IPv6 testing
-
@|DSI|:
I have now received native IPv6 connectivity from my ISP.
I am using Link Aggregation on WAN interface. IPv4 works fine on LAGG interface but I have trouble configuring IPv6 on LAGG interface.
It seems that there is problem with setting IPv6 default route on LAGG interface, because Diagnostic->Routes shows this output under IPv6:default 2a01:260:XXXX::d UGS 0 2937 1500 em0
For IPv4 it shows this
default 89.212.0.1 UGS 0 663297 1500 lagg0
So I assume that under IPv6 default route, interface should also be lagg0, not em0?
I've looked at your config but are unable to replicate with 2.0 RC1 with IPv6 bits. Perhaps something else was fixed in mainline.
I see both the v4 and v6 route attached to lagg1.
-
Seems to work now.
Maybee it also worked before, because I noticed that after moving (em0 and em1) interfaces to lagg and assigning lagg interface to WAN, IPv4 default route is correctly changed from em0 to lagg1.
But in order to change default IPv6 route from em0 to lagg1, reboot is required.
Thank you for your investigation! -
I've made a number of fixes over the weekend regarding the routing bits. Seems that I've made a horrendous hodgepodge of that code, I was overwriting existing variables, forgetting the clear existing variables etc.
i think I've fixed a bunch of those which should help.
-
@databeestje, not sure if you're aware of this, but since you checked in your blind coded IPv6 DHCP reservations page, the reservations icon on the DHCPv6 Server page points to 'services_dhcpv6_edit.php' which returns a 404 not found.
-
Forgot to add it to the repo. Sorry. It's there now
-
Thanks for adding it. It's indeed present now. Can't get the DHCPv6 to work though. I've used a Windows 7 x64 client with routerdiscovery disabled and managedaddress enabled on the requesting interface. It does get an IPv4 address from the DHCPv4 server in pfSense, but it does not get a reply on the DHCPv6 request it sends out. It makes no difference whether the requesting host has an IPv6 reservation set or not. With routerdiscovery enabled it creates its own IPv6 address, finds the pfSense box as a gateway and can connect to IPv6 hosts on the internet.
-
Can't get the DHCPv6 to work though.
Are you running DHCPv6 on a bridge? What's in the DHCP log? Does DHCP even see the DHCP v6 request?
See my note with "no route to host" in the title for a workaround for an issue with DHCPv6 on a bridge interface.
-
Are you running DHCPv6 on a bridge?
Nope, this pfSense instance has three nics: 1 connected to my WAN, 1 connected to my WIFI access point and 1 connected to my LAN. Both internal NICs use NAT to the outside world for IPv4 traffic. For IPv6 traffic, it tunnels with TunnelBroker.net. Both internal NICs have their own /64 IPv6 subnet.
What's in the DHCP log? Does DHCP even see the DHCP v6 request?
Stupid me, why didn't I think about checking that. The logs shows the following error:
php: /services_dhcp.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf xl0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.1.1-P1 Copyright 2004-2010 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpdv6.conf line 18: Invalid IPv6 address. option dhcp6.name-servers 8.8.4.4, ^ /etc/dhcpdv6.conf line 21: You can not use a hardware parameter for DHCPv6 hosts. Use the host-identifier parameter instead. hardware ^ Configuration file errors encountered – exiting If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please
Any clue what this means?
-
Don't fill in a IPv4 DNS server on the DHCPv6 server page.
It appears the host identifier has changed from what it used to be. I need to see what changed. -
Don't fill in a IPv4 DNS server on the DHCPv6 server page.
It appears the host identifier has changed from what it used to be. I need to see what changed.There's no IPv4 address to be found anywhere on the IPv6 page. I've triple checked the DHCPv6 pages for all my interfaces. I am also using the DHCPv4 service in pfSense on my interfaces though. Is it possible that the DHCPv6 page still references the DHCPv4 config somewhere?
-
Oops, I'll check that tomorrow when I have more time.
-
Ok not on the latest build wait til I get home before I update firmware, etc.
But I just got this work - was seeing the same error.
"/dhcp/ /etc/dhcpdv6.conf line 18: Invalid IPv6 address. option dhcp6.name-servers 8.8.4.4,"
Put in the ipv6 address of your dns here.
if you leave blank its seems to be pulling what your using for the pfsense box, in your case googledns, in my case it was 4.2.2.2.. Then I ran into a issue with a corrupt dhcp6.leases file..
So deleted that, then put in my boxes IPv6 address its listening on for dns.. And restarted dhcp and all is good.
clients get their assigned IP, and are pulling the dns info.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : local.lan
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . . : 08-00-27-88-48-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:470:snipped:b85::2(Preferred) <–- from dhcpv6
Lease Obtained. . . . . . . . . . : Monday, March 07, 2011 5:25:18 PM
Lease Expires . . . . . . . . . . : Monday, March 07, 2011 7:23:41 PM
IPv6 Address. . . . . . . . . . . : 2001:470:snipped:b85:748f:b64e:848:1943(Preferred) <– auto generated from the RA going on
Link-local IPv6 Address . . . . . : fe80::748f:b64e:848:1943%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.222(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, March 07, 2011 5:25:21 PM
Lease Expires . . . . . . . . . . : Tuesday, March 08, 2011 5:25:14 PM
Default Gateway . . . . . . . . . : fe80::209:5bff:fee2:ccdb%11
192.168.1.253
DHCP Server . . . . . . . . . . . : 192.168.1.253
DHCPv6 IAID . . . . . . . . . . . : 235405351
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-F8-86-95-08-00-27-88-48-32
DNS Servers . . . . . . . . . . . : 2001:470:snipped:b85::1 <–--
192.168.1.253
NetBIOS over Tcpip. . . . . . . . : Enablededit: and you can see it in your dhcpv6.leases file
ia-na "'\000\010\016\000\001\000\001\024\370\206\225\010\000'\210H2" {
cltt 1 2011/03/07 23:23:58;
iaaddr 2001:470:snipped:b85::2 {
binding state active;
preferred-life 4500
max-life 7200
ends 2 2011/03/08 01:23:58;
} -
johnpoz, thanks for sharing your findings. Doesn't sound like that should be the way to go, but if it works as a workaround for now, its nice. Could you post the exact path where I can find dhcpdv6.conf abd dgco6.leases?
-
dhcpv6.conf is /var/dhcpd/etc
dhcpv6.leases is /var/dhcpd/var/dband agree the gui's should work, but somehow it got messed up - and if you leave the dns section blank it puts in what pfsense was before forwarding too, which clearly would be a ipv4 address, which is invalid for a ipv6 dns ;)
This got it up and working - but a few bumps, but I have to say for not being part of the build, and not slated to 2.1 the instructions and implementation so far have ROCKED!!! way more than I could of hoped for!!
I got a working firewall, atleast from my testing - it blocks every unless I open it! ;) And have gotten dhcpv6 to hand out the dns, and had to do some manual stuff but clients are pointing to dns running on pfsense box, etc.
its sure better then a tunnel into a box on the inside ;) Great Work So far to be sure!!!
-
The IPv6 addresses of my DNS servers were indeed missing on the DHCPv6 page. I added them and tried to restart the DHCP service. Now I'm getting the following error:
php: /status_services.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf xl0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.1.1-P1 Copyright 2004-2010 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpdv6.conf line 22: You can not use a hardware parameter for DHCPv6 hosts. Use the host-identifier parameter instead. hardware ^ Configuration file errors encountered – exiting If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances se
Digging into the dhcpdv6.conf on line 22 I find the "hardware ethernet <mac>;" reservation. Apparently it doesn't like that. I also can not remove the reservation through the GUI at "services_dhcpv6.php?if=<int>". It never gets removed from the config file when I click on the remove icon. Also after clicking on the remove DHCPv6 reservation icon, I get redirected back to the "services_dhcp.php" DHCPv4 page and not the DHCPv6 page. When I try to remove the reservation manually from the dhcpdv6.conf file and restart the service, I still get the error shown above and when I open dhcpdv6.conf again, the reservation is there again.
I just noticed that the same goes for the IPv6 DNS addresses on the services_dhcpv6.php page. I can enter them, click save, but they won't get saved. A refresh of the page and the fields are empty again. Funny thing is that when I look in dhcpdv6.conf, I do see the IPv6 DNS servers listed.
Hopefully this provides some handles for the developers to look for the bugs. I surely agree that this beta product is way more stable than I would have expected. The IPv6 tunnel services are so incredibly stable via pfSense 2 that I have stopped complaining with my ISP to get native IPv6. This works well enough, at least for now. This extremely high quality of pfSense must be because of the passionate developers and low level access to communicating with them and providing feedback.</int></mac>
-
Warning: I updated to the latest pfSense RC1 version including the smos gitsync last night and now my whole pfSense box won't work anymore, so do not update. I just tried installing pfSense from scratch again, but once I gitsync with smos, it stops working. The error I receive is:
Parse error: syntax error, unexpected T_SL in /etc/inc/rrd.inc on line 335
Because of this none of the interfaces work anymore. I will now try it with the pfSense RC1 image with IPv6 support without gitsyncing to see if that one does work.
Update: The pfSense RC1 image with IPv6 support as a clean install and backup restore works fine! I'll await the fix in the smos gitsync before updating again :)
-
…
But I just got this work - was seeing the same error.
...johnpoz, since I'm using a clean image now with a backup before I created the DHCPv6 reservation, the DHCP service does not report an error on startup anymore and seems to work. I still don't get a lease from the DHCPv6 service though. What did you do on your Windows client to make it work? I'm assuming:
netsh
int ipv6
show int
set int <interface number="">managedaddress=enabled
set int <interface number="">routerdiscovery=disabledAm I missing something?</interface></interface>
-
Warning: I updated to the latest pfSense RC1 version including the smos gitsync last night and now my whole pfSense box won't work anymore, so do not update. I just tried installing pfSense from scratch again, but once I gitsync with smos, it stops working. The error I receive is:
Parse error: syntax error, unexpected T_SL in /etc/inc/rrd.inc on line 335
Because of this none of the interfaces work anymore. I will now try it with the pfSense RC1 image with IPv6 support without gitsyncing to see if that one does work.
Update: The pfSense RC1 image with IPv6 support as a clean install and backup restore works fine! I'll await the fix in the smos gitsync before updating again :)
Sorry! Fixed.
-
Sorry! Fixed.
Just updated again. This new release introduces a whole new series of problems again. Please stay focused. The rrd.inc problem is now indeed gone, but now my IPv6 NIC does not have an option anymore set an IPv6 address as shown in the attached screenshot. This causes the IPv6 gateway to be rejected and all IPv6 traffic to stop functioning.
-
"the DHCP service does not report an error on startup anymore and seems to work"
You sure its running.. take a look at netstat, you show it listening on 547
udp6 0 0 *.547 .
I did not have to set anything on my w7 box, turned it on and got dhcp address
These are default settings
netsh interface ipv6>sho int 11
Interface Local Area Connection Parameters
–--------------------------------------------
IfLuid : ethernet_6
IfIndex : 11
State : connected
Metric : 10
Link MTU : 1500 bytes
Reachable Time : 32000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : enabled
Other Stateful Configuration : enabled
Weak Host Sends : disabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 64
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabledI just booted it up and clearly its getting the IP from dhcp
Ethernet adapter Local Area Connection:Connection-specific DNS Suffix . : local.lan
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . . : 08-00-27-88-48-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:470:snipped:b85::100(Preferred)
