IPv6 Issues since upgrading
-
@stephenw10
I was able to catch some time while no one was using the system and test. Switching to WAN_DHCP6 after setting the static GW results in connectivity, however if the pfSense is rebooted with WAN_DHCP6 set as the default GW then a default route isn’t installed on reboot.
-
Ah, then I would check the dhcp and routing logs for errors when it first connects at boot. There is likely something preventing it adding the default route at that time.
-
@stephenw10
Going through the logs on boot the only errors I see are the following:Aug 1 11:42:39 dhcp6c 39378 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Aug 1 11:42:39 dhcp6c 39378 failed initialize control message authentication
Aug 1 11:42:39 dhcp6c 39378 skip opening control port
Aug 1 11:42:40 dhcp6c 39448 Sending Solicit
Aug 1 11:42:40 dhcp6c 39448 transmit failed: Can't assign requested address
Aug 1 11:42:41 dhcp6c 39448 Sending Solicit
Aug 1 11:42:41 dhcp6c 39448 Sending Request
Aug 1 11:42:41 dhcp6c 39448 dhcp6c Received REQUESTThen for routing:
Aug 1 11:43:02 radvd 9387 version 2.19 started
Aug 1 11:43:02 radvd 9387 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: (/var/etc/radvd.conf:24) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: (/var/etc/radvd.conf:52) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: (/var/etc/radvd.conf:80) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: (/var/etc/radvd.conf:108) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:43:02 radvd 9387 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:44:11 radvd 9534 attempting to reread config file
Aug 1 11:44:11 radvd 9534 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: (/var/etc/radvd.conf:24) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: (/var/etc/radvd.conf:52) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: (/var/etc/radvd.conf:80) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: (/var/etc/radvd.conf:108) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 11:44:11 radvd 9534 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 11:44:11 radvd 9534 resuming normal operation -
Hmm, nothing jumps out there as a specific gateway/route error. How does that compare with when it creates the route correctly?
-
@stephenw10
Here is the logs for DHCP6C since ~31st, it was restarted this morning @7 due to a hypervisor (ProxMox ) update. IP6 GA's changed to X.Aug 1 07:20:00 dhcp6c 41130 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Aug 1 07:20:00 dhcp6c 41130 failed initialize control message authentication
Aug 1 07:20:00 dhcp6c 41130 skip opening control port
Aug 1 07:20:01 dhcp6c 41404 Sending Solicit
Aug 1 07:20:01 dhcp6c 41404 transmit failed: Can't assign requested address
Aug 1 07:20:02 dhcp6c 41404 Sending Solicit
Aug 1 07:20:02 dhcp6c 41404 Sending Request
Aug 1 07:20:02 dhcp6c 41404 dhcp6c Received REQUEST
Aug 1 07:20:02 dhcp6c 41404 add an address X on vtnet2
Aug 1 07:20:02 dhcp6c 41404 add an address X on vtnet0.6
Aug 1 07:20:02 dhcp6c 41404 add an address X on vtnet0.4
Aug 1 07:20:02 dhcp6c 41404 add an address X on vtnet0.5
Aug 1 11:42:39 dhcp6c 39378 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Aug 1 11:42:39 dhcp6c 39378 failed initialize control message authentication
Aug 1 11:42:39 dhcp6c 39378 skip opening control port
Aug 1 11:42:40 dhcp6c 39448 Sending Solicit
Aug 1 11:42:40 dhcp6c 39448 transmit failed: Can't assign requested address
Aug 1 11:42:41 dhcp6c 39448 Sending Solicit
Aug 1 11:42:41 dhcp6c 39448 Sending Request
Aug 1 11:42:41 dhcp6c 39448 dhcp6c Received REQUEST
Aug 1 11:42:41 dhcp6c 39448 add an address X on vtnet2
Aug 1 11:42:41 dhcp6c 39448 add an address X on vtnet0.6
Aug 1 11:42:41 dhcp6c 39448 add an address X on vtnet0.4
Aug 1 11:42:41 dhcp6c 39448 add an address X on vtnet0.5The routing logs look pretty much identical:
Aug 1 07:20:25 radvd 66853 version 2.19 started
Aug 1 07:20:25 radvd 66853 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: (/var/etc/radvd.conf:24) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: (/var/etc/radvd.conf:52) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: (/var/etc/radvd.conf:80) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: (/var/etc/radvd.conf:108) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:20:25 radvd 66853 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:21:22 radvd 66861 attempting to reread config file
Aug 1 07:21:22 radvd 66861 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: (/var/etc/radvd.conf:24) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: (/var/etc/radvd.conf:52) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: (/var/etc/radvd.conf:80) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: (/var/etc/radvd.conf:108) AdvRDNSSLifetime <= 2MaxRtrAdvInterval would allow stale DNS servers to be deleted faster
Aug 1 07:21:22 radvd 66861 warning: AdvDNSSLLifetime <= 2MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster
Aug 1 07:21:22 radvd 66861 resuming normal operation -
Enable 'DHCP6 Debug' in System > Advanced > Networking. Check again.
-
@stephenw10
Aug 1 12:45:28 dhcp6c 41581 extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:2b:b0:e9:8d:66:9f:b4:58:90:62
Aug 1 12:45:28 dhcp6c 41581 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Aug 1 12:45:28 dhcp6c 41581 failed initialize control message authentication
Aug 1 12:45:28 dhcp6c 41581 skip opening control port
Aug 1 12:45:28 dhcp6c 41581 <3>[interface] (9)
Aug 1 12:45:28 dhcp6c 41581 <5>[vtnet1] (6)
Aug 1 12:45:28 dhcp6c 41581 <3>begin of closure [{] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[send] (4)
Aug 1 12:45:28 dhcp6c 41581 <3>[ia-na] (5)
Aug 1 12:45:28 dhcp6c 41581 <3>[0] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>comment [# request stateful address] (26)
Aug 1 12:45:28 dhcp6c 41581 <3>[send] (4)
Aug 1 12:45:28 dhcp6c 41581 <3>[ia-pd] (5)
Aug 1 12:45:28 dhcp6c 41581 <3>[0] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>comment [# request prefix delegation] (27)
Aug 1 12:45:28 dhcp6c 41581 <3>[request] (7)
Aug 1 12:45:28 dhcp6c 41581 <3>[domain-name-servers] (19)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[request] (7)
Aug 1 12:45:28 dhcp6c 41581 <3>[domain-name] (11)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[script] (6)
Aug 1 12:45:28 dhcp6c 41581 <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>comment [# we'd like some nameservers please] (35)
Aug 1 12:45:28 dhcp6c 41581 <3>end of closure [}] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[id-assoc] (8)
Aug 1 12:45:28 dhcp6c 41581 <13>[na] (2)
Aug 1 12:45:28 dhcp6c 41581 <13>[0] (1)
Aug 1 12:45:28 dhcp6c 41581 <13>begin of closure [{] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of closure [}] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[id-assoc] (8)
Aug 1 12:45:28 dhcp6c 41581 <13>[pd] (2)
Aug 1 12:45:28 dhcp6c 41581 <13>[0] (1)
Aug 1 12:45:28 dhcp6c 41581 <13>begin of closure [{] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[prefix] (6)
Aug 1 12:45:28 dhcp6c 41581 <3>[::] (2)
Aug 1 12:45:28 dhcp6c 41581 <3>[/] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[58] (2)
Aug 1 12:45:28 dhcp6c 41581 <3>[infinity] (8)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[prefix-interface] (16)
Aug 1 12:45:28 dhcp6c 41581 <5>[vtnet2] (6)
Aug 1 12:45:28 dhcp6c 41581 <3>begin of closure [{] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[sla-id] (6)
Aug 1 12:45:28 dhcp6c 41581 <3>[3] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[sla-len] (7)
Aug 1 12:45:28 dhcp6c 41581 <3>[6] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of closure [}] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[prefix-interface] (16)
Aug 1 12:45:28 dhcp6c 41581 <5>[vtnet0.6] (8)
Aug 1 12:45:28 dhcp6c 41581 <3>begin of closure [{] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[sla-id] (6)
Aug 1 12:45:28 dhcp6c 41581 <3>[0] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[sla-len] (7)
Aug 1 12:45:28 dhcp6c 41581 <3>[6] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of closure [}] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[prefix-interface] (16)
Aug 1 12:45:28 dhcp6c 41581 <5>[vtnet0.4] (8)
Aug 1 12:45:28 dhcp6c 41581 <3>begin of closure [{] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[sla-id] (6)
Aug 1 12:45:28 dhcp6c 41581 <3>[2] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[sla-len] (7)
Aug 1 12:45:28 dhcp6c 41581 <3>[6] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of closure [}] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[prefix-interface] (16)
Aug 1 12:45:28 dhcp6c 41581 <5>[vtnet0.5] (8)
Aug 1 12:45:28 dhcp6c 41581 <3>begin of closure [{] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[sla-id] (6)
Aug 1 12:45:28 dhcp6c 41581 <3>[1] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>[sla-len] (7)
Aug 1 12:45:28 dhcp6c 41581 <3>[6] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of closure [}] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of closure [}] (1)
Aug 1 12:45:28 dhcp6c 41581 <3>end of sentence [;] (1)
Aug 1 12:45:28 dhcp6c 41581 called
Aug 1 12:45:28 dhcp6c 41581 called
Aug 1 12:45:28 dhcp6c 41725 reset a timer on vtnet1, state=INIT, timeo=0, retrans=891
Aug 1 12:45:29 dhcp6c 41725 Sending Solicit
Aug 1 12:45:29 dhcp6c 41725 a new XID (9f67a2) is generated
Aug 1 12:45:29 dhcp6c 41725 set client ID (len 14)
Aug 1 12:45:29 dhcp6c 41725 set identity association
Aug 1 12:45:29 dhcp6c 41725 set elapsed time (len 2)
Aug 1 12:45:29 dhcp6c 41725 set option request (len 4)
Aug 1 12:45:29 dhcp6c 41725 set IA_PD prefix
Aug 1 12:45:29 dhcp6c 41725 set IA_PD
Aug 1 12:45:29 dhcp6c 41725 transmit failed: Can't assign requested address
Aug 1 12:45:29 dhcp6c 41725 reset a timer on vtnet1, state=SOLICIT, timeo=0, retrans=1091
Aug 1 12:45:30 dhcp6c 41725 Sending Solicit
Aug 1 12:45:30 dhcp6c 41725 set client ID (len 14)
Aug 1 12:45:30 dhcp6c 41725 set identity association
Aug 1 12:45:30 dhcp6c 41725 set elapsed time (len 2)
Aug 1 12:45:30 dhcp6c 41725 set option request (len 4)
Aug 1 12:45:30 dhcp6c 41725 set IA_PD prefix
Aug 1 12:45:30 dhcp6c 41725 set IA_PD
Aug 1 12:45:30 dhcp6c 41725 send solicit to ff02::1:2%vtnet1
Aug 1 12:45:30 dhcp6c 41725 reset a timer on vtnet1, state=SOLICIT, timeo=1, retrans=2083
Aug 1 12:45:30 dhcp6c 41725 receive advertise from fe80::2ec8:1bff:fe03:9b13%vtnet1 on vtnet1
Aug 1 12:45:30 dhcp6c 41725 get DHCP option client ID, len 14
Aug 1 12:45:30 dhcp6c 41725 DUID: 00:01:00:01:2b:b0:e9:8d:66:9f:b4:58:90:62
Aug 1 12:45:30 dhcp6c 41725 get DHCP option server ID, len 10
Aug 1 12:45:30 dhcp6c 41725 DUID: 00:03:00:01:2c:c8:1b:03:9b:13
Aug 1 12:45:30 dhcp6c 41725 get DHCP option preference, len 1
Aug 1 12:45:30 dhcp6c 41725 preference: 255
Aug 1 12:45:30 dhcp6c 41725 get DHCP option IA_PD, len 41
Aug 1 12:45:30 dhcp6c 41725 IA_PD: ID=0, T1=43200, T2=69120
Aug 1 12:45:30 dhcp6c 41725 get DHCP option IA_PD prefix, len 25
Aug 1 12:45:30 dhcp6c 41725 IA_PD prefix: X::/58 pltime=77760 vltime=86400
Aug 1 12:45:30 dhcp6c 41725 server ID: 00:03:00:01:2c:c8:1b:03:9b:13, pref=255
Aug 1 12:45:30 dhcp6c 41725 Sending Request
Aug 1 12:45:30 dhcp6c 41725 a new XID (40660d) is generated
Aug 1 12:45:30 dhcp6c 41725 set client ID (len 14)
Aug 1 12:45:30 dhcp6c 41725 set server ID (len 10)
Aug 1 12:45:30 dhcp6c 41725 set elapsed time (len 2)
Aug 1 12:45:30 dhcp6c 41725 set option request (len 4)
Aug 1 12:45:30 dhcp6c 41725 set IA_PD prefix
Aug 1 12:45:30 dhcp6c 41725 set IA_PD
Aug 1 12:45:30 dhcp6c 41725 send request to ff02::1:2%vtnet1
Aug 1 12:45:30 dhcp6c 41725 reset a timer on vtnet1, state=REQUEST, timeo=0, retrans=911
Aug 1 12:45:30 dhcp6c 41725 receive reply from fe80::2ec8:1bff:fe03:9b13%vtnet1 on vtnet1
Aug 1 12:45:30 dhcp6c 41725 get DHCP option client ID, len 14
Aug 1 12:45:30 dhcp6c 41725 DUID: 00:01:00:01:2b:b0:e9:8d:66:9f:b4:58:90:62
Aug 1 12:45:30 dhcp6c 41725 get DHCP option server ID, len 10
Aug 1 12:45:30 dhcp6c 41725 DUID: 00:03:00:01:2c:c8:1b:03:9b:13
Aug 1 12:45:30 dhcp6c 41725 get DHCP option IA_PD, len 41
Aug 1 12:45:30 dhcp6c 41725 IA_PD: ID=0, T1=43200, T2=69120
Aug 1 12:45:30 dhcp6c 41725 get DHCP option IA_PD prefix, len 25
Aug 1 12:45:30 dhcp6c 41725 IA_PD prefix: X::/58 pltime=77760 vltime=86400
Aug 1 12:45:30 dhcp6c 41725 dhcp6c Received REQUEST
Aug 1 12:45:30 dhcp6c 41725 make an IA: PD-0
Aug 1 12:45:30 dhcp6c 41725 create a prefix X::/58 pltime=77760, vltime=86400
Aug 1 12:45:30 dhcp6c 41725 add an address X on vtnet2
Aug 1 12:45:30 dhcp6c 41725 add an address X on vtnet0.6
Aug 1 12:45:30 dhcp6c 41725 add an address X on vtnet0.4
Aug 1 12:45:30 dhcp6c 41725 add an address X on vtnet0.5
Aug 1 12:45:30 dhcp6c 41725 executes /var/etc/dhcp6c_wan_script.sh
Aug 1 12:45:30 dhcp6c 68926 dhcp6c RELEASE, REQUEST or EXIT on vtnet1 running rc.newwanipv6
Aug 1 12:45:30 dhcp6c 41725 script "/var/etc/dhcp6c_wan_script.sh" terminated
Aug 1 12:45:30 dhcp6c 41725 removing an event on vtnet1, state=REQUEST
Aug 1 12:45:30 dhcp6c 41725 removing server (ID: 00:03:00:01:2c:c8:1b:03:9b:13)
Aug 1 12:45:30 dhcp6c 41725 got an expected reply, sleeping. -
That looks like the successful case. What does it show when it fails?
-
@stephenw10
It failed, I have no IPV6 default route. -
@jordanp123 said in IPv6 Issues since upgrading:
Aug 1 12:45:30 dhcp6c 41725 receive reply from fe80::2ec8:1bff:fe03:9b13%vtnet1 on vtnet1
Hmm, yet it is adding addresses and knows what the gateway is....
How does that compare with the successful case?
-
@stephenw10
With the manually added static GW.Aug 1 13:56:50 dhcp6c 39855 extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:2b:b0:e9:8d:66:9f:b4:58:90:62
Aug 1 13:56:50 dhcp6c 39855 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Aug 1 13:56:50 dhcp6c 39855 failed initialize control message authentication
Aug 1 13:56:50 dhcp6c 39855 skip opening control port
Aug 1 13:56:50 dhcp6c 39855 <3>[interface] (9)
Aug 1 13:56:50 dhcp6c 39855 <5>[vtnet1] (6)
Aug 1 13:56:50 dhcp6c 39855 <3>begin of closure [{] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[send] (4)
Aug 1 13:56:50 dhcp6c 39855 <3>[ia-na] (5)
Aug 1 13:56:50 dhcp6c 39855 <3>[0] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>comment [# request stateful address] (26)
Aug 1 13:56:50 dhcp6c 39855 <3>[send] (4)
Aug 1 13:56:50 dhcp6c 39855 <3>[ia-pd] (5)
Aug 1 13:56:50 dhcp6c 39855 <3>[0] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>comment [# request prefix delegation] (27)
Aug 1 13:56:50 dhcp6c 39855 <3>[request] (7)
Aug 1 13:56:50 dhcp6c 39855 <3>[domain-name-servers] (19)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[request] (7)
Aug 1 13:56:50 dhcp6c 39855 <3>[domain-name] (11)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[script] (6)
Aug 1 13:56:50 dhcp6c 39855 <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>comment [# we'd like some nameservers please] (35)
Aug 1 13:56:50 dhcp6c 39855 <3>end of closure [}] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[id-assoc] (8)
Aug 1 13:56:50 dhcp6c 39855 <13>[na] (2)
Aug 1 13:56:50 dhcp6c 39855 <13>[0] (1)
Aug 1 13:56:50 dhcp6c 39855 <13>begin of closure [{] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of closure [}] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[id-assoc] (8)
Aug 1 13:56:50 dhcp6c 39855 <13>[pd] (2)
Aug 1 13:56:50 dhcp6c 39855 <13>[0] (1)
Aug 1 13:56:50 dhcp6c 39855 <13>begin of closure [{] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[prefix] (6)
Aug 1 13:56:50 dhcp6c 39855 <3>[::] (2)
Aug 1 13:56:50 dhcp6c 39855 <3>[/] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[58] (2)
Aug 1 13:56:50 dhcp6c 39855 <3>[infinity] (8)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[prefix-interface] (16)
Aug 1 13:56:50 dhcp6c 39855 <5>[vtnet2] (6)
Aug 1 13:56:50 dhcp6c 39855 <3>begin of closure [{] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[sla-id] (6)
Aug 1 13:56:50 dhcp6c 39855 <3>[3] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[sla-len] (7)
Aug 1 13:56:50 dhcp6c 39855 <3>[6] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of closure [}] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[prefix-interface] (16)
Aug 1 13:56:50 dhcp6c 39855 <5>[vtnet0.6] (8)
Aug 1 13:56:50 dhcp6c 39855 <3>begin of closure [{] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[sla-id] (6)
Aug 1 13:56:50 dhcp6c 39855 <3>[0] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[sla-len] (7)
Aug 1 13:56:50 dhcp6c 39855 <3>[6] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of closure [}] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[prefix-interface] (16)
Aug 1 13:56:50 dhcp6c 39855 <5>[vtnet0.4] (8)
Aug 1 13:56:50 dhcp6c 39855 <3>begin of closure [{] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[sla-id] (6)
Aug 1 13:56:50 dhcp6c 39855 <3>[2] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[sla-len] (7)
Aug 1 13:56:50 dhcp6c 39855 <3>[6] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of closure [}] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[prefix-interface] (16)
Aug 1 13:56:50 dhcp6c 39855 <5>[vtnet0.5] (8)
Aug 1 13:56:50 dhcp6c 39855 <3>begin of closure [{] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[sla-id] (6)
Aug 1 13:56:50 dhcp6c 39855 <3>[1] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>[sla-len] (7)
Aug 1 13:56:50 dhcp6c 39855 <3>[6] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of closure [}] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of closure [}] (1)
Aug 1 13:56:50 dhcp6c 39855 <3>end of sentence [;] (1)
Aug 1 13:56:50 dhcp6c 39855 called
Aug 1 13:56:50 dhcp6c 39855 called
Aug 1 13:56:50 dhcp6c 39971 reset a timer on vtnet1, state=INIT, timeo=0, retrans=891
Aug 1 13:56:51 dhcp6c 39971 Sending Solicit
Aug 1 13:56:51 dhcp6c 39971 a new XID (c9bf81) is generated
Aug 1 13:56:51 dhcp6c 39971 set client ID (len 14)
Aug 1 13:56:51 dhcp6c 39971 set identity association
Aug 1 13:56:51 dhcp6c 39971 set elapsed time (len 2)
Aug 1 13:56:51 dhcp6c 39971 set option request (len 4)
Aug 1 13:56:51 dhcp6c 39971 set IA_PD prefix
Aug 1 13:56:51 dhcp6c 39971 set IA_PD
Aug 1 13:56:51 dhcp6c 39971 transmit failed: Can't assign requested address
Aug 1 13:56:51 dhcp6c 39971 reset a timer on vtnet1, state=SOLICIT, timeo=0, retrans=1091
Aug 1 13:56:52 dhcp6c 39971 Sending Solicit
Aug 1 13:56:52 dhcp6c 39971 set client ID (len 14)
Aug 1 13:56:52 dhcp6c 39971 set identity association
Aug 1 13:56:52 dhcp6c 39971 set elapsed time (len 2)
Aug 1 13:56:52 dhcp6c 39971 set option request (len 4)
Aug 1 13:56:52 dhcp6c 39971 set IA_PD prefix
Aug 1 13:56:52 dhcp6c 39971 set IA_PD
Aug 1 13:56:52 dhcp6c 39971 send solicit to ff02::1:2%vtnet1
Aug 1 13:56:52 dhcp6c 39971 reset a timer on vtnet1, state=SOLICIT, timeo=1, retrans=2083
Aug 1 13:56:52 dhcp6c 39971 receive advertise from fe80::2ec8:1bff:fe03:9b13%vtnet1 on vtnet1
Aug 1 13:56:52 dhcp6c 39971 get DHCP option client ID, len 14
Aug 1 13:56:52 dhcp6c 39971 DUID: 00:01:00:01:2b:b0:e9:8d:66:9f:b4:58:90:62
Aug 1 13:56:52 dhcp6c 39971 get DHCP option server ID, len 10
Aug 1 13:56:52 dhcp6c 39971 DUID: 00:03:00:01:2c:c8:1b:03:9b:13
Aug 1 13:56:52 dhcp6c 39971 get DHCP option preference, len 1
Aug 1 13:56:52 dhcp6c 39971 preference: 255
Aug 1 13:56:52 dhcp6c 39971 get DHCP option IA_PD, len 41
Aug 1 13:56:52 dhcp6c 39971 IA_PD: ID=0, T1=43200, T2=69120
Aug 1 13:56:52 dhcp6c 39971 get DHCP option IA_PD prefix, len 25
Aug 1 13:56:52 dhcp6c 39971 IA_PD prefix: X::/58 pltime=77760 vltime=86400
Aug 1 13:56:52 dhcp6c 39971 server ID: 00:03:00:01:2c:c8:1b:03:9b:13, pref=255
Aug 1 13:56:52 dhcp6c 39971 Sending Request
Aug 1 13:56:52 dhcp6c 39971 a new XID (5ae09e) is generated
Aug 1 13:56:52 dhcp6c 39971 set client ID (len 14)
Aug 1 13:56:52 dhcp6c 39971 set server ID (len 10)
Aug 1 13:56:52 dhcp6c 39971 set elapsed time (len 2)
Aug 1 13:56:52 dhcp6c 39971 set option request (len 4)
Aug 1 13:56:52 dhcp6c 39971 set IA_PD prefix
Aug 1 13:56:52 dhcp6c 39971 set IA_PD
Aug 1 13:56:52 dhcp6c 39971 send request to ff02::1:2%vtnet1
Aug 1 13:56:52 dhcp6c 39971 reset a timer on vtnet1, state=REQUEST, timeo=0, retrans=911
Aug 1 13:56:52 dhcp6c 39971 receive reply from fe80::2ec8:1bff:fe03:9b13%vtnet1 on vtnet1
Aug 1 13:56:52 dhcp6c 39971 get DHCP option client ID, len 14
Aug 1 13:56:52 dhcp6c 39971 DUID: 00:01:00:01:2b:b0:e9:8d:66:9f:b4:58:90:62
Aug 1 13:56:52 dhcp6c 39971 get DHCP option server ID, len 10
Aug 1 13:56:52 dhcp6c 39971 DUID: 00:03:00:01:2c:c8:1b:03:9b:13
Aug 1 13:56:52 dhcp6c 39971 get DHCP option IA_PD, len 41
Aug 1 13:56:52 dhcp6c 39971 IA_PD: ID=0, T1=43200, T2=69120
Aug 1 13:56:52 dhcp6c 39971 get DHCP option IA_PD prefix, len 25
Aug 1 13:56:52 dhcp6c 39971 IA_PD prefix: X::/58 pltime=77760 vltime=86400
Aug 1 13:56:52 dhcp6c 39971 dhcp6c Received REQUEST
Aug 1 13:56:52 dhcp6c 39971 make an IA: PD-0
Aug 1 13:56:52 dhcp6c 39971 create a prefix X::/58 pltime=77760, vltime=86400
Aug 1 13:56:52 dhcp6c 39971 add an address X/64 on vtnet2
Aug 1 13:56:52 dhcp6c 39971 add an address X/64 on vtnet0.6
Aug 1 13:56:52 dhcp6c 39971 add an address X/64 on vtnet0.4
Aug 1 13:56:52 dhcp6c 39971 add an address X/64 on vtnet0.5
Aug 1 13:56:52 dhcp6c 39971 executes /var/etc/dhcp6c_wan_script.sh
Aug 1 13:56:52 dhcp6c 48503 dhcp6c RELEASE, REQUEST or EXIT on vtnet1 running rc.newwanipv6
Aug 1 13:56:52 dhcp6c 39971 script "/var/etc/dhcp6c_wan_script.sh" terminated
Aug 1 13:56:52 dhcp6c 39971 removing an event on vtnet1, state=REQUEST
Aug 1 13:56:52 dhcp6c 39971 removing server (ID: 00:03:00:01:2c:c8:1b:03:9b:13)
Aug 1 13:56:52 dhcp6c 39971 got an expected reply, sleeping. -
@stephenw10 said in IPv6 Issues since upgrading:
You must have a globally routable IPv6 address somewhere though.
Yes, I can understand that and I can ping IPv6 addresses from pfSense but not from any of the LAN clients. The LAN clients to have IPv6 addresses. I enabled "Do not wait for RA" in the WAN DHCP6 Options and this is how my system looks now.
[2.7.0-RELEASE][admin@pfSense.localdomain]/root: ifconfig re0 re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether 00:e0:4c:68:1b:b2 inet6 fe80::2e0:4cff:fe68:1bb2%re0 prefixlen 64 scopeid 0x1 inet6 2402:7940:f000:200::111 prefixlen 128 inet 103.85.37.84 netmask 0xfffffc00 broadcast 103.85.39.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> [2.7.0-RELEASE][admin@pfSense.localdomain]/root:
The IPv6 gateway address shown for the WAN gateway in the GUI does not appear in the ifconfig results. Surely something is wrong here.
-
The gateway would be in the routing table not the ifconfig output. The only time you'd see it there is if it's a point to point connection like ovpn or ppp.
Can you ping out from pfSense's LAN side IPv6 address? If you can but not from clients it's probably a missing firewall rule. If not it's probably a missing route.
-
@stephenw10 said in IPv6 Issues since upgrading:
The gateway would be in the routing table not the ifconfig output.
OK, that makes sense. Here's the netstat output:
[2.7.0-RELEASE][admin@pfSense.localdomain]/root: netstat -rn Routing tables Internet: Destination Gateway Flags Netif Expire default 103.85.36.1 UGS re0 1.1.1.1 103.85.36.1 UGHS re0 10.0.8.0/24 link#7 U ovpns2 10.0.8.1 link#4 UHS lo0 10.10.10.1 link#4 UH lo0 103.85.36.0/22 link#1 U re0 103.85.36.1 link#1 UHS re0 103.85.37.84 link#4 UHS lo0 127.0.0.1 link#4 UH lo0 192.168.10.0/24 link#2 U re1 192.168.10.1 link#4 UHS lo0 Internet6: Destination Gateway Flags Netif Expire default fe80::9a49:25ff:fe0c:6d8b%re0 UGS re0 ::1 link#4 UHS lo0 2001:4860:4860::8888 fe80::9a49:25ff:fe0c:6d8b%re0 UGHS re0 2402:7940:f000:200::111 link#4 UHS lo0 2402:7940:f021:2900::/56 link#2 U re1 2402:7940:f021:2900:2e0:4cff:fe68:1bb3 link#4 UHS lo0 fe80::%re0/64 link#1 U re0 fe80::2e0:4cff:fe68:1bb2%lo0 link#4 UHS lo0 fe80::%re1/64 link#2 U re1 fe80::1:1%lo0 link#4 UHS lo0 fe80::2e0:4cff:fe68:1bb3%lo0 link#4 UHS lo0 fe80::%lo0/64 link#4 U lo0 fe80::1%lo0 link#4 UHS lo0 fe80::%ovpns2/64 link#7 U ovpns2 fe80::2e0:4cff:fe68:1bb2%lo0 link#4 UHS lo0 [2.7.0-RELEASE][admin@pfSense.localdomain]/root:
@stephenw10 said in IPv6 Issues since upgrading:
Can you ping out from pfSense's LAN side IPv6 address?
Not sure what you mean here. If I log into pfSense via SSH I get replies with "ping -6 google.com"However I cannot ping from any LAN Clients that do have IPv6 addresses. Any ideas appreciated.
-
But can you ping out from pfSense using the LAN address as source?
It could be whatever is upstream from pfSense does not have route for that /56 it's passing. -
@stephenw10 said in IPv6 Issues since upgrading:
But can you ping out from pfSense using the LAN address as source?
I'm sorry @stephenw10 but I still don't understand. Can you give me an example?
-
Like this:
-
@stephenw10 - Yep, here are the results.
PING google.com (142.250.66.238) from 192.168.10.1: 56 data bytes 64 bytes from 142.250.66.238: icmp_seq=0 ttl=121 time=6.247 ms 64 bytes from 142.250.66.238: icmp_seq=1 ttl=121 time=6.232 ms 64 bytes from 142.250.66.238: icmp_seq=2 ttl=121 time=6.627 ms --- google.com ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 6.232/6.369/6.627/0.183 ms
So I need to find the issue with the LAN clients not being able to ping IPv6 addresses.
EDIT: And the IPv6:
PING6(56=40+8+8 bytes) 2402:7940:f021:2900:2e0:4cff:fe68:1bb3 --> 2404:6800:4006:810::200e 16 bytes from 2404:6800:4006:810::200e, icmp_seq=0 hlim=121 time=6.173 ms 16 bytes from 2404:6800:4006:810::200e, icmp_seq=1 hlim=121 time=6.171 ms 16 bytes from 2404:6800:4006:810::200e, icmp_seq=2 hlim=121 time=6.723 ms --- google.com ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 6.171/6.356/6.723/0.260 ms
-
Ok so pings from the /56 delegated subnet work so upstream routing is fine. And pfSense knows that subnet is on the LAN. So as long as your have firewall rules to allow it clients should be able to ping out from an address in that subnet.
Check the firewall logs for blocked traffic.
Check the clients have a default v6 route via the pfSense LAN.
-
@stephenw10 said in IPv6 Issues since upgrading:
Check the firewall logs for blocked traffic.
Check the clients have a default v6 route via the pfSense LAN.
Thank you @stephenw10 for your assistance. I will do some checking.
Can you explain how the clients get a v6 route? I have DHCPv6 Server disabled as that is what my ISP told me.
Once again, I appreciate your time.