Problems with starlink ipv6

johnymarconi

I'm at my wits end trying to figure out whats going on with my Starlinks IPv6. I had it working fine for a year+, then when I got new hardware ipv6 won't work and only WAN will get an address. Best I can tell is there is some configuration somewhere that is hosing things from my config restore that I did, a lot of things broke when I did that and had to fix them; and I've read elsewhere that there were some leftover or corrupt files causing similar issues.

Just to test and verify I'm actually getting a /56 like Starlink says they do (and I was previously), I re-enabled their router from bypass mode. Sure enough all my devices on their wifi (so bypassing pfsense) grab an ipv6. Here is the pcap of my desktop getting the address:
starlink-ipv6.pcap

Pfsense never sees anything other than it's own address however, and there are some odd errors in the logs:

Apr 18 15:34:18 	kea-dhcp6 	70792 	INFO [kea-dhcp6.dhcp6.0x3cebdb812000] DHCP6_STARTED Kea DHCPv6 server version 2.4.0 started
Apr 18 15:34:18 	kea-dhcp6 	70792 	WARN [kea-dhcp6.dhcp6.0x3cebdb812000] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 12, queue size: 64
Apr 18 15:34:18 	kea-dhcp6 	70792 	WARN [kea-dhcp6.dhcpsrv.0x3cebdb812000] DHCPSRV_NO_SOCKETS_OPEN no interface configured to listen to DHCP traffic
Apr 18 15:34:18 	kea-dhcp6 	70792 	INFO [kea-dhcp6.dhcp6.0x3cebdb812000] DHCP6_USING_SERVERID server is using server-id 00:01:00:87:2f:94:92:c7:64:62:66:23:87:b4 and stores in the file /var/db/kea/kea-dhcp6-serverid
Apr 18 15:34:18 	kea-dhcp6 	70792 	INFO [kea-dhcp6.dhcpsrv.0x3cebdb812000] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
Apr 18 15:34:18 	kea-dhcp6 	70792 	INFO [kea-dhcp6.dhcpsrv.0x3cebdb812000] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 0 leases, extended info sanity checks modified 0 / updated 0 leases and 0 leases were entered into tables
Apr 18 15:34:18 	kea-dhcp6 	70792 	WARN [kea-dhcp6.dhcpsrv.0x3cebdb812000] DHCPSRV_LEASE_SANITY_FAIL The lease 2605:59c8:777:c501::420:0 with subnet-id 1 failed subnet-id checks (the lease IP address did not belong to a configured subnet).
Apr 18 15:34:18 	kea-dhcp6 	70792 	WARN [kea-dhcp6.dhcpsrv.0x3cebdb812000] DHCPSRV_LEASE_SANITY_FAIL The lease 2605:59c8:777:c501::420:0 with subnet-id 1 failed subnet-id checks (the lease IP address did not belong to a configured subnet).
Apr 18 15:34:18 	kea-dhcp6 	70792 	WARN [kea-dhcp6.dhcpsrv.0x3cebdb812000] DHCPSRV_LEASE_SANITY_FAIL The lease 2605:59c8:777:c501::420:0 with subnet-id 1 failed subnet-id checks (the lease IP address did not belong to a configured subnet).
Apr 18 15:34:18 	kea-dhcp6 	70792 	WARN [kea-dhcp6.dhcpsrv.0x3cebdb812000] DHCPSRV_LEASE_SANITY_FAIL The lease 2605:59c8:777:c501::420:0 with subnet-id 1 failed subnet-id checks (the lease IP address did not belong to a configured subnet).
Apr 18 15:34:18 	kea-dhcp6 	70792 	INFO [kea-dhcp6.dhcpsrv.0x3cebdb812000] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/lib/kea/dhcp6.leases
Apr 18 15:34:18 	kea-dhcp6 	70792 	INFO [kea-dhcp6.dhcpsrv.0x3cebdb812000] DHCPSRV_MEMFILE_DB opening memory file lease database: name=/var/lib/kea/dhcp6.leases persist=true type=memfile universe=6
Apr 18 15:34:18 	kea-dhcp6 	70792 	INFO [kea-dhcp6.dhcp6.0x3cebdb812000] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: no IPv6 subnets!; DDNS: disabled
Apr 18 15:34:18 	kea-dhcp6 	70792 	INFO [kea-dhcp6.hooks.0x3cebdb812000] HOOKS_LIBRARY_LOADED hooks library /usr/local/lib/kea/hooks/libdhcp_lease_cmds.so successfully loaded
Apr 18 15:34:18 	kea-dhcp6 	70792 	INFO [kea-dhcp6.lease-cmds-hooks.0x3cebdb812000] LEASE_CMDS_INIT_OK loading Lease Commands hooks library successful
Apr 18 15:34:18 	kea-dhcp6 	70792 	INFO [kea-dhcp6.commands.0x3cebdb812000] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /tmp/kea6-ctrl-socket
Apr 18 15:34:18 	kea-dhcp6 	70792 	INFO [kea-dhcp6.dhcpsrv.0x3cebdb812000] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
Apr 18 15:34:18 	kea-dhcp6 	70792 	INFO [kea-dhcp6.hooks.0x3cebdb812000] HOOKS_LIBRARY_CLOSED hooks library /usr/local/lib/kea/hooks/libdhcp_lease_cmds.so successfully closed
Apr 18 15:34:18 	kea-dhcp6 	70792 	WARN [kea-dhcp6.dhcp6.0x3cebdb812000] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
Apr 18 15:34:18 	kea-dhcp6 	70792 	WARN [kea-dhcp6.dhcpsrv.0x3cebdb812000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
Apr 18 15:34:18 	kea-dhcp6 	70792 	INFO [kea-dhcp6.hosts.0x3cebdb812000] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
Apr 18 15:34:18 	kea-dhcp6 	13542 	INFO [kea-dhcp6.hooks.0x188116212000] HOOKS_LIBRARY_CLOSED hooks library /usr/local/lib/kea/hooks/libdhcp_lease_cmds.so successfully closed
Apr 18 15:34:18 	kea-dhcp6 	13542 	INFO [kea-dhcp6.lease-cmds-hooks.0x188116212000] LEASE_CMDS_DEINIT_OK unloading Lease Commands hooks library successful
Apr 18 15:34:18 	kea-dhcp6 	13542 	INFO [kea-dhcp6.dhcp6.0x188116212000] DHCP6_SHUTDOWN server shutdown
Apr 18 15:34:16 	dhcp6c 	30682 	got an expected reply, sleeping.
Apr 18 15:34:16 	dhcp6c 	30682 	removing server (ID: 00:03:00:01:74:24:9f:a9:c4:66)
Apr 18 15:34:16 	dhcp6c 	30682 	removing an event on igc0, state=REQUEST
Apr 18 15:34:16 	dhcp6c 	30682 	script "/var/etc/dhcp6c_opt7_dhcp6withoutra_script.sh" terminated
Apr 18 15:34:16 	dhcp6c 	40506 	dhcp6c REQUEST on igc0 - running rtsold
Apr 18 15:34:16 	dhcp6c 	30682 	executes /var/etc/dhcp6c_opt7_dhcp6withoutra_script.sh
Apr 18 15:34:16 	dhcp6c 	30682 	nameserver[0] fd62:f12e:a6f6:10::1
Apr 18 15:34:16 	dhcp6c 	30682 	dhcp6c Received REQUEST
Apr 18 15:34:16 	dhcp6c 	30682 	get DHCP option DNS, len 16
Apr 18 15:34:16 	dhcp6c 	30682 	unknown or unexpected DHCP6 option opt_82, len 4
Apr 18 15:34:16 	dhcp6c 	30682 	get DHCP option opt_82, len 4
Apr 18 15:34:16 	dhcp6c 	30682 	DUID: 00:01:00:01:2f:95:54:20:64:62:66:23:87:b3
Apr 18 15:34:16 	dhcp6c 	30682 	get DHCP option client ID, len 14
Apr 18 15:34:16 	dhcp6c 	30682 	DUID: 00:03:00:01:74:24:9f:a9:c4:66
Apr 18 15:34:16 	dhcp6c 	30682 	get DHCP option server ID, len 10
Apr 18 15:34:16 	dhcp6c 	30682 	receive reply from fe80::7624:9fff:fea9:c466%igc0 on igc0
Apr 18 15:34:16 	dhcp6c 	30682 	reset a timer on igc0, state=REQUEST, timeo=0, retrans=909
Apr 18 15:34:16 	dhcp6c 	30682 	send request to ff02::1:2%igc0
Apr 18 15:34:16 	dhcp6c 	30682 	set elapsed time (len 2)
Apr 18 15:34:16 	dhcp6c 	30682 	set server ID (len 10)
Apr 18 15:34:16 	dhcp6c 	30682 	set client ID (len 14)
Apr 18 15:34:16 	dhcp6c 	30682 	a new XID (73b954) is generated
Apr 18 15:34:16 	dhcp6c 	30682 	Sending Request
Apr 18 15:34:16 	dhcp6c 	30682 	picked a server (ID: 00:03:00:01:74:24:9f:a9:c4:66)
Apr 18 15:34:15 	dhcp6c 	30682 	reset timer for igc0 to 0.998284
Apr 18 15:34:15 	dhcp6c 	30682 	server ID: 00:03:00:01:74:24:9f:a9:c4:66, pref=-1
Apr 18 15:34:15 	dhcp6c 	30682 	get DHCP option DNS, len 16
Apr 18 15:34:15 	dhcp6c 	30682 	unknown or unexpected DHCP6 option opt_82, len 4
Apr 18 15:34:15 	dhcp6c 	30682 	get DHCP option opt_82, len 4
Apr 18 15:34:15 	dhcp6c 	30682 	DUID: 00:01:00:01:2f:95:54:20:64:62:66:23:87:b3
Apr 18 15:34:15 	dhcp6c 	30682 	get DHCP option client ID, len 14
Apr 18 15:34:15 	dhcp6c 	30682 	DUID: 00:03:00:01:74:24:9f:a9:c4:66
Apr 18 15:34:15 	dhcp6c 	30682 	get DHCP option server ID, len 10
Apr 18 15:34:15 	dhcp6c 	30682 	receive advertise from fe80::7624:9fff:fea9:c466%igc0 on igc0
Apr 18 15:34:15 	dhcp6c 	30682 	reset a timer on igc0, state=SOLICIT, timeo=0, retrans=1091
Apr 18 15:34:15 	dhcp6c 	30682 	send solicit to ff02::1:2%igc0
Apr 18 15:34:15 	dhcp6c 	30682 	set elapsed time (len 2)
Apr 18 15:34:15 	dhcp6c 	30682 	set client ID (len 14)
Apr 18 15:34:15 	dhcp6c 	30682 	a new XID (e894d2) is generated
Apr 18 15:34:15 	dhcp6c 	30682 	Sending Solicit
Apr 18 15:34:14 	dhcp6c 	30682 	reset a timer on igc0, state=INIT, timeo=0, retrans=891
Apr 18 15:34:14 	dhcp6c 	30521 	called
Apr 18 15:34:14 	dhcp6c 	30521 	called
Apr 18 15:34:14 	dhcp6c 	30521 	<3>end of sentence [;] (1)
Apr 18 15:34:14 	dhcp6c 	30521 	<3>end of closure [}] (1)
Apr 18 15:34:14 	dhcp6c 	30521 	<3>end of sentence [;] (1)
Apr 18 15:34:14 	dhcp6c 	30521 	<3>["/var/etc/dhcp6c_opt7_dhcp6withoutra_script.sh"] (47)
Apr 18 15:34:14 	dhcp6c 	30521 	<3>[script] (6)
Apr 18 15:34:14 	dhcp6c 	30521 	<3>begin of closure [{] (1)
Apr 18 15:34:14 	dhcp6c 	30521 	<5>[igc0] (4)
Apr 18 15:34:14 	dhcp6c 	30521 	<3>[interface] (9)
Apr 18 15:34:14 	dhcp6c 	30521 	skip opening control port
Apr 18 15:34:14 	dhcp6c 	30521 	failed initialize control message authentication
Apr 18 15:34:14 	dhcp6c 	30521 	failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Apr 18 15:34:14 	dhcp6c 	30521 	extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:2f:95:54:20:64:62:66:23:87:b3 

I never see any indication of it detecting a prefix and this line is suspicious:

unknown or unexpected DHCP6 option opt_82, len 4

I think this is just symptomatic but these lines also seem to indicate DHCPv6 Server isn't seeing or configuring properly

WARN [kea-dhcp6.dhcpsrv.0x3cebdb812000] DHCPSRV_LEASE_SANITY_FAIL The lease 2605:59c8:777:c501::420:0 with subnet-id 1 failed subnet-id checks (the lease IP address did not belong to a configured subnet). 

and my interface page shows
Prefix
Delegated Prefix: WAN1/0/64

Which I think is supposed to be the actual prefix:address::?

Here is a pcap of the router when the wan is cycled: packetcapture-igc0-20250418153405.pcap

Any ideas? Best I can tell it's something with the PD but I don't understand enough of IPv6 to go from here.

Edit: Oh I've also tried disabling DHCPv6 entirely and just using SLAAC but same outcome, WAN gets an address but nothing else.

johnymarconi

Of course as I'm giving up after spending all day troubleshooting and closing things down I do one last thing and it starts working??

 Apr 18 16:12:05 	dhcp6c 	89442 	got an expected reply, sleeping.
Apr 18 16:12:05 	dhcp6c 	89442 	removing an event on igc0, state=RENEW
Apr 18 16:12:05 	dhcp6c 	89442 	script "/var/etc/dhcp6c_opt7_script.sh" terminated
Apr 18 16:12:05 	dhcp6c 	72127 	dhcp6c renew, no change - bypassing update on igc0
Apr 18 16:12:05 	dhcp6c 	89442 	executes /var/etc/dhcp6c_opt7_script.sh
Apr 18 16:12:05 	dhcp6c 	89442 	update a prefix 2605:59c8:777:c500::/56 pltime=150, vltime=300
Apr 18 16:12:05 	dhcp6c 	89442 	update an IA: PD-0
Apr 18 16:12:05 	dhcp6c 	89442 	nameserver[1] 2001:4860:4860::8888
Apr 18 16:12:05 	dhcp6c 	89442 	nameserver[0] 2606:4700:4700::1111
Apr 18 16:12:05 	dhcp6c 	89442 	dhcp6c Received INFO
Apr 18 16:12:05 	dhcp6c 	89442 	get DHCP option DNS, len 32
Apr 18 16:12:05 	dhcp6c 	89442 	IA_PD prefix: 2605:59c8:777:c500::/56 pltime=150 vltime=34359738668
Apr 18 16:12:05 	dhcp6c 	89442 	get DHCP option IA_PD prefix, len 25
Apr 18 16:12:05 	dhcp6c 	89442 	IA_PD: ID=0, T1=75, T2=120
Apr 18 16:12:05 	dhcp6c 	89442 	get DHCP option IA_PD, len 41
Apr 18 16:12:05 	dhcp6c 	89442 	DUID: 00:02:00:00:c7:10:00:00:00:65
Apr 18 16:12:05 	dhcp6c 	89442 	get DHCP option server ID, len 10
Apr 18 16:12:05 	dhcp6c 	89442 	DUID: 00:01:00:01:2f:95:54:20:64:62:66:23:87:b3
Apr 18 16:12:05 	dhcp6c 	89442 	get DHCP option client ID, len 14
Apr 18 16:12:05 	dhcp6c 	89442 	receive reply from 2605:59c8:700:d5::1 on igc0
Apr 18 16:12:05 	dhcp6c 	89442 	send renew to ff02::1:2%igc0
Apr 18 16:12:05 	dhcp6c 	89442 	set IA_PD
Apr 18 16:12:05 	dhcp6c 	89442 	set IA_PD prefix
Apr 18 16:12:05 	dhcp6c 	89442 	set option request (len 4)
Apr 18 16:12:05 	dhcp6c 	89442 	set elapsed time (len 2)
Apr 18 16:12:05 	dhcp6c 	89442 	set server ID (len 10)
Apr 18 16:12:05 	dhcp6c 	89442 	set client ID (len 14)
Apr 18 16:12:05 	dhcp6c 	89442 	a new XID (3ad1bd) is generated
Apr 18 16:12:05 	dhcp6c 	89442 	Sending Renew
Apr 18 16:12:05 	dhcp6c 	89442 	reset a timer on igc0, state=RENEW, timeo=0, retrans=10060
Apr 18 16:12:05 	dhcp6c 	89442 	IA timeout for PD-0, state=ACTIVE 

Now the dhcp6 log looks correct and my interfaces and desktop get an address...

I had tried DHCPv6 Server enabled and disabled half a dozen times, currently it's disabled. I also unchecked everything under the WAN Interface -> DHCP6 Client Configuration, and now it is only /56 prefix delegation size and "Send prefix hint".

The only other thing I did and that stands out is I switched RA from "Assisted" to "Stateless DHCP", but I thought "Assisted" also advertised SLAAC? Am I missing something here?

JKnott

@johnymarconi said in Problems with starlink ipv6:

Am I missing something here?

It would be nice to see packet captures of both old and new on the WAN interface. Here's how you do it with a cable modem. I expect it would be similar with Starlink.

Failing that, blame Elon!

johnymarconi

@JKnott Can you be more specific wrt "old and new"? I posted a pcap where the WAN doesn't configure itself properly (no PD), is that "old"? And "new" would be the current, working pcap?

JKnott

@johnymarconi You had mentioned it worked until you got new hardware. I was referring to with the old vs new configuration. That is when it worked with when it didn't.