DHCPv6 / Routeradvertisement seems not to work / not to work correct
-
I did make screenshots from the dhcp6-screen, ra-screen and a comparison of the dhcp6-part of the dumped pf-sense config file.
If you look at the screenshots you can see that they are equal apart from the subnets.
If you look at the config comparison you see that they differ.
So it looks like switching between the two dhcp-server options, is causing problems
Perhaps I have to throw the dhcp-ra configs away and need to define them from zero ...
ANd If so
, for which option to go Kea or ISC- for reason of functionallity
- and to stay compatible with future community editions
-
I did even more tests E.g. defining a brand new vlan + interface. Reason, I did want to see how a new created dhcpv6/ra configuration looked (generated with actual Kea-setting)
The answer is again different, see comparation below (the 201 subjet is the new test vlan the 200 subnet is the test vlan I did create a couple of days ago)
I can just conclude that, the resulting config is again different, and not working.
I did also disable aDHCPV6 and RA settings, checking if that removes the related config. I does not. So that is no option to generate a brand new dhcpv6 config.
What exactly is causing the failure, I do not know
-
I just did another test:
- I downloaded the config
- removed the dhcpv6 part of the test_vlan with an editor
- did load the edited config file
After reboot
- ipconfig /renew => as expected no ipv6 other than link-local
- and dhcp6 and ra disabled
- enabled dhcpv6 only the ranges defined
- enabled ra only dhcp stateless
- ipconfig /renew => still only link-local
So ... it is probably not the dhcpv6 part of the config which is causing the trouble ....
Note to exclude any trouble related to FW-rules, I have an allow any thing ipv4 and ipv6 as first rule in floating for the test_vlan
-
Still trying to understand the problem .... it becomes strange
- connecting another PC to the same vlan ...
- and there are IPV6-addresses ...
But why ??? What is causing the problem ???
- I recently switched to windows 11 ... Is windows 11 causing the issue?? The other PC still has windows 10
- Is there a problem related to the fact that the PC has multiple NIC's ????
and if so what is the problem, is it:
1 - the (unique) DUID causing an issue at the PC-side OR
2 - is it the DUID causing an issue at the pfSense side
3 - is it a Windows 11 problem
4 ???
I do not know.., but I am 99% sure that it used to work in the past:
- using windows 10 on the same computer
- using a little bit older version of pfSense
PS. I did switch off the windows firewall ...... that did not change this very weird problem
-
Again another test
- I removed the 10G-card from the PC and rebooted the system
- the test-vlan on the remaining NIC still did not get IPV6-addresses
For info this PC has four NIC's
- two on the 10G-card
- one on the MB (I use this one for the test vlan)
- one wifi
Normally all disabled apart from 1 of the NIC's on the 10G-card.
-
@louis2 said in DHCPv6 / Routeradvertisement seems not to work / not to work correct:
Today I did some test
You didn't show the most important one :
Where are the logs ????You should see messages like :
If you do not see messages coming from your LAN devices, then they didn't ask for a DHCPv6 lease.
Check why they don't, or .... because you use extra complexity : VLANs - why DHCP6 traffic isn't pfSense.Btw : first post : you've shown what ipconfig tells you : no IPv6 GUA.
Then you launch a "ipconfig /renew", and then you have a IPv6 GUA (the "IPv6 Address".)
That tells me : if the device 'asks' for a IPv6 lease, then it will get one.Btw : I'm using kea, which is rock solid. The only issue is : a lot of option are still missing : the pfSense GUI part. The basic "deal out leases from a pool" works just fine for IPv4 and IPv6.
@louis2 said in DHCPv6 / Routeradvertisement seems not to work / not to work correct:
the fact that the PC has multiple NIC's ??
I've seen messages on the forum that, IIRC, it's using the same DUID on both inyterfaces. This will make the DHCP server complain, like "same DUID used on different networks" or "same DUID asks lease twice" or whatever.
Easy solution : stop using multiple NICs, or ask Microsoft to repair the issue ^^
Looks fine to me.
They have both their own prefix.
Pool has been set up.You can make it a bit simpler, like :
You use "tracking" on your LAN interfaces for your IPv6, right ?
@louis2 said in DHCPv6 / Routeradvertisement seems not to work / not to work correct:
RA stateless DHCP
I can't justify this : don't use stateless.
I prefer
but ... dono why ... probably because if works fine since I activated IPv6 .... a decade ago.
-
Of course I am scratching my hat. ...
For RA I have been using Stateless DHCP, since I want to assingn specific addresses to my machines. Also for the working interface / vlan. I tried the option you susgested but that does not make a differenc
I checked the state of my interfaces
Seems to be ok
I even removed all interfaces, they are reinstalled automaticly almost inmidiately. And again does not change any thing.
Looking with Wireshark, I do not see any IPV6 on the faulty interfaces, even not as a result of a ifconfig /renew.
I am simply lost for the moment. Dispite that it is highly unlikely, I am thinking in the direction of a windows 11 problem ..
To be continued (I have to fix the problem)
-
@louis2 said in DHCPv6 / Routeradvertisement seems not to work / not to work correct:
Seems to be ok .....
What I'm seeing looking at that info : IPv6 is supported.
Not that I'm seeing if you've selected a static IP setup, or if DHCP6 is activated ;)@louis2 said in DHCPv6 / Routeradvertisement seems not to work / not to work correct:
I do not see any IPV6 on the faulty interfaces
I presume : on the device side.
So that's solid info. No IPv6 info asked means : not get one. -
I agree of course, unless I overlooked something in the wireshark traces, but if so:
- Why for the hell is it working on the interface I normally use and
- not on the other once's
Am I really doing something wrong/stupid (and if so what!!??), or is there a bug in windows 11
-
@louis2 said in DHCPv6 / Routeradvertisement seems not to work / not to work correct:
not on the other once's
Windows is outsmarting you because it 'sees' on all interfaces the same gateway/DHCP server (same DUID, same MAC) so it uses just one interface to get an IPv6 lease ?
(just thinking out loud here) -
Yep my verdict is in the same direction. However .... I am almost sure it was working in WIndows10 (64bit Pro).
I forgot to add that windows is in my setup not aware of vlan's. As you probably allready expected, the switch is using pivd and untaged.
What ever it is, it not OK.
For further info:
I have a more or less redundent network structure. pfSense is connected to two main switches. One 10G-switch and one 1G-switch. Part of the vlans are related to the 10G-switch, other vlans to the 1G-switch.My main computer has an interface connected to the 1G-switch and another interface to the 10G-switch. That setup allows me control large parts of the network in case part of the network is unavailable due to maintenance actions or other outage.
O reading your mail again, all interfaces are assigned to different vlans/different = gateways / different subnets
And I think the DUID should be extended with an interface number ... -
I did repeat the test on another computer running windows 10 64bit pro.
--- Every thing working as it should ....I would have liked to do the test by downgrading the other computer to windows10. I tried that but I did not manage. That computer has its OS on an NVME-SSD. Trying to replace that OS with windows10 .... was an disaster. Luckily I could return to windows11 via a backup.
If someone running Windows11 (64 bit pro) system
- having two UTP-ports
- which are / or can be connected to two different vlan's
Is willing to repeat my test, checking if IPV6 is working on both ports. I would appreciate.
If it is not working there as well we have the proof that there is a WIndows11 bug.
-
I found the problem
After spending lots of time/effort searching in the wrong direction, I found the problem.
The option ^Block Unown Multicast Address^ in a relative old 1G-switch, in front of my PC, seems to have blocked IPV6.
Strange that I did not notice that in the pastWhat ever disabeling that option and swithing the NIC off and on fixed the problem.
