IPv6 Issues since upgrading
-
@gregeeh said in IPv6 Issues since upgrading:
It was not set, so I checked it and still no global IPv6.
You don't want it checked.
Try capturing the full DHCPv6 sequence and posting the capture file here.
-
@JKnott - File attached.
-
There's something really strange there.
Here's what your capture looks like:
And mine:
You have multiple solicits and also a few release XIDs, which is something I've never seen before. You shouldn't have to send 9 solicits. I guess the next question is why is your ISP ignoring all those solicits with 2.7, but not 2.6. Also, why the release?
-
@JKnott - I really appreciate your time and comments.
What do you think my next step should be? Contact the ISP, if so what should I tell them?
Like you I think it's strange 2.6 worked and 2.7 does not.
-
It might be worth a reinstall. Back up your config first though. Do you have a recent one from before 2.7?
-
@JKnott - Yep, I have Auto Backups so there should be one there.
I'm running my pfSense headless, so is it possible to do a reinstall without having to connect up a monitor and keyboard?
Once again, I really appreciate all your time and helping me with this issue.
EDIT: Just noticed that it now looks like I have a global IPv6 address on the WAN:
[2.7.0-RELEASE][admin@pfSense.localdomain]/root: ifconfig -a re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether 00:e0:4c:68:1b:b2 inet6 fe80::2e0:4cff:fe68:1bb2%re0 prefixlen 64 scopeid 0x1 inet6 2402:7940:f000:200::110 prefixlen 128 inet 103.85.39.51 netmask 0xfffffc00 broadcast 103.85.39.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: LAN options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether 00:e0:4c:68:1b:b3 inet6 fe80::2e0:4cff:fe68:1bb3%re1 prefixlen 64 scopeid 0x2 inet6 fe80::1:1%re1 prefixlen 64 scopeid 0x2 inet6 2402:7940:f021:2700:2e0:4cff:fe68:1bb3 prefixlen 64 inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> enc0: flags=0<> metric 0 mtu 1536 groups: enc nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 inet 10.10.10.1 netmask 0xffffffff groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> pflog0: flags=100<PROMISC> metric 0 mtu 33152 groups: pflog pfsync0: flags=0<> metric 0 mtu 1500 maxupd: 128 defer: off syncok: 1 groups: pfsync ovpns2: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::2e0:4cff:fe68:1bb2%ovpns2 prefixlen 64 scopeid 0x7 inet 10.0.8.1 netmask 0xffffff00 broadcast 10.0.8.255 groups: tun openvpn nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> Opened by PID 40817 [2.7.0-RELEASE][admin@pfSense.localdomain]/root:However I have no IPv6 on the Gateway and I cannot ping any IPv6 addresses:
PfSense running on Qotom mini PC
CPU N3150, 2 GB memory, 32 GB SSD & 2 Realtek Gb Ethernet ports.
UniFi AC-Lite access point -
@gregeeh said in IPv6 Issues since upgrading:
I'm running my pfSense headless, so is it possible to do a reinstall without having to connect up a monitor and keyboard?
Not that I'm aware of.
You can run without a WAN global address, as it's not used for routing. Does IPv6 work OK on your LAN?
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@gregeeh hey there,
I might be mistaken but I recall a bug (?) that prevents from showing the given IPv6 on that GUI screenshot of yours under dashboard view...
My setting here: Fritzbox router gives IPv6 prefix to clients on LAN but no IPv6 to pfsense's WAN (which is connected to pfsense). Also in pfsense WAN IF I selected above mentioned option to only receive prefix but no IPv6 address.
So same here under 2.6: ifconfig -a shows IPv4 and v6, here with locallink, ULA and GUA (both received from fritzbox. It doesn't show WAN's GUA on pfsense GUI. Under dashboard view there is only WAN's locallink under "Gateways", online. Under "Interfaces" it shows WAN's ULA (given by Fritzbox). With ifconfig -a it shows those PLUS it's GUA.
It's the same with 2.7.
In both cases, no successful PING from WAN. All VLAN interfaces with active IPv6 get the correct prefix an can do a Ping. And that is all I need for my little home network... -
@JKnott said in IPv6 Issues since upgrading:
You can run without a WAN global address, as it's not used for routing. Does IPv6 work OK on your LAN?
Did a fresh install of 2.7 and even without restoring my config I have the same issue.
As for the LAN clients. They all get a IPv6 address but cannot connect to any IPv6 nor ping any IPv6 address.
-
I'm in the same boat as everyone here, but I'm on 23.05.1, I found that manually adding a ipv6 route using the link local gateway address will let mine work but any autoconfigured gateway on the ipv6 side fails due to "No route" errors on the linux ping command. 23.05 worked fine.
-
I have what looks to be the same issue - no IPv6 default route since upgrading to 2.7. pfSense does think my IPv6 gateway is up, probably because I've set a monitor address which is pingable from the LAN.
My pfsense is virtualised under Proxmox and I think the link-local address of my pppoe0 interface has changed since upgrading to 2.7.
The gateway IPv6 address shown doesn't seem to be valid for interface pppoe0:
# ifconfig pppoe0 pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492 description: WAN inet6 fe80::3421:f898:4e49:5f2b%pppoe0 prefixlen 64 scopeid 0x8 inet6 fe80::ec5e:b8ff:fe3a:ae7c%pppoe0 prefixlen 64 scopeid 0x8 inet6 2001:8b0:1111:1111:0:ffff:51bb:1aef prefixlen 128 ...I'm not sure where it's getting that gateway address from - it's set to dynamic in the web interface. It is in file
/tmp/pppoe0_defaultgwv6but I thought that was regenerated every boot? -
@jordanp123 said in IPv6 Issues since upgrading:
I found that manually adding a ipv6 route using the link local gateway address will let mine work
That fix also works for me. In my case if I enter
route -6 add default fe80::ec5e:b8ff:fe3a:ae7c%pppoe0IPv6 routing starts working fine from inside the LAN.
-
@poppadum said in IPv6 Issues since upgrading:
The gateway IPv6 address shown doesn't seem to be valid for interface pppoe0:
# ifconfig pppoe0 pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492 description: WAN inet6 fe80::3421:f898:4e49:5f2b%pppoe0 prefixlen 64 scopeid 0x8 inet6 fe80::ec5e:b8ff:fe3a:ae7c%pppoe0 prefixlen 64 scopeid 0x8 inet6 2001:8b0:1111:1111:0:ffff:51bb:1aef prefixlen 128 ...I'm not sure where it's getting that gateway address from - it's set to dynamic in the web interface. It is in file
/tmp/pppoe0_defaultgwv6but I thought that was regenerated every boot?Just spotted this in the ppp log on the date I did the upgrade:
Jul 27 17:07:25 ppp 13981 [wan] IPV6CP: rec'd Configure Request #0 (Ack-Rcvd) Jul 27 17:07:25 ppp 13981 [wan] IPV6CP: SendConfigAck #0 Jul 27 17:07:25 ppp 13981 [wan] IPV6CP: state change Ack-Rcvd --> Opened Jul 27 17:07:25 ppp 13981 [wan] IPV6CP: LayerUp Jul 27 17:07:25 ppp 13981 [wan] ec5e:b8ff:fe3a:ae7c -> 0203:97ff:feba:0900Anyone know why ppp seems to be rewriting the link-local address?
-
None of the systems I'm on are using ppp but so far its two systems that I've had to fix with the ipv6 issue, both the same thing.
-
[2.7.0-RELEASE][admin@pfSense.localdomain]/root: ifconfig re0 re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether 00:e0:4c:68:1b:b2 inet6 fe80::2e0:4cff:fe68:1bb2%re0 prefixlen 64 scopeid 0x1 inet 103.85.37.84 netmask 0xfffffc00 broadcast 103.85.39.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> [2.7.0-RELEASE][admin@pfSense.localdomain]/root:The gateway IPv6 address does not appear to be valid for the re0 interface.
Can someone please explain what is happening here?
TIA
-
Check the routing tables, make sure there is a valid default route for IPv6. If not make sure the default gateway in System > Routing > Gateways is set to WAN_DHCP6.
It's valid to have only a linklocal address on WAN. If your ISP is passing only a prefix they can route that to you across the linklocal address. You must have a globally routable IPv6 address somewhere though.
-
I tried setting the default gateway under Gateways to both automatic and the WAN_DHCP6 both failed to route, I had to manually add a static GW or use the add route option to get the two I was working on to route.
-
And before that the routing table was showing no default IPv6 route?
Do the logs show a new route being passed when it connects?
-
I'll change the gateway back to the default one this evening and get you some answers, I can't change it back right now, since ipv6 is being used.
-
@stephenw10
I was able to catch some time while no one was using the system and test. Switching to WAN_DHCP6 after setting the static GW results in connectivity, however if the pfSense is rebooted with WAN_DHCP6 set as the default GW then a default route isn’t installed on reboot.
