Dual WAN Setup - LAN interfaces lost their IPv6 adresses.

heiko3001

@heiko3001

After a long period of trying (DSL Modem Reboot, Pfsense Reboot, Interface OFF / ON) it is working temporary. But I don't have to much hope. I bet, after the 24h forced disconnect by isp, only ipv4 will work. I'll keep you going.

Gertjan

@heiko3001

In the dhcp6c image I couldn't see any prefixes getting attributed ...


You copied the wrong / non interesting part ?

ppp : IPv4 is ok

Interfaces : the 2a00:exxxxxxxx are ISP attributed, right ?

I released my WA. (both IPv4 and IPv6) with :

and waited 30 seconds or so.
Then I activated WAN again with the same button :

My 'dhcp6c' story :

dhcp6c 85796 - - script "/var/etc/dhcp6c_wan_script.sh" terminated
dhcp6c 85796 - - removing an event on ix3, state=RELEASE
dhcp6c 85796 - - got an expected reply, sleeping.
dhcp6c 85796 - - Sending Solicit
dhcp6c 85796 - - a new XID (743e50) is generated
dhcp6c 85796 - - set client ID (len 14)
dhcp6c 85796 - - set identity association
dhcp6c 85796 - - set elapsed time (len 2)
dhcp6c 85796 - - set option request (len 4)
dhcp6c 85796 - - set IA_PD
dhcp6c 85796 - - send solicit to ff02::1:2%ix3
dhcp6c 85796 - - reset a timer on ix3, state=SOLICIT, timeo=0, retrans=1055
dhcp6c 85796 - - receive advertise from fe80::46d4:54ff:fe2a:3600%ix3 on ix3
dhcp6c 85796 - - get DHCP option client ID, len 14
dhcp6c 85796 - -   DUID: 00:01:00:01:2c:ec:aa:20:90:ec:77:29:39:2a
dhcp6c 85796 - - get DHCP option server ID, len 10
dhcp6c 85796 - -   DUID: 00:03:00:01:44:d4:54:2a:36:00
dhcp6c 85796 - - get DHCP option IA_PD, len 41
dhcp6c 85796 - -   IA_PD: ID=0, T1=300, T2=480
dhcp6c 85796 - - get DHCP option IA_PD prefix, len 25
dhcp6c 85796 - -   IA_PD prefix: 2a01:dead:beef:a6e2::/64 pltime=600 vltime=5055960300268816136
dhcp6c 85796 - - get DHCP option preference, len 1
dhcp6c 85796 - -   preference: 255
dhcp6c 85796 - - get DHCP option DNS, len 16
dhcp6c 85796 - - get DHCP option domain search list, len 6
dhcp6c 85796 - - server ID: 00:03:00:01:44:d4:54:2a:36:00, pref=255
dhcp6c 85796 - - Sending Request
dhcp6c 85796 - - a new XID (52a2b6) is generated
dhcp6c 85796 - - set client ID (len 14)
dhcp6c 85796 - - set server ID (len 10)
dhcp6c 85796 - - set elapsed time (len 2)
dhcp6c 85796 - - set option request (len 4)
dhcp6c 85796 - - set IA_PD prefix
dhcp6c 85796 - - set IA_PD
dhcp6c 85796 - - send request to ff02::1:2%ix3
dhcp6c 85796 - - reset a timer on ix3, state=REQUEST, timeo=0, retrans=1019
dhcp6c 85796 - - receive reply from fe80::46d4:54ff:fe2a:3600%ix3 on ix3
dhcp6c 85796 - - get DHCP option client ID, len 14
dhcp6c 85796 - -   DUID: 00:01:00:01:2c:ec:aa:20:90:ec:77:29:39:2a
dhcp6c 85796 - - get DHCP option server ID, len 10
dhcp6c 85796 - -   DUID: 00:03:00:01:44:d4:54:2a:36:00
dhcp6c 85796 - - get DHCP option IA_PD, len 41
dhcp6c 85796 - -   IA_PD: ID=0, T1=300, T2=480
dhcp6c 85796 - - get DHCP option IA_PD prefix, len 25
dhcp6c 85796 - -   IA_PD prefix: 2a01:dead:beef:a6e2::/64 pltime=600 vltime=5055960300268816136
dhcp6c 85796 - - get DHCP option preference, len 1
dhcp6c 85796 - -   preference: 255
dhcp6c 85796 - - get DHCP option DNS, len 16
dhcp6c 85796 - - get DHCP option domain search list, len 6
dhcp6c 85796 - - dhcp6c Received REQUEST
dhcp6c 85796 - - nameserver[0] 2a01:dead:beef:a600:46d4:54ff:fe2a:3600
dhcp6c 85796 - - Domain search list[0] home.
dhcp6c 85796 - - make an IA: PD-0
dhcp6c 85796 - - create a prefix 2a01:dead:beef:a6e2::/64 pltime=600, vltime=1800
dhcp6c 85796 - - add an address 2a01:dead:beef:a6e2:92ec:77ff:fe29:392c/64 on igc0
dhcp6c 85796 - - executes /var/etc/dhcp6c_wan_script.sh
dhcp6c 22579 - - dhcp6c RELEASE, REQUEST or EXIT on ix3 running rc.newwanipv6

I'll say upfront that more then half of what I've showed is Chinese or rocket science language for me.
Let try :
First, there's a SOLICIT .... and info comes back.
I guess this is the phase where the upstream DHCPv6 router announces what it can offer.
Then there is a REQUEST ....
Now a real IPv6 for WAN - and a prefix are retrieved.
The last several lines show clearly that the prefix is obtaiend and mode aviable on igc0 = the LAN interface. From there on, the DHCPv6 server will make of it (my case : I don't use SLAAC but the DHCPv6 server).

stephenw10

Yes if you have dhcpv6 debug enabled you should see a line like:
Jun 12 13:54:32 dhcp6c 15485 IA_PD prefix: 2a00:23c8:xxx:xxx::/56 pltime=315360000 vltime=12732255525095080704
With the prefix delegation you requested.

And then lines showing prefixes from within that being assigned to tracking interfaces like:

Jun 12 13:54:33 	dhcp6c 	15485 	make an IA: PD-0
Jun 12 13:54:33 	dhcp6c 	15485 	create a prefix 2a00:23c8:xxx:xxx::/56 pltime=315360000, vltime=315360000
Jun 12 13:54:33 	dhcp6c 	15485 	add an address 2a00:23c8:xxx:xx1:201:21ff:fe01:6777/64 on igb2
Jun 12 13:54:33 	dhcp6c 	15485 	add an address 2a00:23c8:xxx:xx2:201:21ff:fe01:6778/64 on igb3

JKnott

I don't know if this will affect it, but have you set router priority? This is on the Router Advertisement page and the choices are high, normal and low. You'd decide which connection you want to be priority. Also, any reason why you're using DHCP6 on the LAN? SLAAC generally does what's needed and Android devices don't work properly with DHCP6.

heiko3001

@JKnott

DHCPv6 was only activated for testing reasons. In the meantime it is deactivated.

heiko3001

At the moment it is working, but pfsense doesn't do it independently.
You have to trigger, or wait a long time (<10-15 min)
Before it works I got this error message:

After triggering (Interface Off, Interface On, Interface Off ....) I got this log, and everything looks good.

Gertjan

@heiko3001

pfSense works best when interfaces stop flapping around.
This would impact IPv6 and IPv4.
You mission, if you accept it : do whatever is needed so interfaces don't get pulled down anymore.

A plan Z : put a switch between you pfSense WAN and the upstream device.
This can have a minor negative impact : when the upstream ISP device goes belly up (again), pfSense doesn't get informed ... so it will presume that the connection is still ok, but it isn't, it broken again.
The gateway observer (dpinger - System > Routing > Gateways) would notice something bad has happened, and will try to rebuild the connection .... It does this by resetting the WAN interface .... which would introduce the same scenario, but at least dhcp6c wouldn't fail as it get starts when the interface is up.

edit : wait : you've showed dhcp6c issues.
All this time, the IPv4 party of the WAN connection had no issues ?
If so, then the connection by itself is ok, and it seems tjhe IPv6 part that is "broken".

heiko3001

@Gertjan
I think you misunderstand me...

I have to trigger that it works. I do this by turning the VDSL Interface off and on and again.

After a clean restart IPv6 is not working and I get the error message above (Permission denied- transmit failed)
Then I trigger the VDSL interface by turning it off and on, then it takes a few seconds and all LAN interface have a working IPv6 connection.

stephenw10

Do you see any Received RA messages in the main system log?

If not do you have 'Do not wait for a RA' set in the dhcpv6 client setup?

It sounds like you may need that.

Also are you using if_pppoe in 2.8?

Gertjan

@heiko3001 said in Dual WAN Setup - LAN interfaces lost their IPv6 adresses.:

I do this by turning the VDSL Interface off and on and again.

That's what I understood.
The dhcp6c gets started when the WAN interface becomes active.
And then it fails with the message "Transmit failed - Permission denied" which means : the interface is down (again).

Or, is this something else :

at 04h42:31 a solicit is send - it does this very often, I see Solicit every 300 seconds or so.
at 04h46:27 same thing, 116 seconds later,
at 04h46:35 same thing, 8 seconds later .... wow...
at 04h46:35 This solicit failed - interface gone.

If you saved the WAN config at that moment - between 46:27 and 46:35 - then I presume the dhcp6c would log would show a lot more - like the logs you've showed above.

Btw : Not sure if this is related - dhcprelay - are you using dhcprelay ?

heiko3001

@Gertjan

Yes I use a DHCP Relay. DHCP Server runs on Windows Server 2025.

Gertjan

@heiko3001

Same interface ?
Or another interface that went (also) down ?

heiko3001

@Gertjan Yes, it is on the same Interface, but only v4.
For IPv6 I deactivated DHCPv6 (on the Pfsense) and at the moment I run only Slaac / Router Advertisement.

stephenw10

Hmm, so you are passing a prefix delegation from your ISP to an internal dhcpv6 server?

Please show how your pppoe interface is configured. Is it set to prefix only? Is it set for 'do not wait for RA'?

heiko3001

@stephenw10

No, the DHCP Relay is only for my internal LAN-Interface, and only IPv4, I think this was an missunderstanding.

and one of the LAN Interfaces (called EXT)

stephenw10

If you uncheck 'do not wait for RA' does it eventually receive an RA and complete the connection?

Edit: So when this happens it loses the PD but not the address on the WAN directly?

heiko3001

@stephenw10 I will give it a try, and give a feedback after.