IPv6 Issues since upgrading
-
@stephenw10 said in IPv6 Issues since upgrading:
Check the firewall logs for blocked traffic.
Check the clients have a default v6 route via the pfSense LAN.
Thank you @stephenw10 for your assistance. I will do some checking.
Can you explain how the clients get a v6 route? I have DHCPv6 Server disabled as that is what my ISP told me.
Once again, I appreciate your time.
-
They should see it via router advertisements. If they are getting an IP in that subnet then SLAAC must be working so I'd expect them to get a gateway/route.
Not sure why your ISP told you to disable the dhcpv6 server though. You should be able to use both.
-
@stephenw10 said in IPv6 Issues since upgrading:
If they are getting an IP in that subnet then SLAAC must be working so I'd expect them to get a gateway/route.
This is a typical Windows PC that can't connect to v6 addresses.
Wireless LAN adapter WiFi: Connection-specific DNS Suffix . : localdomain Description . . . . . . . . . . . : Qualcomm Atheros QCA61x4A Wireless Network Adapter Physical Address. . . . . . . . . : D8-C4-97-8B-1F-56 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::f2e3:d343:2681:34fe%9(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.10.182(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, 2 August 2023 9:00:55 AM Lease Expires . . . . . . . . . . : Wednesday, 2 August 2023 11:00:49 AM Default Gateway . . . . . . . . . : fe80::2e0:4cff:fe68:1bb3%9 192.168.10.1 DHCP Server . . . . . . . . . . . : 192.168.10.1 DHCPv6 IAID . . . . . . . . . . . : 114869399 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-23-DD-48-A7-D8-C4-97-8B-1F-56 DNS Servers . . . . . . . . . . . : 192.168.10.1 NetBIOS over Tcpip. . . . . . . . : Enabled Connection-specific DNS Suffix Search List :
-
It doesn't have a routable IPv6 address from the /56 subnet so.... it can't work.
Did you also disable router advertisements on the LAN? That needs to be enabled.
-
@stephenw10 said in IPv6 Issues since upgrading:
Did you also disable router advertisements on the LAN? That needs to be enabled.
Is this what you mean?
-
Yes. Try enabling the dhcpv6 server again though.
-
@stephenw10 - That has done the trick, many thanks. I never thought about enabling the DHCPv6 Server as my ISP, and others I've seen, said to keep it disabled. Here's an extract from what my ISP says:
22. Go to Services, DHCPv6 Server & RA 23. Make sure on the first page (DHCPv6 server) the box is unticked – you do not want to enable the DHCPv6 server on the LAN. 24. Select the router advertisements tab on that page. 25. Change router mode to: Assisted – RA Flags [managed, other stateful], Prefix Flags... 26. Router priory set to Normal (it should already be preset to that – if not, change it to normal). 27. Leave everything else on that page blank.
-
@poppadum said in IPv6 Issues since upgrading:
The gateway IPv6 address shown doesn't seem to be valid for interface pppoe0:
I'm not sure where it's getting that gateway address from - it's set to dynamic in the web interface.
After a bit more investigation I've discovered that the default gateway address pfSense is picking up is actually at my ISP's end and is correct.
My problem seems to be exactly the same as @jordanp123 has: pfSense is not adding a default ipv6 route:
[2.7.0-RELEASE][admin@pfSense]/root: route -6 get default route: route has not been found
My ISP uses PPPoE so I can temporarily fix it with
route -6 add default -interface pppoe0
But if my PPP connection drops it loses the default route again.Looking at the output of
/etc/rc.newwanipv6
when I rebooted pfSense I'm seeing a few Gateway, NONE AVAILABLE errors:Aug 2 10:12:39 pfSense php-fpm[368]: /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Aug 2 10:12:39 pfSense php-fpm[368]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2001:8b0:1111:1111:0:ffff:51bb:1aef) (interface: wan) (real interface: pppoe0). Aug 2 10:12:39 pfSense php-fpm[368]: /rc.newwanipv6: Removing static route for monitor 2001:8b0:1111:1111:0:ffff:51bb:1aef and adding a new route through dynamic Aug 2 10:12:39 pfSense check_reload_status[406]: rc.newwanipv6 starting pppoe0 Aug 2 10:12:40 pfSense php-fpm[86171]: /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Aug 2 10:12:40 pfSense php-fpm[86171]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2001:8b0:1111:1111:0:ffff:51bb:1aef) (interface: wan) (real interface: pppoe0). Aug 2 10:12:40 pfSense php-fpm[86171]: /rc.newwanipv6: Removing static route for monitor 2001:8b0:1111:1111:0:ffff:51bb:1aef and adding a new route through fe80::203:97ff:feba:900%pppoe0 Aug 2 10:12:41 pfSense php-fpm[86171]: /rc.newwanipv6: dpinger: status socket /var/run/dpinger_WAN_DHCP6~c91b75a6~2001:8b0:1111:1111:0:ffff:51bb:1aef.sock not found Aug 2 10:12:41 pfSense php-fpm[86171]: /rc.newwanipv6: dpinger: status socket /var/run/dpinger_WAN_PPPOE~81.187.xxx.xxx~81.187.81.187.sock not found Aug 2 10:12:41 pfSense php-fpm[86171]: /rc.newwanipv6: Gateway, none 'available' for inet, use the first one configured. 'WAN_PPPOE' Aug 2 10:12:41 pfSense php-fpm[86171]: /rc.newwanipv6: Gateway, NONE AVAILABLE Aug 2 10:12:41 pfSense php-fpm[368]: /rc.newwanipv6: The command '/usr/local/bin/dpinger -S -r 0 -i WAN_DHCP6 -B 2001:8b0:1111:1111:0:ffff:51bb:1aef -p /var/run/dpinger_WAN_DHCP6~c91b75a6~2001:8b0:1111:1111:0:ffff:51bb:1aef.pid -u /var/run/dpinger_WAN_DHCP6~c91b75a6~2001:8b0:1111:1111:0:ffff:51bb:1aef.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 2001:8b0:1111:1111:0:ffff:51bb:1aef >/dev/null' returned exit code '1', the output was '' Aug 2 10:12:41 pfSense php-fpm[368]: /rc.newwanipv6: Error starting gateway monitor for WAN_DHCP6 Aug 2 10:12:42 pfSense php-fpm[368]: /rc.newwanipv6: Gateway, NONE AVAILABLE Aug 2 10:12:42 pfSense php-fpm[368]: /rc.newwanipv6: Gateway, NONE AVAILABLE Aug 2 10:12:43 pfSense php-fpm[86171]: /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Aug 2 10:12:43 pfSense php-fpm[86171]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2001:8b0:1111:1111:0:ffff:51bb:1aef) (interface: wan) (real interface: pppoe0). Aug 2 10:12:43 pfSense php-fpm[86171]: /rc.newwanipv6: Removing static route for monitor 2001:8b0:1111:1111:0:ffff:51bb:1aef and adding a new route through fe80::203:97ff:feba:900%pppoe0 Aug 2 10:12:45 pfSense php-fpm[86171]: /rc.newwanipv6: Gateway, NONE AVAILABLE Aug 2 10:12:45 pfSense php-fpm[86171]: /rc.newwanipv6: Gateway, NONE AVAILABLE
Are these likely to be relevant?
-
@stephenw10 said in IPv6 Issues since upgrading:
Try enabling the dhcpv6 server
That doesn't fix the problem for me unfortunately
-
Do you have the default v6 gateway set to WAN_DHCP6 in System > Routing?
-
@stephenw10 said in IPv6 Issues since upgrading:
Do you have the default v6 gateway set to WAN_DHCP6 in System > Routing?
Both ipv4 & ipv6 gateways are set to automatic:
-
Set them both to the specific gateways and retest. See if you still see those gateway log entries.
Though since you only have one valid v4 and v6 gateway it should work in automatic.
-
@stephenw10 said in IPv6 Issues since upgrading:
Set them both to the specific gateways and retest. See if you still see those gateway log entries.
Ah yes, initial testing suggests that explicitly setting the ipv6 gateway to WAN_DHCP6 makes a difference. I now have a default route in place and LAN clients can ping the ipv6 internet.
There are indeed fewer mentions of the Gateway, NONE AVAILABLE error in the logs:
Aug 2 17:46:39 pfSense php-fpm[368]: /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Aug 2 17:46:39 pfSense php-fpm[368]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2001:8b0:1111:1111:0:ffff:51bb:1aef) (interface: wan) (real interface: pppoe0). Aug 2 17:46:39 pfSense php-fpm[368]: /rc.newwanipv6: Removing static route for monitor 2001:8b0:1111:1111:0:ffff:51bb:1aef and adding a new route through dynamic Aug 2 17:46:40 pfSense check_reload_status[406]: rc.newwanipv6 starting pppoe0 Aug 2 17:46:41 pfSense php-fpm[81388]: /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Aug 2 17:46:41 pfSense php-fpm[81388]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2001:8b0:1111:1111:0:ffff:51bb:1aef) (interface: wan) (real interface: pppoe0). Aug 2 17:46:41 pfSense php-fpm[81388]: /rc.newwanipv6: Removing static route for monitor 2001:8b0:1111:1111:0:ffff:51bb:1aef and adding a new route through fe80::203:97ff:feba:900%pppoe0 Aug 2 17:46:41 pfSense php-fpm[368]: /rc.newwanipv6: dpinger: status socket /var/run/dpinger_WAN_DHCP6~c91b75a6~2001:8b0:1111:1111:0:ffff:51bb:1aef.sock not found Aug 2 17:46:41 pfSense php-fpm[368]: /rc.newwanipv6: dpinger: No dpinger session running for gateway WAN_PPPOE Aug 2 17:46:41 pfSense php-fpm[368]: /rc.newwanipv6: Gateway, none 'available' for inet, use the first one configured. 'WAN_PPPOE' Aug 2 17:46:41 pfSense php-fpm[81388]: /rc.newwanipv6: dpinger: status socket /var/run/dpinger_WAN_DHCP6~c91b75a6~2001:8b0:1111:1111:0:ffff:51bb:1aef.sock not found Aug 2 17:46:41 pfSense php-fpm[81388]: /rc.newwanipv6: dpinger: status socket /var/run/dpinger_WAN_PPPOE~81.187.xxx.xxx~81.187.81.187.sock not found Aug 2 17:46:41 pfSense php-fpm[81388]: /rc.newwanipv6: Gateway, none 'available' for inet, use the first one configured. 'WAN_PPPOE' Aug 2 17:46:42 pfSense php-fpm[368]: /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Aug 2 17:46:42 pfSense php-fpm[368]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2001:8b0:1111:1111:0:ffff:51bb:1aef) (interface: wan) (real interface: pppoe0). Aug 2 17:46:42 pfSense php-fpm[368]: /rc.newwanipv6: Removing static route for monitor 2001:8b0:1111:1111:0:ffff:51bb:1aef and adding a new route through fe80::203:97ff:feba:900%pppoe0 Aug 2 17:46:44 pfSense php-fpm[368]: /rc.newwanipv6: Gateway, NONE AVAILABLE
@stephenw10 said in IPv6 Issues since upgrading:
Though since you only have one valid v4 and v6 gateway it should work in automatic.
Yes, both gateways set to automatic was working in v.2.6
-
Yes, something has changed there. Unclear what though. Still digging.