No IPv6 after upgrade to 23.01

Bob.Dig · Mar 16, 2023, 2:02 PM

@jasonreg You have to use another prefix ID. And they don't track LAN but your WAN.

Gertjan · Mar 16, 2023, 2:08 PM

This :

doesn't mean you will get more then one prefix.
--- I think ---

With that (image) setting, I get 1 prefix, so I can select one (from 0 to 0) as an interface to track (on one LAN interface).

I wanted to have several prefixes, so I used the forum thread sited above as a guideline.

I created this file /root/att-rg-dhcpv6-pd.conf :

interface ix3 {
        send ia-na 0;
        send ia-pd 0;
        send ia-pd 1;
        send ia-pd 2;
        send ia-pd 3;
        send ia-pd 4;
        send ia-pd 5;
        send ia-pd 6;
        send ia-pd 7;
        request domain-name-servers;
        request domain-name;
        script "/var/etc/dhcp6c_wan_script.sh";
};
id-assoc na 0 { };
id-assoc pd 0 {
        prefix-interface igc0 {
                sla-id 0;
                sla-len 0;
        };
};
id-assoc pd 1 {
        prefix-interface igc2 {
                sla-id 0;
                sla-len 0;
        };
};
id-assoc pd 2 { };
id-assoc pd 3 { };
id-assoc pd 4 { };
id-assoc pd 5 { };
id-assoc pd 6 { };
id-assoc pd 7 { };

where ix3 is my WAN interface.
igc0 is my LAN interface
igc1 is my second LAN interface

I've used this file like this :
🔒 Log in to view

A then, looking at thedhcp6client log lines, the magic happend :
I saw 2 /64 prefixes handed over buy my ISP upstream router, and could use Tracking on two LAN interfaces, the first had the index 0 and the other the index 1.
( and then things still failed for me, but that's another story )

Btw : I do not pretend that I fully understand what the config file does.

jasonreg · Mar 16, 2023, 2:12 PM

@bob-dig said in No IPv6 after upgrade to 23.01:

@jasonreg You have to use another prefix ID. And they don't track LAN but your WAN.

Yes, sorry typo. Is it as simple as changing the default "0" here:
🔒 Log in to view
to a "1" for a separate VLAN or network?

Gertjan · Mar 16, 2023, 2:17 PM

@jasonreg
Exact !
When tracking works (aka : you received on or more prefixes), that is how it should be set up.

Bob.Dig · Mar 16, 2023, 2:17 PM

@jasonreg 0 to ff in your case, look at the screen(shot).

jasonreg · Mar 16, 2023, 2:41 PM

@bob-dig said in No IPv6 after upgrade to 23.01:

@jasonreg 0 to ff in your case, look at the screen(shot).

OK, so I am a bit lacking here. "0 to ff" would mean what exactly for the next 5 interfaces? Apologize for the (probably) basic question ...

And, do I enable the DHCP6 server and RA on each interface or on just the LAN?

jasonreg · Mar 16, 2023, 2:59 PM

@jasonreg OK - have that one. numbers until I needed 10 or more than I need to use hex. Got it.

So I now have IPV6 on all networks. The only thing I do not understand is why the WAN_DHCP6 Gateway shows Red "Offline, Packetloss"

That said, it looks like the IPV6 addresses are now being handed out. Verified on iPad/iPhones etc. changing to the various VLANs.

maverickws · Mar 20, 2023, 7:41 PM

@jasonreg
Sometimes after doing a lot of configuration changes, giving a reboot on the firewall gets everything running perfectly at last.
It could also mean your IPv6 upstream gateway doesn't respond to monitoring. In that case you either mark the GW always up, or get a valid IPv6 address for the Gateway monitor to reach and define its state.

About my previous attempts to figure this out and following up on @mhillmann's conversation;

I have data from over a year back where I can see my IPv6 gateway with this ISP. My IPv6 address is always one of a /40 pool, and the upstream gateway is always the same. I checked this extensively.

So the WAN interface was using DHCPv6 but in Routing the selected IPv6 gateway was the static one I created. I actually went a step further and disabled the dynamic gateway on the routing table.

So the static gateway was up but no traffic from the machines which had an IPv6 correctly attributed by tracking WAN interface setup.

So I left this at a standstill waiting for a fix to the issue here. I resigned to "no IPv6" for a while.
The other day I opened a site which accused me of being using IPv6.

Made an IPv6 test: IPv6 working.
Tested on other machines: IPv6 working.

Checked the firewall, have the Static IPv6 gateway selected, the same configuration I left before when IPv6 wasn't working. And wasn't for many days.

Currently 17 days uptime, have no idea how the issue resolved by itself.

So in the meanwhile, tried just rebooting the firewall to see how'd it would go.
After reboot, no IPv6 again.

shadowking · Mar 25, 2023, 1:43 PM

Thanks for the redmine report, I'll disable IPv6 until a fix is released.

jordanp123 · Mar 25, 2023, 1:43 PM

@shadowking
Yes, thank you everyone for the conversation. I didn't realize this thread existed and had created my own which appears to be a result of the same issue. I'm gonna disable ipV6 until we have a resolution.

jimp · May 3, 2023, 1:15 PM

FYI- The latest Plus (2.7.0) and CE (23.05) snapshots have a fix for this. See https://redmine.pfsense.org/issues/14072 for details.

tl;dr we added a flag to rtsold which always fires the script no matter which flags are in the RA.

It's working for me on the latest snapshots here in my lab, and I could reproduce the issue reliably before.

shadowking · May 3, 2023, 1:37 PM

@jimp thx for the hard work, I'll wait for the next stable release, but it's good to see that this issue has been handled quickly and properly.

jordanp123 · May 3, 2023, 1:45 PM

@jimp
Just tried it in a CE snapshot VM, works perfectly. No issues at all, once Plus and CE are out in stable I'll be able to get rid of my "Kludges" to get V6 to work. Thanks Everyone Its much appreciated !!!!

mhillmann · May 3, 2023, 1:56 PM

Works flawless. Thank you for the solution!

jimp · May 3, 2023, 1:58 PM

Also noteworthy that we didn't just make the change locally, it's been submitted upstream to FreeBSD as well and will be in future releases there, so we don't have to worry about this breaking again in the future:

https://reviews.freebsd.org/D39931

mhillmann · May 3, 2023, 2:22 PM

@jimp Good choice, as the issue affects FreeBSD too, due to the way rtsold was originally coded in the OS. Rtsold worked before, because sometimes even coding errors produce the intended(?) outcome by mere luck.

jimp · May 3, 2023, 2:25 PM

@mhillmann said in No IPv6 after upgrade to 23.01:

@jimp Good choice, as the issue affects FreeBSD too, due to the way rtsold was originally coded in the OS. Rtsold worked before, because sometimes even coding errors produce the intended(?) outcome by mere luck.

On previous versions of pfSense we had a local patch to rtsold that ended up running the script for any flag combination but it looks like that may not have been intentional. So yes, it was working before but completely by accident.

But now it's working deliberately without a local only change. :-)

maverickws · May 25, 2023, 5:24 PM

Alright, the latest update simply broke IPv6 completely. I am not getting any IPv6 address at all, not just a gateway issue

jimp · May 25, 2023, 7:35 PM

That is likely unrelated. I tested the changes for this and I could reproduce it before the fix and it was working OK after. If there is a change in behavior it's probably not from this change specifically. Start a fresh thread and gather info there to debug it.

maverickws · May 25, 2023, 7:36 PM

@jimp thanks for your reply. You're probably right and already did here. Thanks!