Glück.

I have installed a vanilla pfsense on my proxmox and have a distinct IPv4 and IPv6 pfsense running in parallel (rather convenient actually).

The "new" IPv6-Pfsense behaves the same as my original installation. I have again, a link local on the WAN side and a static/DHCP (and working) LAN side. IPv6 traffic does not go through and is blocked with IPv6 default block rule. Hurray, I can replicate non-working things with high probability. :-)

Please find below the DHCP log (you might ignore messages about the rouge DHCP server, thats from the parallel setup and former DHCPv6 server).

TIME	Process	PID	Message
01.07.31 22:54	dhcpd	26047	send_packet6: No route to host
01.07.31 22:54	dhcpd	26047	dhcpv6: send_packet6() sent -1 of 84 bytes
01.07.31 22:54	dhcpd	26047	Solicit message from fe80::aaaa:bbbb:cccc:ae41 port 546, transaction ID 0x252D3200
01.07.31 22:54	dhcpd	26047	Picking pool address 2a02:XXXX:XXXX:3::2000
01.07.31 22:54	dhcpd	26047	Advertise NA: address 2a02:XXXX:XXXX:3::2000 to client with duid 00:01:00:01:2a:6a:b2:7d:3c:06:30:31:a2:8b iaid = 0 valid for 7200 seconds
01.07.31 22:54	dhcpd	26047	Sending Advertise to fe80::aaaa:bbbb:cccc:ae41 port 546
01.07.31 22:54	dhcpd	26047	send_packet6: No route to host
01.07.31 22:54	dhcpd	26047	dhcpv6: send_packet6() sent -1 of 84 bytes
01.07.31 22:55	dhcpd	26047	Solicit message from fe80::8f4:xxxxx:9278 port 546, transaction ID 0x6EA16000
01.07.31 22:55	dhcpd	26047	Picking pool address 2a02:XXXX:XXXX:3::2000
01.07.31 22:55	dhcpd	26047	Advertise NA: address 2a02:XXXX:XXXX:3::2000 to client with duid 00:02:00:00:ab:11:f7:a9:50:ab:cf:12:80:15 iaid = -900527782 valid for 7200 seconds
01.07.31 22:55	dhcpd	26047	Sending Advertise to fe80::xxxxx:9278 port 546
01.07.31 22:55	dhcpd	26047	send_packet6: No route to host
01.07.31 22:55	dhcpd	26047	dhcpv6: send_packet6() sent -1 of 84 bytes
01.07.31 22:55	dhcpd	26047	Solicit message from XXXXX port 546, transaction ID 0x51988400
01.07.31 22:55	dhcpd	26047	Discarding Renew from fe80::aaa2:bbb2:ccc2:3cac; not our server identifier (CLIENTID 00:04:0c:55:e2:3b:db:f7:b8:6b:eb:6b:40:18:1e:0d:47:62, SERVERID 00:01:00:01:2a:77:00:16:06:14:dc:19:57:d9, server DUID 00:01:00:01:2a:79:a7:5e:9e:f5:c6:fb:d1:7b)
01.07.31 22:55	dhcpd	26047	Solicit message from XXXXX port 546, transaction ID 0x51988400
01.07.31 22:55	dhcpd	26047	Picking pool address 2a02:XXXX:XXXX:3::2000
01.07.31 22:55	dhcpd	26047	Advertise NA: address 2a02:XXXX:XXXX:3::2000 to client with duid 00:03:00:01:00:11:32:0d:81:f7 iaid = 839746039 valid for 7200 seconds
01.07.31 22:55	dhcpd	26047	Sending Advertise to fe80::xxxxxxxxxx port 546
01.07.31 22:55	dhcpd	26047	send_packet6: No route to host
01.07.31 22:55	dhcpd	26047	dhcpv6: send_packet6() sent -1 of 80 bytes
01.07.31 22:55	dhcpd	26047	Solicit message from XXXXX port 546, transaction ID 0x51988400
01.07.31 22:55	dhcpd	26047	Picking pool address 2a02:XXXX:XXXX:3::2000
01.07.31 22:55	dhcpd	26047	Advertise NA: address 2a02:XXXX:XXXX:3::2000 to client with duid 00:02:00:00:ab:11:e6:87:ce:95:e3:b5:db:58 iaid = -900527782 valid for 7200 seconds
01.07.31 22:55	dhcpd	26047	Sending Advertise to fe80::xxxxxx port 546

I gain the impression, my issue is related to proxmox or the unifi switches...

So long,
n3

syhm

@noviceiii

Unfortunately the log doesn't show the dhcp6c process. Just set the filter like in the picture in my previous post. Thats the process we need to look into.

noviceiii

@syhm said in No IPv6 traffic (Init7):

dhcp6c

Thank you. Thats the full log more or less. There are no more entries. And no entries related with process dhcp6c.

Is it the intention to see the dhcp settings releated to the WAN side?

JKnott

@syhm said in No IPv6 traffic (Init7):

Unfortunately the log doesn't show the dhcp6c process.

Try this.

noviceiii

@jknott

Uugh. I need a moment to prepare that setup... I did a packet capture session for now.

(fe80::aaaa:bbbb:cccc:4b11 is the link local address of the WAN port)

22:34:10.389487 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:fff3:4b11: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::aaaa:bbbb:cccc:4b11
	  unknown option (14), length 8 (1): 
	    0x0000:  24e4 2075 0d32
22:34:12.505358 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::aaaa:bbbb:cccc:4b11 > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
	  source link-address option (1), length 8 (1): ae:2e:85:f3:4b:11
	    0x0000:  ae2e 85f3 4b11
22:34:16.510649 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::aaaa:bbbb:cccc:4b11 > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
	  source link-address option (1), length 8 (1): ae:2e:85:f3:4b:11
	    0x0000:  ae2e 85f3 4b11
22:34:20.535123 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::aaaa:bbbb:cccc:4b11 > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
	  source link-address option (1), length 8 (1): ae:2e:85:f3:4b:11
	    0x0000:  ae2e 85f3 4b11

JKnott

@noviceiii

Please upload the capture file. It contains a lot more info that what you show. When you open it in Wireshark, you can see a lot of detail.

Here's an example of one I did a few years ago.
DHCPv6 Solicit and Renew.pcapng

noviceiii

@jknott said in No IPv6 traffic (Init7):

show full capture file

A long time ago that I used wireshark, my old friend.... Please see the capture file attached this post (not much of use in it I guess).

dhcp-ipv6-capture.cap

JKnott

@noviceiii

I thought you had a problem with dhcpv6. There is none of that in the capture. You have to filter on port 546 or 547 to capture dhcpv6.

noviceiii

@jknott
I unfortunately haven't got the slightest idea what to investigate. Mybe its DHCP, maybe its something else... So far, I went through anything, tryed any combination on the WAN interface settings, googled (people with the same setup/ provider habe a working environment with the settings stated in the initial post) - I even checked the cables and switches.

I just don't get any traffic on IPv6 on the WAN-side. LAN-side works well and I can reach the LAN side of pfsense by its (LAN-)IPv6 address.

What I see, is that any traffic is blocked by a default rule

Default deny rule IPv6

and a pending gateway

@syhm was asking for dhcp6c log entries, which I have found eventualy under "general".
Its as below and only just this repeating.

Aug 9 22:46:15	php	420	rc.bootup: Unbound start waiting on dhcp6c.
Aug 9 22:46:16	php	420	rc.bootup: Unbound start waiting on dhcp6c.
Aug 9 22:46:17	php	420	rc.bootup: Unbound start waiting on dhcp6c.
Aug 9 22:46:18	php	420	rc.bootup: Unbound start waiting on dhcp6c.

However, the interfaces seem to be.. well... there

So long....
n3

JKnott

@noviceiii

Start by providing the dhcpv6 capture file as I have now requested a couple of times. Here again are the instructions.

noviceiii

@jknott
Roger that.
There isn't actually any thing more than what was captured in the attached file above. There is just nothing related to IPv6 coming on that WAN port.

I'll connect a laptop directly to the switch but need to organize an ethernet dongle first and reconfigure the switch (the only non-company-locked laptop I have at hand has a USB C port only).

I'll report back. Takes a moment.

JKnott

@noviceiii

There is a lot more in a capture file than what you have provided. That's why I keep asking for it. To fully see what's happening, you examine the actual capture file with Wireshark. This will provide a lot more info than you have.

JKnott

@noviceiii

Here's an example of what I'm looking for in the captures. This is just part of one packet of 8.