• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Resolved: Did v23.05+ break IPv6?

Scheduled Pinned Locked Moved General pfSense Questions
18 Posts 2 Posters 920 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    RobbieTT @stephenw10
    last edited by RobbieTT Jul 13, 2023, 3:09 PM Jul 13, 2023, 3:09 PM

    @stephenw10

    	</dhcpd>
	<dhcpdv6>
		<lan>
			<range>
				<from>::1000</from>
				<to>::2000</to>
			</range>
			<ramode>stateless_dhcp</ramode>
			<rapriority>medium</rapriority>
			<prefixrange>
				<from></from>
				<to></to>
				<prefixlength>64</prefixlength>
			</prefixrange>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<netmask></netmask>
			<dhcp6c-dns>enabled</dhcp6c-dns>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainsecondary></ddnsdomainsecondary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkeyalgorithm>hmac-md5</ddnsdomainkeyalgorithm>
			<ddnsdomainkey></ddnsdomainkey>
			<ddnsclientupdates>allow</ddnsclientupdates>
			<tftp></tftp>
			<ldap></ldap>
			<bootfile_url></bootfile_url>
			<dhcpv6leaseinlocaltime></dhcpv6leaseinlocaltime>
			<numberoptions></numberoptions>
			<rainterface></rainterface>
			<ravalidlifetime></ravalidlifetime>
			<rapreferredlifetime></rapreferredlifetime>
			<raminrtradvinterval></raminrtradvinterval>
			<ramaxrtradvinterval></ramaxrtradvinterval>
			<raadvdefaultlifetime></raadvdefaultlifetime>
			<radomainsearchlist></radomainsearchlist>
			<radvd-dns>enabled</radvd-dns>
			<enable></enable>
		</lan>
		<opt3>
			<ramode>stateless_dhcp</ramode>
			<rapriority>medium</rapriority>
			<rainterface></rainterface>
			<ravalidlifetime></ravalidlifetime>
			<rapreferredlifetime></rapreferredlifetime>
			<raminrtradvinterval></raminrtradvinterval>
			<ramaxrtradvinterval></ramaxrtradvinterval>
			<raadvdefaultlifetime></raadvdefaultlifetime>
			<radomainsearchlist></radomainsearchlist>
			<radvd-dns>enabled</radvd-dns>
			<range>
				<from>::1000</from>
				<to>::2000</to>
			</range>
			<prefixrange>
				<from></from>
				<to></to>
				<prefixlength>64</prefixlength>
			</prefixrange>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<netmask></netmask>
			<dhcp6c-dns>enabled</dhcp6c-dns>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainsecondary></ddnsdomainsecondary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkeyalgorithm>hmac-md5</ddnsdomainkeyalgorithm>
			<ddnsdomainkey></ddnsdomainkey>
			<ddnsclientupdates>allow</ddnsclientupdates>
			<tftp></tftp>
			<ldap></ldap>
			<bootfile_url></bootfile_url>
			<dhcpv6leaseinlocaltime></dhcpv6leaseinlocaltime>
			<numberoptions></numberoptions>
			<enable></enable>
		</opt3>
		<opt1>
			<ramode>stateless_dhcp</ramode>
			<rapriority>medium</rapriority>
			<rainterface></rainterface>
			<ravalidlifetime></ravalidlifetime>
			<rapreferredlifetime></rapreferredlifetime>
			<raminrtradvinterval></raminrtradvinterval>
			<ramaxrtradvinterval></ramaxrtradvinterval>
			<raadvdefaultlifetime></raadvdefaultlifetime>
			<radomainsearchlist></radomainsearchlist>
			<radvd-dns>enabled</radvd-dns>
			<range>
				<from>::1000</from>
				<to>::2000</to>
			</range>
			<prefixrange>
				<from></from>
				<to></to>
				<prefixlength>64</prefixlength>
			</prefixrange>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<netmask></netmask>
			<dhcp6c-dns>enabled</dhcp6c-dns>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<enable></enable>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainsecondary></ddnsdomainsecondary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkeyalgorithm>hmac-md5</ddnsdomainkeyalgorithm>
			<ddnsdomainkey></ddnsdomainkey>
			<ddnsclientupdates>allow</ddnsclientupdates>
			<tftp></tftp>
			<ldap></ldap>
			<bootfile_url></bootfile_url>
			<dhcpv6leaseinlocaltime></dhcpv6leaseinlocaltime>
			<numberoptions></numberoptions>
		</opt1>
	</dhcpdv6>

    Maybe I should be using a managed mode?

    From my notes I did have it on 'Assisted' on my initial config. Cannot remember what prompted the change.

    ☕️

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Jul 13, 2023, 3:59 PM

      You would only change it from Assisted to disable DHCPv6. I set it to Managed to disable SLAAC because I had a badly behaved client on there.

      R 1 Reply Last reply Jul 13, 2023, 4:07 PM Reply Quote 0
      • R
        RobbieTT @stephenw10
        last edited by Jul 13, 2023, 4:07 PM

        @stephenw10 said in Did v23.05+ break IPv6?:

        You would only change it from Assisted to disable DHCPv6. I set it to Managed to disable SLAAC because I had a badly behaved client on there.

        Ok, I guess I was hoping for a self-inflicted config snafu rather than a potential bug.

        ☕️

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by Jul 13, 2023, 4:11 PM

          Are those clients actually failing to get IPv6 addresses in addition to the errors? I assume they are...

          R 1 Reply Last reply Jul 13, 2023, 4:46 PM Reply Quote 0
          • R
            RobbieTT @stephenw10
            last edited by RobbieTT Jul 13, 2023, 4:49 PM Jul 13, 2023, 4:46 PM

            @stephenw10

            They seem to be. If I take this one as an example, which is a HomePod mini:

            Jul 13 16:16:50 Router-8 dhcpd[88832]: Solicit message from fe80::c77:d61c:dead:e7f1 port 546, transaction ID 0x1E58F500
Jul 13 16:16:50 Router-8 dhcpd[88832]: Unable to pick client prefix: no IPv6 pools on this shared network
Jul 13 16:16:50 Router-8 dhcpd[88832]: Sending Advertise to fe80::c77:d61c:dead:e7f1 port 546

            I find the 3 addresses I would expect in ndp:

            2a02:reda:cted:1:44:85da:d2b:4e22     e0:2b:96:de:ad:e7    ix1 23h54m3s  S R
fe80::c77:d61c:dead:e7f1%ix1         e0:2b:96:de:ad:e7    ix1 23h59m49s S R
2a02:reda:cted:1:f838:ff81:92cb:b1f4  e0:2b:96:de:ad:e7    ix1 23h12m47s S R

            Looking at the HomePod mini itself it only shows 2 IPv6 addresses:

            fe80::c77:d61c:dead:e7f1
2a02:reda:cted:1:82:e074:5611:8f57

            So they don't tie together neatly.

            ☕️

            1 Reply Last reply Reply Quote 0
            • S
              stephenw10 Netgate Administrator
              last edited by Jul 13, 2023, 5:58 PM

              Hmm, not seeing that here after setting RA mode to Assisted:
              (logs reveresed)

              Jul 13 17:48:58 	dhcpd 	90545 	Sending Reply to fe80::d088:d265:1c85:243e port 546
Jul 13 17:48:58 	dhcpd 	90545 	Reply NA: address 2a00:reda:cted:6a02::1982 to client with duid 00:04:68:c4:1c:60:11:aa:96:67:78:74:1c:e1:f7:d0:35:e8 iaid = 227970921 valid for 7200 seconds
Jul 13 17:48:58 	dhcpd 	90545 	Request message from fe80::d088:d265:1c85:243e port 546, transaction ID 0x11886700
Jul 13 17:48:57 	dhcpd 	90545 	Sending Advertise to fe80::d088:d265:1c85:243e port 546
Jul 13 17:48:57 	dhcpd 	90545 	Advertise NA: address 2a00:reda:cted:6a02::1982 to client with duid 00:04:68:c4:1c:60:11:aa:96:67:78:74:1c:e1:f7:d0:35:e8 iaid = 227970921 valid for 7200 seconds
Jul 13 17:48:57 	dhcpd 	90545 	Picking pool address 2a00:reda:cted:6a02::1982
Jul 13 17:48:57 	dhcpd 	90545 	Solicit message from fe80::d088:d265:1c85:243e port 546, transaction ID 0x9163A000

              Note that's inside the DHCPv6 pool I have defined. It's a DHCPv6 lease. You have a range defined but with RA mode set to stateless it may not actually be available.

              It looks like your logs show DHCPv6 failure which might be expected with RA set to SLAAC only.

              Steve

              R 1 Reply Last reply Jul 13, 2023, 6:01 PM Reply Quote 0
              • R
                RobbieTT @stephenw10
                last edited by Jul 13, 2023, 6:01 PM

                @stephenw10
                Thanks Steve, is there a suggested best-practice with this?

                1 Reply Last reply Reply Quote 0
                • S
                  stephenw10 Netgate Administrator
                  last edited by Jul 13, 2023, 7:35 PM

                  I would say use Assisted mode RA unless you have a good reason not to.

                  R 1 Reply Last reply Jul 13, 2023, 7:39 PM Reply Quote 1
                  • R
                    RobbieTT @stephenw10
                    last edited by RobbieTT Jul 13, 2023, 7:43 PM Jul 13, 2023, 7:39 PM

                    @stephenw10
                    Thanks Steve, I'll give it a go.

                    Found my previous notes and apparently it all fell apart last time I tried Assisted Mode. Thinking back, I probably didn't leave enough time for all the revised IPv6 addresses to propagate.

                    Is there anything else to change in my config with Assisted Mode, or is as simple as changing the drop-down option?

                    ☕️

                    1 Reply Last reply Reply Quote 0
                    • S
                      stephenw10 Netgate Administrator
                      last edited by Jul 13, 2023, 7:52 PM

                      I don't think anything else is needed but I will say it's not something I'm spent much time looking into.

                      I'm also not aware of anything that changed there since 23.01 so it's surprising you saw a change in behaviour.

                      R 2 Replies Last reply Jul 13, 2023, 7:57 PM Reply Quote 1
                      • R
                        RobbieTT @stephenw10
                        last edited by Jul 13, 2023, 7:57 PM

                        @stephenw10
                        Yep, it is all a bit odd - especially with the errors in the logs. It may be linked to the issue on Redmine but I am still not certain of it. I guess I will find out when that issue is closed.

                        Thanks for the help, again. 👍

                        ☕️

                        1 Reply Last reply Reply Quote 1
                        • R
                          RobbieTT @stephenw10
                          last edited by Jul 15, 2023, 5:19 PM

                          @stephenw10

                          The Assisted Mode has IPv6 fully working again with no errors in the log.

                          As a 'promising' side-effect, my HomePods have suddenly remembered how to play an Apple Music playlist again; something that stopped a few Apple updates ago.

                          If I select SLAAC again, Apple Music becomes stupid again. I didn't think this issue would be IPv6 related, especially with IPv6 apparently working (at least for the most part).

                          I still have no idea what is up with SLAAC though, so this issue may still impact others, but Assisted Mode works for me.

                          Anyway, thanks Steve, 2 issues resolved for the price of 1. 👍

                          ☕️

                          1 Reply Last reply Reply Quote 1
                          • R RobbieTT referenced this topic on Jul 15, 2023, 5:24 PM
                          18 out of 18
                          • First post
                            18/18
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received