DHCPv6 with AT&T Uverse issue

Spy Alelo

Here's some more logs which show the prefix being offered, but it ends on XID mismatch again:

Sep 24 04:20:52	dhcp6c	18418	XID mismatch
Sep 24 04:20:52	dhcp6c	18418	IA_NA address: 2001:506:7112:4ad::1 pltime=3600 vltime=3600
Sep 24 04:20:52	dhcp6c	18418	get DHCP option IA address, len 24
Sep 24 04:20:52	dhcp6c	18418	IA_NA: ID=1, T1=1800, T2=2880
Sep 24 04:20:52	dhcp6c	18418	get DHCP option identity association, len 40
Sep 24 04:20:52	dhcp6c	18418	DUID: 00:02:00:00:0d:e9:XXXXXXXXXXXXXXXXXXXXXX
Sep 24 04:20:52	dhcp6c	18418	get DHCP option client ID, len 28
Sep 24 04:20:52	dhcp6c	18418	DUID: 00:03:00:01:e4:81:84:49:fc:0f
Sep 24 04:20:52	dhcp6c	18418	get DHCP option server ID, len 10
Sep 24 04:20:52	dhcp6c	18418	receive advertise from fe80::e681:84ff:fe49:fc0f%igc0 on igc0

Spy Alelo

Sorry to keep adding, but after doing another pcap, I noticed that pfSense is soliciting two XIDs, one right after the other. I did verify that it doesn't have two instances of it running either, very confusing:

ps uxawww | grep dhcp6c
root     9838   0.0  0.0  12820   2644  -  Is   16:10       0:00.01 /usr/local/sbin/dhcp6c -D -c /var/etc/dhcp6c.conf -p /var/run/dhcp6c.pid igc0
root     6350   0.0  0.0  12768   2432  0  S+   16:37       0:00.00 grep dhcp6c

JKnott

@Spy-Alelo

Do a packet capture of the full DHCPv6 sequence and post the capture file here.

Here's what it looks like with my ISP (Rogers):

Spy Alelo

@JKnott here's my packet capture packetcapture-igc0-20230930151238.zip

JKnott

@Spy-Alelo

Is that from the beginning, following my instructions?

Spy Alelo

@JKnot no reboot, just link/unlink of the interfaces.

I can do the reboot and re-link the interfaces, just give me a few minutes.

Spy Alelo

@JKnott here ya go, sorry about that packetcapture-igc0-20230930172601.zip

JKnott

@Spy-Alelo

Why is it so different from what mine looks like? DHCPv6 works pretty much the same as on IPv4, with 4 steps to getting the address.

Spy Alelo

@JKnott I don't know what to tell ya! I wish I knew, I am still trying to figure out what the issue is with my setup.

Spy Alelo

I see you do get a solicit, advertise, request and a reply between their DHCP servers and your pfSense box.

Mine gets stuck between replies, rebinds and solicit/advertise.

There's something either not listening to a reply, or gets ignored. AT&T's IPv6 implementation is a pain in the butt.

JKnott

@Spy-Alelo

Try connecting a computer to the modem and see if it gets an IPv6 address. You can also install Wireshark on the computer to do the captures.

Is there anyone else here who's on AT&T that can help? I'm on Rogers, in Canada, and they work fine.

Spy Alelo

@JKnott IPv6 works fine with their gateway.

AT&T goes out of their way to make sure that you only use their gateway and pay for it for as long as you have their service, even though is absolutely terrible and unreliable.

I’ve been able to bypass it entirely for over 2 years now, but only over IPv4. From what I read, some folks have been able to get IPv6 leases with some additional work, but I’m stuck.

jmmm

Same problem. Any update?

Spy Alelo

@jmmm I moved on with OPNsense and it worked on the first try. Full IPv6 routing with no issues. I never figured out why it wouldn’t work with pfSense.

jmmm

Has anyone using any of the uATT Fiber gateway bypass methods gotten IPV6 working with ATT Fiber?

jmmm

after a bunch of screwing around, I have it working. I wrote up what I found here:
https://forum.netgate.com/topic/188676/ipv6-dhcp-client-with-att-fiber-without-gateway-working

In particular:
In the instructions at [https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html], section Add Modem-WAN Bridge Rule, the instructions say to set Protocol
Any. If you do this, the DHCP6 requests from the modem will be forwarded through PFSENSE to the ONT and cause XID mismatch errors. This should instead be set for Protocol IEEE 802.1X.

and a lot of rebooting or it will not work.