IPv6 DHCP-PD – radvd dies after interface reset - dhcpv6 does not reaquire addr
-
Yeah made some changes which should improve the situation.
Test with newer snapshots. -
@ermal:
Yeah made some changes which should improve the situation.
Test with newer snapshots.It gotten worse with the 20130318-1652 build. I can get the WAN interface IPv6 address, but cannot get the PD for LAN.
RADVD doesn't even start at all.
After upgrade, getting this on the dashboard:
[ There were error(s) loading the rules: pfctl: DIOCADDALTQ: Device busy - The line in question reads [0]: ]This message is constant: dhcp6c[16530]: client6_recvadvert: XID mismatch
–-----
Reverted back to:
2.1-BETA1 (amd64)
built on Sun Mar 17 12:19:16 EDT 2013
FreeBSD 8.3-RELEASE-p6... and everything came back.
-
It would have been helpful having the system logs rather than just it does not work!
This message is constant: dhcp6c[16530]: client6_recvadvert: XID mismatch
This might be not important since you might be seeing other clients reply/advertisments.
-
Here's what I saw after applying the 20130318-1652 build.
-
IPv4 was working fine.
-
IPv6 - The WAN obtained an address. There was never PD assigned to the LAN.
-
There are dozens of "client6_recvadvert: XID mismatch" messages.
-
I never saw RADVD start. Never saw it in a 'stopped' state, it just never appeared. There is not a single syslog message about it. Possibly it doesn't get called until there is IPV6 address on the LAN?
-
The dashboard kept flashing the following:
There were error(s) loading the rules: pfctl: DIOCADDALTQ: Device busy - The line in question reads 0 -
I attempted to revert back to previous configuration from GUI. Firmware –> Restore Full Backup.
This failed twice (as in didn't do anything, no syslog message) -
I then downloaded and installed the Sun Mar 17 12:19:16 build. When it came back up, system was normal.
Here's syslogs that appear to be anywhere relevant to the issue.
No indication that rc.newwanipv6 ever ran.
21:15:40 syslogd: kernel boot file is /boot/kernel/kernel
21:15:41 php: : Restarting/Starting all packages.21:15:54 dhcp6c[15951]: client6_recvadvert: XID mismatch
21:15:57 php: : Checking for and disabling any rules dependent upon disabled preprocessors for WAN…
21:17:46 dhcp6c[15951]: client6_recvadvert: XID mismatch21:35:41 php: : rc.newwanip: Informational is starting ovpns1.
21:35:42 apinger: Starting Alarm Pinger, apinger(23340)
21:35:42 apinger: bind socket: Can't assign requested address
21:35:45 dhcp6c[16042]: client6_recvadvert: XID mismatch21:35:48 php: : The command '/sbin/route change -inet6 default fe80::201:5cff:fe24:9301' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable route: writing to routing socket: Network is unreachable change net default: gateway fe80::201:5cff:fe24:9301: Network is unreachable'
21:35:58 php: : Checking for and disabling any rules dependent upon disabled preprocessors for WAN…
21:36:27 kernel: re1: promiscuous mode enabled
21:36:37 dhcp6c[16042]: client6_recvadvert: XID mismatch
-
-
Ok after a lot of fighting with it i finally think that tomorrow snapshot will behave ok.
The problem was that multiple dhcp6c were running at same time.Test with tomorrows snapshot and let me know.
-
Thanks for all the work you have put into it. I updated to ….
2.1-BETA1 (amd64)
built on Tue Mar 19 16:39:04 EDT 2013... and I'm pulling IPv6 addressing. A couple of issues/observations.
- RADVD - It comes up and stops and I have to manually start it.
Mar 19 19:29:51 pfsense radvd[57759]: version 1.9.1 started
Mar 19 19:29:54 pfsense radvd[57888]: our AdvManagedFlag on re0 doesn't agree with fe80::201:5cff:fe24:9301 <<–- Confirmed Gateway addr
Mar 19 19:29:57 pfsense radvd[57888]: our AdvManagedFlag on re0 doesn't agree with fe80::201:5cff:fe24:9301I have rebooted twice and same. It's stopped, but will manually start OK.
- Cannot pass IPv6 traffic from the LAN to the Internet
- The LAN is assigned the PD
- The hosts are seeing the RA. I've captured with Wireshark, on the hosts, and all looks correct.
- The WAN IPv6 gateway is up
- The default route on the hosts and pfsense is there.
However, IPv6 traffic from the LAN cannot access the Internet. My SWAG is that the error in #1 above has prevented the CMTS from inserting the LAN prefix into it's routing table, so I can't get anywhere (I've seen something like this before with other products).
If if go back to the Sun Mar 17 12:19:16 EDT 2013 build, everything starts working.
I've very sorry, but I don't know what else to add. ????
- /var/db/wan_ipv6 and /var/db/wan_cacheipv6
Neither reflects the current IPv6 WAN address. Is that an issue? It appeared to be a conflict when the address renews. rc.newwanipv6 is erroneously triggered thinking the WAN address has changed, when in reality it has not.
-
I am getting the same types of issues with the March 19th 16:35 build.
Mar 20 08:02:53 php: : rc.newwanipv6: Informational is starting fxp1.
Mar 20 08:02:58 php: : rc.newwanipv6: Failed to update wan IPv6, restarting…
Mar 20 08:02:58 dhcp6c[29010]: check_exit: exiting
Mar 20 08:03:02 php: : rc.newwanipv6: Informational is starting fxp1.
Mar 20 08:03:07 php: : rc.newwanipv6: Failed to update wan IPv6, restarting…It appears I can no longer use ping6 on the lan side, probably due to radvd not starting. I see radvd in the services section, but when I go to start it I get this error.
Mar 20 08:04:38 kernel: pid 89651 (radvd), uid 0: exited on signal 11 (core dumped) -
Thank you for the continued work on this. I've updated to the latest Mar 21 04:30:58 EDT 2013.
A few notes on this build:
- In the system log I am seeing quite frequently… dhcp6c[34635]: client6_recvadvert: XID mismatch
- Ping6 works fine from the firewall, but not from any clients on the local lan.
- radvd does not start automatically. However, I can start it now without it giving a core dump. When I do start it, I can ping from the local lan as well. :)
-
I updated to:
2.1-BETA1 (amd64)
built on Thu Mar 21 17:04:35 EDT 2013Appears to working OK. Only observations are:
-
I had to manually start radvd. Once started, there were no errors. IPv6 connectivity is good.
-
/var/db/wan_ipv6 and /var/db/wan_cacheipv6 don't have the current WAN IPv6 address. Problem or not???
So, I'll wait 48 hours and see what happens at dhcpv6 renewal time. That's when I have been loosing the LAN PD and have to reboot.
-
-
So, I'll wait 48 hours and see what happens at dhcpv6 renewal time. That's when I have been loosing the LAN PD and have to reboot.
It's now been over 72 hours and it's still solid. So, it looks like a good fix. Thanks!
-
Guess I spoke too soon. A different issue has shown itself now.
At exactly 4 days uptime, I lost all IPv6 addressing. The WAN IPv6 address was gone; the PD for the LAN was also gone.
4 days just happens to be the IPv6 lease time from Comcast. So, it looks like the lease expired and pfSense did not renew.
The only syslog during this event was:
Mar 26 07:35:03 dhcp6c[46766]: client6_timo: all information to be updated was canceled
Mar 26 07:38:12 dhcp6c[46766]: client6_timo: all information to be updated was canceled -
I'm still having similar problems. It looks like it was around 48 hours later, then my ipv6 lan addressing was also dropped.
Mar 21 12:14:43 radvd[66853]: version 1.9.1 started <–-----------------STARTED
Mar 21 12:38:50 radvd[67052]: attempting to reread config file
Mar 21 12:38:50 radvd[67052]: resuming normal operation
Mar 21 12:43:50 radvd[67052]: attempting to reread config file
Mar 21 12:43:50 radvd[67052]: resuming normal operation
Mar 23 11:55:35 radvd[67052]: Exiting, sigterm or sigint received. <–----------RADVD STOPPED, NEVER RESTARTEDWan IPv6 still works ok. I am using Comcast as well.
Using the latest Mar 26th build it looks like radvd is still not starting.
Mar 26 18:50:43 php: : rc.newwanip: Informational is starting fxp1.
Mar 26 18:50:43 php: : rc.newwanip: on (IP address: 71.238.140.xxx) (interface: wan) (real interface: fxp1).
Mar 26 18:50:43 php: : Accept router advertisements on interface fxp1
Mar 26 18:50:43 php: : ROUTING: setting default route to 71.238.140.1
Mar 26 18:50:43 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe3d:xxxx%fxp1
Mar 26 18:50:43 php: : ROUTING: setting default route to 71.238.140.1
Mar 26 18:50:43 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe3d:xxxx%fxp1
Mar 26 18:50:44 dhcpleases: Could not deliver signal HUP to process because its pidfile does not exist, No such file or directory.
Mar 26 18:50:44 dhcp6c[46524]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Mar 26 18:50:44 dhcp6c[46524]: client6_init: failed initialize control message authentication
Mar 26 18:50:44 dhcp6c[46524]: client6_init: skip opening control port -
Very interesting. I had to start radvd manually every time the system booted.
I decided to do a total reinstall, now radvd starts reliably (I imported the config.xml into the fresh install)
Does applying the update builds leave stuff behind that in-turn causes conflicts or doesn't update something?
Have to wait and see if the IPv6 address renewal problem is any better now.
-
I think I've fallen victim to this issue as well. IPv6 has disappeared from the LAN interface. RADVD service is simply gone from the services page now. It was there earlier. I think after 48 hours there is some sort of address renewal process which triggers this.
Without the LAN interface having any IPv6 connectivity, all IPv6 connectivity on the LAN has ceased. Strangely enough, the renewal code seems to correctly populate resolv.conf with the IPV6 DNS entries. Upon bootup, resolv.conf will only have IPv4 DNS. So startup and renewal each have their own issues.
This is on the March 26th snapshot nanobsd i386. ISP is Comcast.
-
I'm not sure if what I'm seeing after upgrading to the March 30th snapshot is the same issue for this thread but I don't have any IPv6 connectivity at all on the LAN. RADVD is sending advertisements, all LAN clients pick up an address (but not DNS) but there is no connectivity.
I can't ping the router's LAN address
I get a lot of failed to update WAN IPv6 address errors.
Mar 31 17:18:05 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe31:b7c1%vr1 Mar 31 10:18:08 php: : rc.newwanipv6: Failed to update wan IPv6, restarting... Mar 31 17:18:11 check_reload_status: Updating all dyndns Mar 31 10:18:18 php: : rc.newwanip: Informational is starting vr1. Mar 31 10:18:18 php: : rc.newwanip: on (IP address: 24.x.y.z) (interface: wan) (real interface: vr1). Mar 31 10:18:18 php: : Accept router advertisements on interface vr1 Mar 31 17:18:18 check_reload_status: Restarting ipsec tunnels Mar 31 10:18:18 php: : ROUTING: setting default route to 24.x.yyy.1 Mar 31 10:18:18 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe31:b7c1%vr1 Mar 31 17:18:20 check_reload_status: Reloading filter Mar 31 10:18:21 dhcp6c[18942]: client6_recvreply: status code: success Mar 31 10:18:21 dhcp6c[48004]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory Mar 31 10:18:22 dhcp6c[48004]: client6_init: failed initialize control message authentication Mar 31 10:18:22 dhcp6c[48004]: client6_init: skip opening control port Mar 31 10:18:23 php: : rc.newwanipv6: Informational is starting vr1. Mar 31 10:18:25 php: : Resyncing OpenVPN instances for interface WAN. Mar 31 10:18:26 php: : Creating rrd update script Mar 31 10:18:28 php: : rc.newwanipv6: Failed to update wan IPv6, restarting... Mar 31 10:18:28 dhcp6c[18942]: client6_recvadvert: XID mismatch Mar 31 10:18:28 dhcp6c[18942]: client6_recvadvert: XID mismatch Mar 31 10:18:28 dhcp6c[18942]: client6_recvadvert: XID mismatch Mar 31 10:18:28 dhcp6c[18942]: client6_recvadvert: XID mismatch Mar 31 10:18:28 dhcp6c[18942]: client6_recvadvert: XID mismatch Mar 31 10:18:28 dhcp6c[18942]: client6_recvadvert: XID mismatch Mar 31 10:18:28 dhcp6c[18942]: client6_recvreply: status code: success Mar 31 10:18:30 php: : rc.newwanipv6: Informational is starting vr1. Mar 31 10:18:30 php: : pfSense package system has detected an ip change 0.0.0.0 -> 24.x.y.z ... Restarting packages. Mar 31 17:18:30 check_reload_status: Starting packages Mar 31 10:18:35 php: : rc.newwanipv6: Failed to update wan IPv6, restarting... Mar 31 10:18:35 dhcp6c[18942]: check_exit: exiting Mar 31 10:18:40 php: : Restarting/Starting all packages. Mar 31 10:18:40 php: : The OpenVPN Client Export Utility package is missing its configuration file and must be reinstalled. Mar 31 10:18:44 php: : rc.newwanipv6: Informational is starting vr1. Mar 31 17:18:46 check_reload_status: Syncing firewall Mar 31 10:18:49 php: : rc.newwanipv6: Failed to update wan IPv6, restarting... Mar 31 17:18:54 php: : Creating rrd update script Mar 31 17:19:38 php: : PBI dir for zip-3.0-i386 was not found - cannot cleanup PBI files Mar 31 17:19:38 php: : PBI dir for p7zip-9.20.1-i386 was not found - cannot cleanup PBI files Mar 31 17:19:40 check_reload_status: Syncing firewall Mar 31 17:19:43 php: : Beginning package installation for OpenVPN Client Export Utility . Mar 31 17:21:48 check_reload_status: Syncing firewall Mar 31 10:21:49 syslogd: exiting on signal 15 Mar 31 10:21:49 syslogd: kernel boot file is /boot/kernel/kernel Mar 31 10:21:51 php: : Restarting/Starting all packages. -
darkcrucible: Are you on a cable modem?
When I have seen the "dhcp6c[18942]: client6_recvadvert: XID mismatch", pfsense will just keep thrashing until I power cycle the cable modem and reboot pfsense. Then it clears and will obtain the IPv6 addressing (IPv4 is always fine).
This seems to happen after updating to a newer snapshot.
-
Bit of update. Once again at renewal time, all IPv6 addressing was lost. The only syslog message was:
Apr 1 13:32:49 dhcp6c[29310]: client6_timo: all information to be updated was canceled
During this time, I was also running a packet capture on the WAN.
It was interesting to see that pfSense was getting two replies from Comcast, different server ID's. One had the addresses that should have been renewed, the other had different addressing. So, I suspect the pfSense didn't like that and killed everything.
So, I have a contact within Comcast and will see what they have to say about the two different responses. And what the expected client response should have been.
Also, after a reboot, I'm back to having to manually start RADVD.
-
I have been having issues with my comcast ipv6 as well - have not gotten around to looking into it yet, not something that I really need.. Just like having up to play with when I want to play with ipv6.
But I am seeing
Mar 31 11:44:38 radvd[55232]: Exiting, failed to read config file.
Mar 31 11:44:38 radvd[55232]: error parsing or activating the config file: /var/etc/radvd.conf
Mar 31 11:44:38 radvd[55232]: syntax error in /var/etc/radvd.conf, line 2:
Mar 31 11:44:38 radvd[55232]: version 1.9.1 startedYou look in the conf and there is nothing there.
cat /var/etc/radvd.conf
Automatically Generated, do not edit
Currently running
2.1-BETA1 (i386)
built on Fri Mar 22 11:05:31 EDT 2013
FreeBSD 8.3-RELEASE-p6I will update when I get home and look into it a bit deeper. I was working fine for long time, then just noticed a while back not working after update to snap.. I to was going to do a clean install, just have not go around to that either..
If I do a sniff I do see this which seems odd - seems like offering 2 prefixes?
-
I have opened the following bug: https://redmine.pfsense.org/issues/2919
I was running a packet capture when the lease expired. The IPv6 DHCP server is responding properly, but pfSense never binds.
-
With the April 8th snapshot, IPv6 connectivity with my Comcast link is restored to the LAN clients. I skimmed through redmine to see what might be affecting this. A few items stood out. Not sure exactly which one.
Getting connectivity back is certainly an improvement. pfsense itself still doesn't use the IPv6 DNS given to it by Comcast and none of the LAN clients seem to use the IPv6 LAN address of pfsense for DNS forwarding like they used to back in February.
I'll report back in a few days after the renewal on whether connectivity remains and if the pfsense starts using IPv6 DNS at that point.
