IPv6 Issues since upgrading
-
@JKnott - Yep, I have Auto Backups so there should be one there.
I'm running my pfSense headless, so is it possible to do a reinstall without having to connect up a monitor and keyboard?
Once again, I really appreciate all your time and helping me with this issue.
EDIT: Just noticed that it now looks like I have a global IPv6 address on the WAN:
[2.7.0-RELEASE][admin@pfSense.localdomain]/root: ifconfig -a re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether 00:e0:4c:68:1b:b2 inet6 fe80::2e0:4cff:fe68:1bb2%re0 prefixlen 64 scopeid 0x1 inet6 2402:7940:f000:200::110 prefixlen 128 inet 103.85.39.51 netmask 0xfffffc00 broadcast 103.85.39.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: LAN options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether 00:e0:4c:68:1b:b3 inet6 fe80::2e0:4cff:fe68:1bb3%re1 prefixlen 64 scopeid 0x2 inet6 fe80::1:1%re1 prefixlen 64 scopeid 0x2 inet6 2402:7940:f021:2700:2e0:4cff:fe68:1bb3 prefixlen 64 inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> enc0: flags=0<> metric 0 mtu 1536 groups: enc nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 inet 10.10.10.1 netmask 0xffffffff groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> pflog0: flags=100<PROMISC> metric 0 mtu 33152 groups: pflog pfsync0: flags=0<> metric 0 mtu 1500 maxupd: 128 defer: off syncok: 1 groups: pfsync ovpns2: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::2e0:4cff:fe68:1bb2%ovpns2 prefixlen 64 scopeid 0x7 inet 10.0.8.1 netmask 0xffffff00 broadcast 10.0.8.255 groups: tun openvpn nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> Opened by PID 40817 [2.7.0-RELEASE][admin@pfSense.localdomain]/root:However I have no IPv6 on the Gateway and I cannot ping any IPv6 addresses:
PfSense running on Qotom mini PC
CPU N3150, 2 GB memory, 32 GB SSD & 2 Realtek Gb Ethernet ports.
UniFi AC-Lite access point -
@gregeeh said in IPv6 Issues since upgrading:
I'm running my pfSense headless, so is it possible to do a reinstall without having to connect up a monitor and keyboard?
Not that I'm aware of.
You can run without a WAN global address, as it's not used for routing. Does IPv6 work OK on your LAN?
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@gregeeh hey there,
I might be mistaken but I recall a bug (?) that prevents from showing the given IPv6 on that GUI screenshot of yours under dashboard view...
My setting here: Fritzbox router gives IPv6 prefix to clients on LAN but no IPv6 to pfsense's WAN (which is connected to pfsense). Also in pfsense WAN IF I selected above mentioned option to only receive prefix but no IPv6 address.
So same here under 2.6: ifconfig -a shows IPv4 and v6, here with locallink, ULA and GUA (both received from fritzbox. It doesn't show WAN's GUA on pfsense GUI. Under dashboard view there is only WAN's locallink under "Gateways", online. Under "Interfaces" it shows WAN's ULA (given by Fritzbox). With ifconfig -a it shows those PLUS it's GUA.
It's the same with 2.7.
In both cases, no successful PING from WAN. All VLAN interfaces with active IPv6 get the correct prefix an can do a Ping. And that is all I need for my little home network... -
@JKnott said in IPv6 Issues since upgrading:
You can run without a WAN global address, as it's not used for routing. Does IPv6 work OK on your LAN?
Did a fresh install of 2.7 and even without restoring my config I have the same issue.
As for the LAN clients. They all get a IPv6 address but cannot connect to any IPv6 nor ping any IPv6 address.
-
I'm in the same boat as everyone here, but I'm on 23.05.1, I found that manually adding a ipv6 route using the link local gateway address will let mine work but any autoconfigured gateway on the ipv6 side fails due to "No route" errors on the linux ping command. 23.05 worked fine.
-
I have what looks to be the same issue - no IPv6 default route since upgrading to 2.7. pfSense does think my IPv6 gateway is up, probably because I've set a monitor address which is pingable from the LAN.
My pfsense is virtualised under Proxmox and I think the link-local address of my pppoe0 interface has changed since upgrading to 2.7.
The gateway IPv6 address shown doesn't seem to be valid for interface pppoe0:
# ifconfig pppoe0 pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492 description: WAN inet6 fe80::3421:f898:4e49:5f2b%pppoe0 prefixlen 64 scopeid 0x8 inet6 fe80::ec5e:b8ff:fe3a:ae7c%pppoe0 prefixlen 64 scopeid 0x8 inet6 2001:8b0:1111:1111:0:ffff:51bb:1aef prefixlen 128 ...I'm not sure where it's getting that gateway address from - it's set to dynamic in the web interface. It is in file
/tmp/pppoe0_defaultgwv6but I thought that was regenerated every boot? -
@jordanp123 said in IPv6 Issues since upgrading:
I found that manually adding a ipv6 route using the link local gateway address will let mine work
That fix also works for me. In my case if I enter
route -6 add default fe80::ec5e:b8ff:fe3a:ae7c%pppoe0IPv6 routing starts working fine from inside the LAN.
-
@poppadum said in IPv6 Issues since upgrading:
The gateway IPv6 address shown doesn't seem to be valid for interface pppoe0:
# ifconfig pppoe0 pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492 description: WAN inet6 fe80::3421:f898:4e49:5f2b%pppoe0 prefixlen 64 scopeid 0x8 inet6 fe80::ec5e:b8ff:fe3a:ae7c%pppoe0 prefixlen 64 scopeid 0x8 inet6 2001:8b0:1111:1111:0:ffff:51bb:1aef prefixlen 128 ...I'm not sure where it's getting that gateway address from - it's set to dynamic in the web interface. It is in file
/tmp/pppoe0_defaultgwv6but I thought that was regenerated every boot?Just spotted this in the ppp log on the date I did the upgrade:
Jul 27 17:07:25 ppp 13981 [wan] IPV6CP: rec'd Configure Request #0 (Ack-Rcvd) Jul 27 17:07:25 ppp 13981 [wan] IPV6CP: SendConfigAck #0 Jul 27 17:07:25 ppp 13981 [wan] IPV6CP: state change Ack-Rcvd --> Opened Jul 27 17:07:25 ppp 13981 [wan] IPV6CP: LayerUp Jul 27 17:07:25 ppp 13981 [wan] ec5e:b8ff:fe3a:ae7c -> 0203:97ff:feba:0900Anyone know why ppp seems to be rewriting the link-local address?
-
None of the systems I'm on are using ppp but so far its two systems that I've had to fix with the ipv6 issue, both the same thing.
-
[2.7.0-RELEASE][admin@pfSense.localdomain]/root: ifconfig re0 re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether 00:e0:4c:68:1b:b2 inet6 fe80::2e0:4cff:fe68:1bb2%re0 prefixlen 64 scopeid 0x1 inet 103.85.37.84 netmask 0xfffffc00 broadcast 103.85.39.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> [2.7.0-RELEASE][admin@pfSense.localdomain]/root:The gateway IPv6 address does not appear to be valid for the re0 interface.
Can someone please explain what is happening here?
TIA
-
Check the routing tables, make sure there is a valid default route for IPv6. If not make sure the default gateway in System > Routing > Gateways is set to WAN_DHCP6.
It's valid to have only a linklocal address on WAN. If your ISP is passing only a prefix they can route that to you across the linklocal address. You must have a globally routable IPv6 address somewhere though.
-
I tried setting the default gateway under Gateways to both automatic and the WAN_DHCP6 both failed to route, I had to manually add a static GW or use the add route option to get the two I was working on to route.
-
And before that the routing table was showing no default IPv6 route?
Do the logs show a new route being passed when it connects?
-
I'll change the gateway back to the default one this evening and get you some answers, I can't change it back right now, since ipv6 is being used.
-
@stephenw10
I was able to catch some time while no one was using the system and test. Switching to WAN_DHCP6 after setting the static GW results in connectivity, however if the pfSense is rebooted with WAN_DHCP6 set as the default GW then a default route isn’t installed on reboot.
-
Ah, then I would check the dhcp and routing logs for errors when it first connects at boot. There is likely something preventing it adding the default route at that time.
-
@stephenw10
Going through the logs on boot the only errors I see are the following:Aug 1 11:42:39 dhcp6c 39378 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Aug 1 11:42:39 dhcp6c 39378 failed initialize control message authentication
Aug 1 11:42:39 dhcp6c 39378 skip opening control port
Aug 1 11:42:40 dhcp6c 39448 Sending Solicit
Aug 1 11:42:40 dhcp6c 39448 transmit failed: Can't assign requested address
Aug 1 11:42:41 dhcp6c 39448 Sending Solicit
Aug 1 11:42:41 dhcp6c 39448 Sending Request
Aug 1 11:42:41 dhcp6c 39448 dhcp6c Received REQUESTThen for routing:
Aug 1 11:43:02 radvd 9387 version 2.19 started
Aug 1 11:43:02 radvd 9387 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: (/var/etc/radvd.conf:24) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: (/var/etc/radvd.conf:52) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: (/var/etc/radvd.conf:80) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: (/var/etc/radvd.conf:108) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:44:11 radvd 9534 attempting to reread config file
Aug 1 11:44:11 radvd 9534 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: (/var/etc/radvd.conf:24) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: (/var/etc/radvd.conf:52) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: (/var/etc/radvd.conf:80) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: (/var/etc/radvd.conf:108) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:44:11 radvd 9534 resuming normal operation -
Hmm, nothing jumps out there as a specific gateway/route error. How does that compare with when it creates the route correctly?
-
@stephenw10
Here is the logs for DHCP6C since ~31st, it was restarted this morning @7 due to a hypervisor (ProxMox ) update. IP6 GA's changed to X.Aug 1 07:20:00 dhcp6c 41130 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Aug 1 07:20:00 dhcp6c 41130 failed initialize control message authentication
Aug 1 07:20:00 dhcp6c 41130 skip opening control port
Aug 1 07:20:01 dhcp6c 41404 Sending Solicit
Aug 1 07:20:01 dhcp6c 41404 transmit failed: Can't assign requested address
Aug 1 07:20:02 dhcp6c 41404 Sending Solicit
Aug 1 07:20:02 dhcp6c 41404 Sending Request
Aug 1 07:20:02 dhcp6c 41404 dhcp6c Received REQUEST
Aug 1 07:20:02 dhcp6c 41404 add an address X on vtnet2
Aug 1 07:20:02 dhcp6c 41404 add an address X on vtnet0.6
Aug 1 07:20:02 dhcp6c 41404 add an address X on vtnet0.4
Aug 1 07:20:02 dhcp6c 41404 add an address X on vtnet0.5
Aug 1 11:42:39 dhcp6c 39378 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Aug 1 11:42:39 dhcp6c 39378 failed initialize control message authentication
Aug 1 11:42:39 dhcp6c 39378 skip opening control port
Aug 1 11:42:40 dhcp6c 39448 Sending Solicit
Aug 1 11:42:40 dhcp6c 39448 transmit failed: Can't assign requested address
Aug 1 11:42:41 dhcp6c 39448 Sending Solicit
Aug 1 11:42:41 dhcp6c 39448 Sending Request
Aug 1 11:42:41 dhcp6c 39448 dhcp6c Received REQUEST
Aug 1 11:42:41 dhcp6c 39448 add an address X on vtnet2
Aug 1 11:42:41 dhcp6c 39448 add an address X on vtnet0.6
Aug 1 11:42:41 dhcp6c 39448 add an address X on vtnet0.4
Aug 1 11:42:41 dhcp6c 39448 add an address X on vtnet0.5The routing logs look pretty much identical:
Aug 1 07:20:25 radvd 66853 version 2.19 started
Aug 1 07:20:25 radvd 66853 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: (/var/etc/radvd.conf:24) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: (/var/etc/radvd.conf:52) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: (/var/etc/radvd.conf:80) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: (/var/etc/radvd.conf:108) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:21:22 radvd 66861 attempting to reread config file
Aug 1 07:21:22 radvd 66861 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: (/var/etc/radvd.conf:24) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: (/var/etc/radvd.conf:52) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: (/var/etc/radvd.conf:80) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: (/var/etc/radvd.conf:108) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:21:22 radvd 66861 resuming normal operation -
Enable 'DHCP6 Debug' in System > Advanced > Networking. Check again.
