Implemented IPV6...Still Feel Left in the Dark!
-
@NollipfSense said in Implemented IPV6...Still Feel Left in the Dark!:
How did you get your DHCPv5 server to show the WAN IP
After :
Set WAN to DHCP6 and just one setting in the "DHCPv6 Prefix Delegation size" : /64
Set the LAN interface up to tracking, where "Track IPv6 Interface" is set to WAN and selected
"0" here (no choice, just one prefix)Now, when I activate the LAN DHCPv6 server, the prefix is shown as I've shown above, as it is known upfront : Delegated Prefix: WAN/0 (2a01:cb19:beef:a6dc::/64) : selected prefix "0" from the available 'range" (just 1 or 0 from 0) = 2a01:cb19:beef:a6dc:: with a standard /64 size.
The whole goal of using the DHCPv6 server is that is shouldn't use 'ULA" IPv6 .... (AFAIK).
The pfSense LAN (OPTx) DHCPv6 server should be one of the assigned (on the LAN/OPTx settings page) assigned to pfSense by an upstream DHCPv6 server, like my ISP router. Or it could even come from much farther upstream, your ISP equipment.
This obtained - by the pfSense WAN DHCPc6 client - prefix should be shown in the DHCP logs. -
@Gertjan It seems that my problem is that it does not show the Delegated Prefix despite DCHPv6 is enabled showing W/0...no IPv6 IP...then device gets an IPv6 IP despite Dashboard shows no LAN IPv6 IP...firewall shows no traversal...only if configure LAN interface via cmdline does it work but that uses the ULA...I did enabled IPv6 debug...
-
@NollipfSense said in Implemented IPV6...Still Feel Left in the Dark!:
I did enabled IPv6 debug...
dhcp6c logs ?
Like these : (read from bottom to top - it all happens in less then 30 ms)
2023-10-17 14:53:45.531447+02:00 dhcp6c 6769 got an expected reply, sleeping. 2023-10-17 14:53:45.531395+02:00 dhcp6c 6769 removing an event on ix3, state=RENEW 2023-10-17 14:53:45.531316+02:00 dhcp6c 6769 script "/var/etc/dhcp6c_wan_script.sh" terminated 2023-10-17 14:53:45.530464+02:00 dhcp6c 68882 dhcp6c renew, no change - bypassing update on ix3 2023-10-17 14:53:45.524339+02:00 dhcp6c 6769 executes /var/etc/dhcp6c_wan_script.sh 2023-10-17 14:53:45.524316+02:00 dhcp6c 6769 update a prefix 2a01:cb19:beef:a6dc::/64 pltime=600, vltime=1800 2023-10-17 14:53:45.524284+02:00 dhcp6c 6769 update an IA: PD-0 2023-10-17 14:53:45.524261+02:00 dhcp6c 6769 Domain search list[0] home. 2023-10-17 14:53:45.524238+02:00 dhcp6c 6769 nameserver[0] 2a01:cb19:907:a600:46d4:54ff:fe2a:3600 2023-10-17 14:53:45.524202+02:00 dhcp6c 6769 dhcp6c Received INFO 2023-10-17 14:53:45.524179+02:00 dhcp6c 6769 get DHCP option domain search list, len 6 2023-10-17 14:53:45.524158+02:00 dhcp6c 6769 get DHCP option DNS, len 16 2023-10-17 14:53:45.524139+02:00 dhcp6c 6769 preference: 255 2023-10-17 14:53:45.524119+02:00 dhcp6c 6769 get DHCP option preference, len 1 2023-10-17 14:53:45.524094+02:00 dhcp6c 6769 IA_PD prefix: 2a01:cb19:beef:a6dc::/64 pltime=600 vltime=1800 2023-10-17 14:53:45.524068+02:00 dhcp6c 6769 get DHCP option IA_PD prefix, len 25 2023-10-17 14:53:45.524048+02:00 dhcp6c 6769 IA_PD: ID=0, T1=300, T2=480 2023-10-17 14:53:45.524028+02:00 dhcp6c 6769 get DHCP option IA_PD, len 41 2023-10-17 14:53:45.524008+02:00 dhcp6c 6769 DUID: 00:03:00:01:44:d4:54:2a:36:00 2023-10-17 14:53:45.523982+02:00 dhcp6c 6769 get DHCP option server ID, len 10 2023-10-17 14:53:45.523961+02:00 dhcp6c 6769 DUID: 00:01:00:01:2b:5a:d7:6b:90:ec:77:29:39:2c 2023-10-17 14:53:45.523929+02:00 dhcp6c 6769 get DHCP option client ID, len 14 2023-10-17 14:53:45.523896+02:00 dhcp6c 6769 receive reply from fe80::46d4:54ff:fe2a:3600%ix3 on ix3 2023-10-17 14:53:45.505302+02:00 dhcp6c 6769 send renew to ff02::1:2%ix3 2023-10-17 14:53:45.504977+02:00 dhcp6c 6769 set IA_PD 2023-10-17 14:53:45.504957+02:00 dhcp6c 6769 set IA_PD prefix 2023-10-17 14:53:45.504934+02:00 dhcp6c 6769 set option request (len 4) 2023-10-17 14:53:45.504912+02:00 dhcp6c 6769 set elapsed time (len 2) 2023-10-17 14:53:45.504893+02:00 dhcp6c 6769 set server ID (len 10) 2023-10-17 14:53:45.504873+02:00 dhcp6c 6769 set client ID (len 14) 2023-10-17 14:53:45.504848+02:00 dhcp6c 6769 a new XID (806046) is generated 2023-10-17 14:53:45.504824+02:00 dhcp6c 6769 Sending Renew 2023-10-17 14:53:45.504791+02:00 dhcp6c 6769 reset a timer on ix3, state=RENEW, timeo=0, retrans=9648 2023-10-17 14:53:45.504702+02:00 dhcp6c 6769 IA timeout for PD-0, state=ACTIVEIt looks a bit like DHCPv4 : the client set some options, and fires a request to the server.
Identification isn't MAC based, but "dude" (DUID) based.
"2a01:cb19:beef:a6dc::/64" is the prefix pfSense received - and is used for the DHCPv6 server on LAN.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
Oct 17 08:53:03 dhcp6c 19566 duplicated DNS address (fd00:976a::10)
Oct 17 08:53:03 dhcp6c 19566 duplicated DNS address (fd00:976a::9)
Oct 17 08:53:03 dhcp6c 19566 duplicated DNS address (fd00:976a::10)
Oct 17 08:53:03 dhcp6c 19566 duplicated DNS address (fd00:976a::9)
Oct 17 08:53:03 dhcp6c 19566 duplicated DNS address (fd00:976a::10)
Oct 17 08:53:03 dhcp6c 19566 duplicated DNS address (fd00:976a::9)
Oct 17 08:53:03 dhcp6c 19566 duplicated DNS address (fd00:976a::10)
Oct 17 08:53:03 dhcp6c 19566 duplicated DNS address (fd00:976a::9)
Oct 17 08:53:03 dhcp6c 19566 duplicated DNS address (fd00:976a::10)
Oct 17 08:53:03 dhcp6c 19566 duplicated DNS address (fd00:976a::9)
Oct 17 08:53:03 dhcp6c 19566 duplicated DNS address (fd00:976a::10)
Oct 17 08:53:03 dhcp6c 19566 duplicated DNS address (fd00:976a::9)
Oct 17 08:53:03 dhcp6c 19566 duplicated DNS address (fd00:976a::10)
Oct 17 08:53:03 dhcp6c 19566 get DHCP option IA_PD, len 18
Oct 17 08:53:03 dhcp6c 19566 IA_PD: ID=0, T1=0, T2=0
Oct 17 08:53:03 dhcp6c 19566 get DHCP option status code, len 2
Oct 17 08:53:03 dhcp6c 19566 status code: no prefixes
Oct 17 08:53:03 dhcp6c 19566 server ID: 00:03:00:01:54:47:cc:30:05:31, pref=-1
Oct 17 08:53:03 dhcp6c 19566 advertise contains no address/prefix
Oct 17 08:53:07 dhcpd 27048 Internet Systems Consortium DHCP Server 4.4.3-P1
Oct 17 08:53:07 dhcpd 27048 Copyright 2004-2022 Internet Systems Consortium.
Oct 17 08:53:07 dhcpd 27048 All rights reserved.I shall try rebooting the modem...
pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud. -
@Gertjan Restarted the modem...
Oct 17 09:00:59 dhcp6c 19566 duplicated DNS address (fd00:976a::10)
Oct 17 09:00:59 dhcp6c 19566 get DHCP option IA_PD, len 18
Oct 17 09:00:59 dhcp6c 19566 IA_PD: ID=0, T1=0, T2=0
Oct 17 09:00:59 dhcp6c 19566 get DHCP option status code, len 2
Oct 17 09:00:59 dhcp6c 19566 status code: no prefixes
Oct 17 09:00:59 dhcp6c 19566 server ID: 00:03:00:01:54:47:cc:30:05:31, pref=-1
Oct 17 09:00:59 dhcp6c 19566 advertise contains no address/prefix
Oct 17 09:02:50 dhcp6c 19566 Sending Solicit
Oct 17 09:02:50 dhcp6c 19566 set client ID (len 14)
Oct 17 09:02:50 dhcp6c 19566 set elapsed time (len 2)
Oct 17 09:02:50 dhcp6c 19566 set option request (len 4)
Oct 17 09:02:50 dhcp6c 19566 set IA_PD prefix
Oct 17 09:02:50 dhcp6c 19566 set IA_PD
Oct 17 09:02:50 dhcp6c 19566 send solicit to ff02::1:2%vtnet0
Oct 17 09:02:50 dhcp6c 19566 reset a timer on vtnet0, state=SOLICIT, timeo=11, retrans=120720
Oct 17 09:02:50 dhcp6c 19566 receive advertise from fe80::5647:ccff:fe30:531%vtnet0 on vtnet0
Oct 17 09:02:50 dhcp6c 19566 get DHCP option server ID, len 10
Oct 17 09:02:50 dhcp6c 19566 DUID: 00:03:00:01:54:47:cc:30:05:31
Oct 17 09:02:50 dhcp6c 19566 get DHCP option client ID, len 14
Oct 17 09:02:50 dhcp6c 19566 DUID: 00:01:00:01:2c:b2:0d:3d:36:62:bf:c7:26:75
Oct 17 09:02:50 dhcp6c 19566 get DHCP option opt_82, len 4
Oct 17 09:02:50 dhcp6c 19566 unknown or unexpected DHCP6 option opt_82, len 4
Oct 17 09:02:50 dhcp6c 19566 get DHCP option DNS, len 256 -
@NollipfSense said in Implemented IPV6...Still Feel Left in the Dark!:
advertise contains no address/prefix
I presume that the other side said : "sorry, no prefixes for you".
My example a both is just a 'renew' from what was already obtained.
I do see the setup part2023-10-17 14:53:45.504977+02:00 dhcp6c 6769 set IA_PD 2023-10-17 14:53:45.504957+02:00 dhcp6c 6769 set IA_PD prefix 2023-10-17 14:53:45.504934+02:00 dhcp6c 6769 set option request (len 4) 2023-10-17 14:53:45.504912+02:00 dhcp6c 6769 set elapsed time (len 2) 2023-10-17 14:53:45.504893+02:00 dhcp6c 6769 set server ID (len 10) 2023-10-17 14:53:45.504873+02:00 dhcp6c 6769 set client ID (len 14)which includes the question "a prefix for me please".
Yours doesn't show that. And "not asked" is "not getting".
Another xample :
I've :
IA_PD: ID=0, T1=300, T2=480
You :
IA_PD: ID=0, T1=0, T2=0And this one goes without comment :
status code: no prefixesStill : my dhcp6c clients settings :
with just one explanation : I've set "/64" and that's it. No other options.
Not that it really matters, but where is the upstream dhcp6 server ? An ISP router ?
At the ISP side ?Be aware : if you have even the slightest thoughts that your ISP isn't IPv6-ready jet, do not forget the he.net option.
It's free, probably not the speediest one, but it works as advertised. You get a static /48 (that a lot of prefixes ...) I've been using them for many years.
No 'tracking' needed : you assign static IPv6 /4 to every LAN and done.
If needed, set up a DHCPv6 server on every LAN with a pool in the prefix of that LAN, and you're good.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@Gertjan Wow, I thought, according to the instructions I followed, I needed to enable these:
-
If you only request an IPv6 prefix, you will not get an IPv6 address on your WAN port. That's not a problem, but makes it easier to use a VPN, etc. if you have one. So, if your ISP provides a WAN address, you might as well use it. Your prefix delegation size should be whatever your ISP provides. Mine provides a /56 prefix, so I put 56 in that box.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@Gertjan said in Implemented IPV6...Still Feel Left in the Dark!:
but where is the upstream dhcp6 server ? An ISP router ?
At the ISP side ?Either I am not asking or the ISP (T-Mobile/Fast 5688w)
Oct 17 09:53:39 dhcp6c 22871 Sending Solicit
Oct 17 09:53:39 dhcp6c 22871 set client ID (len 14)
Oct 17 09:53:39 dhcp6c 22871 set identity association
Oct 17 09:53:39 dhcp6c 22871 set elapsed time (len 2)
Oct 17 09:53:39 dhcp6c 22871 set option request (len 4)
Oct 17 09:53:39 dhcp6c 22871 set IA_PD
Oct 17 09:53:39 dhcp6c 22871 send solicit to ff02::1:2%vtnet0
Oct 17 09:53:39 dhcp6c 22871 reset a timer on vtnet0, state=SOLICIT, timeo=2, retrans=3915
Oct 17 09:53:43 dhcp6c 22871 Sending Solicit
Oct 17 09:53:43 dhcp6c 22871 set client ID (len 14)
Oct 17 09:53:43 dhcp6c 22871 set identity association
Oct 17 09:53:43 dhcp6c 22871 set elapsed time (len 2)
Oct 17 09:53:43 dhcp6c 22871 set option request (len 4)
Oct 17 09:53:43 dhcp6c 22871 set IA_PD
Oct 17 09:53:43 dhcp6c 22871 send solicit to ff02::1:2%vtnet0
Oct 17 09:53:43 dhcp6c 22871 reset a timer on vtnet0, state=SOLICIT, timeo=3, retrans=7534
Oct 17 09:53:51 dhcp6c 22871 Sending Solicit
Oct 17 09:53:51 dhcp6c 22871 set client ID (len 14)
Oct 17 09:53:51 dhcp6c 22871 set identity association
Oct 17 09:53:51 dhcp6c 22871 set elapsed time (len 2)
Oct 17 09:53:51 dhcp6c 22871 set option request (len 4)
Oct 17 09:53:51 dhcp6c 22871 set IA_PD
Oct 17 09:53:51 dhcp6c 22871 send solicit to ff02::1:2%vtnet0
Oct 17 09:53:51 dhcp6c 22871 reset a timer on vtnet0, state=SOLICIT, timeo=4, retrans=14941
Oct 17 09:54:06 dhcp6c 22871 Sending Solicit
Oct 17 09:54:06 dhcp6c 22871 set client ID (len 14)
Oct 17 09:54:06 dhcp6c 22871 set identity association
Oct 17 09:54:06 dhcp6c 22871 set elapsed time (len 2)
Oct 17 09:54:06 dhcp6c 22871 set option request (len 4)
Oct 17 09:54:06 dhcp6c 22871 set IA_PD -
Thats a lot "solicits" without any answer.
Do you have a link about your ISP's instructions ?
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@JKnott This is my prefix according to my ISP DHCPv6: 2607:fd90:d591:4ef3::/64
Where could I manually input this?
-
@Gertjan Going to look up...will be holding for 1/2 hr to speak with the ISP support.
-
@Gertjan said in Implemented IPV6...Still Feel Left in the Dark!:
Do you have a link about your ISP's instructions
The Bad news - the T-Mobile Fast 5688w does not support passing the prefix...I get a IPv6/64 but it's one single IP.
pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud. -
@NollipfSense said in Implemented IPV6...Still Feel Left in the Dark!:
I get a IPv6/64 but it's one single IP.
With Rogers, I get 1 address on the phone, but a /64 prefix for tethered devices. I can tether via WiFi or USB.
-
@JKnott What if I add the prefix...but it seems that the ISP changes the IPv6 frequently...where would I add the static address manually or use a IPv6 bridge to the ULA? I can add static IPv6 for IPv6 configuration type...
-
I assume your ISP uses DHCPv6-PD, unless they tell you otherwise. Is that what you do? You do not normally add the prefix manually. Have you called your ISP's support? They can tell you better than we can.
-
@JKnott said in Implemented IPV6...Still Feel Left in the Dark!:
Have you called your ISP's support?
Yes, that's how I got the supposed news. Then, they offered a Cradlepoint 300...first, they said it's the same $55/mth but a onetime $75 charge for the modem. So, I said okay and went to checkout...the modem is free but $85/mth. I said stop, bye.
Apparently, the modem needs to have two lines, one for data and the other to pass the IPv6 prefix, hence, two sims and why the Fast5688w would not work having one line...
-
That doesn't seem right. With IP either v4 or v6, it's all just one stream of data. I have set up some Cradlepoints a few years ago, and there wasn't much to set up. Of course they were only used for IPv4 and were a fallback for the ADSL connection.
-
@JKnott said in Implemented IPV6...Still Feel Left in the Dark!:
I have set up some Cradlepoints a few years ago
The Cradlepoint they offered is a 5g...
-
@NollipfSense said in Implemented IPV6...Still Feel Left in the Dark!:
does not support passing the prefix...I get a IPv6/64 but it's one single IP
Which means : you can use a -not router type- device like a PC, or a phone.
@NollipfSense said in Implemented IPV6...Still Feel Left in the Dark!:
What if I add the prefix...but it seems that the ISP changes the IPv6 frequently...where would I add the static address manually or use a IPv6 bridge to the ULA? I can add static IPv6 for IPv6 configuration type...
That exactly where 'prefixes' come in.
They can change upon renegotiation (dhcpc6 activity on WAN, as it talks to the upstream DHCP-PD ISP server). If the prefix(es) change : the DHCPv6 LAN server are informed.
pfSense routing tables are modified accordingly.
At that moment, your LAN devices still have an now old and unusable IPv6 (the GUA one). From what I understand, IPv6 traffic is still possible as the device will chose to use its 'local' 0xf...... IPv6.
When your LAN devices renew their IPv6 lease, they'll get a new, IPV6 - the GUA - that will 'work'.If you need (2023: its still "want") to access your IPv6 capable device from the internet (just a firewall rule needed, no more NAT) that the constantly changing IPv6 make this quiet impossible.
Easy conclusion : ISPs that change their prefixes often should be ... left alone without clients. That will make them think they will adapt fast.
@NollipfSense said in Implemented IPV6...Still Feel Left in the Dark!:
The Cradlepoint they offered is a 5g...
5G is nice.
If the emitter is really close by.
See the pattern : with 2G, speed wasn't a thing, at most a couple of Mbits/sec but large zones were covered. Large zone means : a lot of user so speed was even worse.
3G : faster, but the signal can't travel as far: smaller zones, and speed was better as there where less user per zone. Way more expensive for the ISP of course.
4G : you know where this is heading.
5G : the best ... or worst - in everything.My iPhone even elects to use 4G as 5G, if available, is nice for the need of speed, but its a battery drain.
Here in France : 5G : only the big (50000+ habitats) cities.If you have a 5G nearby, that you aren't exactly living in the middle of now where, and there must be alternatives available.
If not .... don't waste your time. Do the thing that work well : you can 'live' without IPv6 for now - your 5G ISP will learn there lessons while you wait.
Or go he.net.
