No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....

jagdtigger

Good evening!

So i have to deal with a stubborn ISP here. When i 1st wrote to them they said they fixed it, no change. Then the 2nd time they basically brushed me off. Can someone recommend a guide or something on how i can find out what twisted BS config the ISP is running on their side?

Tanks in advance!

the other

@jagdtigger hey there,
might be helpful to know what your ISP is offering...a little bit more information helps getting on the right track.
:)

jagdtigger

@the-other
Not much im afraid, no concrete recommendations or specific information from the ISP. The router gets an address, dns servers, and a /56 prefix through dhcpv6, idk when and why but i set it to not wait for RA. I did a packet capture on WAN restricted to IPv6 and all i can see is the dhcpv6 and neighbor solicitation/advertisement packets.....

JKnott

@jagdtigger said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

So i have to deal with a stubborn ISP here. When i 1st wrote to them they said they fixed it, no change. Then the 2nd time they basically brushed me off. Can someone recommend a guide or something on how i can find out what twisted BS config the ISP is running on their side?

I just ran Packet Capture on my WAN interface, filtering on ICMPv6, and did not see any RAs. On the other hand, I examined a DHCPv6 packet capture and found it had info such as prefix, etc.. Are you sure your ISP uses RAs? Mine doesn't seem to. I have a cable modem here.

Capture your full DHCPv6 sequence and see what's in it. You can post the capture file here.

jagdtigger

@jknott said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

@jagdtigger said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

So i have to deal with a stubborn ISP here. When i 1st wrote to them they said they fixed it, no change. Then the 2nd time they basically brushed me off. Can someone recommend a guide or something on how i can find out what twisted BS config the ISP is running on their side?

I just ran Packet Capture on my WAN interface, filtering on ICMPv6, and did not see any RAs. On the other hand, I examined a DHCPv6 packet capture and found it had info such as prefix, etc.. Are you sure your ISP uses RAs? Mine doesn't seem to. I have a cable modem here.

Capture your full DHCPv6 sequence and see what's in it. You can post the capture file here.

Then how the heck my router will know where it should send the packets if no GW is given? I also have a cable modem.
packetcapture (3).cap

(Also have a active HE tunnel.)

the other

@jagdtigger
hey there,
just being curious: what happens if you put "DO not wait fpr RA" inactive?
Here (no cable) it runs well without that setting...

jagdtigger

@the-other said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

@jagdtigger
hey there,
just being curious: what happens if you put "DO not wait fpr RA" inactive?
Here (no cable) it runs well without that setting...

It wont have ipv6 address. I ran a capture overnight limited to ipv6. 0 RA packets.....

JKnott

@jagdtigger said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

Then how the heck my router will know where it should send the packets if no GW is given?

I just looked at a router advertisement and found there's no explicit "GW" listed. Here's the capture:

That's it.

Now on the WAN side, the only thing I could find was this in DHCPv6:

Again, no explicit gateway. However, on both the WAN and LAN, the gateway matches the link local address for DHCPv6 and the RA. So, I expect that's how the GW is determined, rather than explicitly, as in IPv4 DHCP.

JKnott

@jagdtigger said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

packetcapture (3).cap

According to that, your gateway should be "fe80::201:5cff:feb1:da45". Is that correct according to the dashboard?

jagdtigger

@jknott said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

According to that, your gateway should be "fe80::201:5cff:feb1:da45". Is that correct according to the dashboard?

No gateway shown.....

JKnott

@jagdtigger

Please do a capture of the full DHCPv6 sequence, as what you provided was from after pfSense had been running for a while. Also, who's the ISP? Perhaps someone here has experience with them.

jagdtigger

@jknott said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

Please do a capture of the full DHCPv6 sequence, as what you provided was from after pfSense had been running for a while.

Im not at home, wont be until the end of the month. Accessing router via VPN.

@jknott said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

Also, who's the ISP?

Vidanet

/EDIT
Just for good measure i added the fe80 address as a gateway but im nut sure its a good idea. I mean it can change at a drop of a hat.....

jagdtigger

@jknott said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

@jagdtigger

Please do a capture of the full DHCPv6 sequence, as what you provided was from after pfSense had been running for a while. Also, who's the ISP? Perhaps someone here has experience with them.

Here you go:
https://content.section9.me/pfsf/dhcp6.pcap

Sorry for the long delay, things got hectic for me a bit. Also the ISP route is a dead end, wrote to their support. They claimed they fixed the problem but still no RA and wont help any further.... :/

JKnott

@jagdtigger said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

https://content.section9.me/pfsf/dhcp6.pcap

I just took a quick look at that and it appears OK. You have a WAN address 2a03:bf01:12f:cd2b:27d2:fe32:df36:848 and /56 prefix. You're also given a couple of DNS servers. Your complaint was about not seeing a RA on the WAN side, which is not a problem. What problem are you trying to resolve. I don't it mentioned anywhere. Do you see the WAN address? Have you selected /56 for the prefix size?

jagdtigger

@jknott said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

@jagdtigger said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

https://content.section9.me/pfsf/dhcp6.pcap

What problem are you trying to resolve.

No gateway? Without one my router cant do much with the address and prefix.....

JKnott

@jagdtigger

As I mentioned before, your gateway should be fe80::201:5cff:feb1:da45. You shouldn't have to do anything for that to work. Take a look at the source address for the 2nd and 4th packets and you will see that. I just checked mine and it's the same as it was in a packet I captured over 2 years ago. Unlike IPv4, there's no explicit gateway. It's whatever the source address is.

I can only think you changed something that's causing this. Try connecting a computer directly to your modem and see if it works on IPv6. That should help determine where the problem is.

You might also try a new config from scratch, to see if you have something mis-configured. You can save the existing config when you do that.

BTW, where did you try to set a gateway address? I don't recall that setting anywhere for IPv6.

jagdtigger

@jknott said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

@jagdtigger

I can only think you changed something that's causing this. Try connecting a computer directly to your modem and see if it works on IPv6. That should help determine where the problem is.

The only thing i did is enable the option to not wait for RA, otherwise it wont even assign the address to the interface. Spoofed the mac of the router and plugged in one of my laptops:

Same thing, gets address without gateway and no network.

@jknott said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

BTW, where did you try to set a gateway address? I don't recall that setting anywhere for IPv6.

System>Routing

JKnott

@jagdtigger said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

System>Routing

You mean that Use non-local gateway? You should have no reason to be doing that.

If you put your modem into gateway mode, does it work properly, in that computers connected to it get IPv6 addresses? I had a problem with my ISP a few years ago and found even gateway mode didn't work at my next door neighbour. ISPs will generally expect you to try with gateway mode.

jagdtigger

@jknott said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

@jagdtigger said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

System>Routing

You mean that Use non-local gateway?

Nope, all is left default in the "WAN_DHCP6" gateway. I created a 2nd one with the fexx:: address as i wrote earlier, it seems to work for now.

@jknott said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

If you put your modem into gateway mode

What i have is a plain old cable modem without modes, its an arris cm3200.

JKnott

@jagdtigger

If the gateway you use is that fe80::201:5cff:feb1:da45 I mentioned, then I have no idea what the issue is. But if it's working by using that, then I guess leave it the way it is.

BTW, no need to hide link local addresses. Outside of the local LAN or connection, they are irrelevant.