IPv6 DHCP-PD – radvd dies after interface reset - dhcpv6 does not reaquire addr
-
@ermal:
You mean it does never try to reconnect with dhcp6?
It tries, but fails. It will not reacquire IPv6 addressing after the WAN interface drops and comes back up. Neither the WAN IPV6 global address or the PD for the LAN.
The "client6_recvadvert: XID mismatch" error just keeps repeating every couple of seconds.
radvd also stops and "disappears" as noted in this bug: http://redmine.pfsense.org/issues/2878
I can reproduce this problem on demand, just by restarting the cable modem.
–--
Log sequence as follows:
17:41:24 dhcp6c[94030]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
17:41:24 dhcp6c[94030]: client6_init: failed initialize control message authentication
17:41:24 dhcp6c[94030]: client6_init: skip opening control port
17:46:34 dhcp6c[16033]: client6_recvadvert: XID mismatch <<<– This keeps repeating.
-
I originally submitted the bug 2878, but I may have having a slightly different problem than the one you've described. My WAN ipv6 global address seems to be sticking around, but as you said RADVD disappears. I tried ping through the web interface and ping6 through ssh and they are still working from the firewall on the wan interface.
Checking /var/etc/radvd.conf just has #Automatically generated, do not edit.
I have on track WAN interface for my internal interface with ipv6 prefix id of 0.
I should also note that in the dashboard, WAN_DHCP6 in the gateways section shows an fe80 loopback address, while WAN (DHCP) in the interfaces section show a 2001: external address
-
I originally submitted the bug 2878, but I may have having a slightly different problem than the one you've described. My WAN ipv6 global address seems to be sticking around, but as you said RADVD disappears. I tried ping through the web interface and ping6 through ssh and they are still working from the firewall on the wan interface.
I had that happen yesterday. WAN DHCPv6 did a renew, the WAN IPv6 address was still there. But, RADVD disappeared and there was no IPv6 address on the LAN.
In that instance, I was not receiving the "XID mismatch" errors. RADVD just died after renewal. So, I'd call it another sighting of your bug 2878.
-
This is the same thing that happens to me. On a reboot the WAN (fxp1) IPV6 ip stays constant for about 30 minutes, then gets a change and doesn't seem to refresh the local interface. This was in my system log.
Mar 15 23:31:12 php: : rc.newwanipv6: Informational is starting fxp1.
Mar 15 23:31:17 php: : rc.newwanipv6: on (IP address: 2001:558:xxxxxxxx) (interface: wan) (real interface: fxp1).
Mar 15 23:31:18 php: : The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid sk0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.4-P2 Copyright 2004-2012 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Wrote 0 leases to leases file. No subnet6 declaration for sk0 (fe80:2::xxxxxxx). ** Ignoring requests on sk0. If this is not what you want, please write a subnet6 declaration in your dhcpd.conf file for the network segment to which interface sk0 is attached. ** Not configured to listen on any interfaces! If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailiFYI, the /etc/dhcpdv6.conf file is empty.
Not sure if this means I should be adding something in dhcpd.conf. I can't access the dhcp6 configuration for a local lan (sk0) because I am using track interface for my ipv6 configuration.
My guess would be a change to /etc/rc.newwanipv6 10 days ago.
-
I had that happen yesterday. WAN DHCPv6 did a renew, the WAN IPv6 address was still there. But, RADVD disappeared and there was no IPv6 address on the LAN.
OK, this problem is pretty serious and very real.
Right on cue, 48 hours later, the WAN dhcpv6 did a renew and BAM! IPv6 addressing assigned to the LAN (DHCP-PD) is gone and radvd has disappeared.
Is there anything I can provide to help resolve this issue?
** Edit **
Just saw something. Both times this has happened, there was this syslog message just before everything went to crap.
"pfSense package system has detected an ip change 2001:558:6020:xxxx:35ac:547f:afad:d3f -> 2001:558:6020:xxxx:4cff:12d7:4aa5:fc41 … Restarting packages."
When in reality, there was NO change. Before the 'event', the address was 2001:558:6020:xxxx:4cff:12d7:4aa5:fc41 and it still is.
So, the question is … What is triggering this? Why did pfsense erroneously think it had changed? Is the WAN address stored in a file somewhere and is compared when dhcpv6 renews? I'm thinking that file is not being updated and every time there is a renewal, it thinks it has changed.
Thoughts?
-
Just saw something. Both times this has happened, there was this syslog message just before everything went to crap.
"pfSense package system has detected an ip change 2001:558:6020:xxxx:35ac:547f:afad:d3f -> 2001:558:6020:xxxx:4cff:12d7:4aa5:fc41 … Restarting packages."
When in reality, there was NO change. Before the 'event', the address was 2001:558:6020:xxxx:4cff:12d7:4aa5:fc41 and it still is.
So, the question is … What is triggering this? Why did pfsense erroneously think it had changed? Is the WAN address stored in a file somewhere and is compared when dhcpv6 renews? I'm thinking that file is not being updated and every time there is a renewal, it thinks it has changed.
I've noticed something that doesn't look right that may explain the above.
The current WAN address from ifconfig:
inet6 2001:558:6020:14a:3117:6e4b:xxxx:b6bf prefixlen 128
The contents of /var/db/wan_ipv6:
2001:558:6020:14a:4cff:12d7:4aa5:fc41 <<<–-- OLD ... the previous address
The contents of /var/db/wan_cacheipv6:
2001:558:6020:14a:4cff:12d7:4aa5:fc41 <<<–-- OLD ... the previous address
So, the next time it renews (and gets the same address renewed), one of those files will be checked and pfsense will erroneously think the address changed. But, that is stale information.
Can somebody confirm that the expectation is that the /var/db file(s) should be the current address and not the last, no longer valid address?
Is my logic wrong?
Thanks
-
Do you have on the logs any line similar to:
rc.newwanipv6: on (IP address: {$curwanipv6}) (interface: {$interface}) (real interface: {$interface_real}). -
@ermal:
Do you have on the logs any line similar to:
rc.newwanipv6: on (IP address: {$curwanipv6}) (interface: {$interface}) (real interface: {$interface_real}).There is:
Mar 16 18:57:19 php: : rc.newwanipv6: Informational is starting re1.
Mar 16 18:57:24 php: : rc.newwanipv6: on (IP address: 2001:558:6020:14a:4cff:12d7:4aa5:fc41) (interface: wan) (real interface: re1).This ran during a scheduled dhcpv6 renewal. Since the time stamp on that one, the WAN IP had changed after reboot and there is no syslog to reflect that it ran. And the /var/db files were not updated.
For now, I've manually edited those 2 /var/db files to reflect the current address. Will see if it survives the next renewal without issue.
–-
A secondary issue is that almost every time I reboot, the WAN IPv6 address and the PD for LAN change. It's like the DUID is changing with each restart. This should be constant.
I've found some older discussions about the DUID changing here:
http://www.dslreports.com/forum/r27854661-IPv6-Seeing-two-different-LAN-side-ranges
http://forum.pfsense.org/index.php/topic,55161.msg306484.html#msg306484 -
@ermal:
Do you have on the logs any line similar to:
rc.newwanipv6: on (IP address: {$curwanipv6}) (interface: {$interface}) (real interface: {$interface_real}).Previously I had
rc.newwanipv6: on (IP address: 2001:558:xxxxxxxx) (interface: wan) (real interface: fxp1).Not sure if you need any more info.
Looks like you have made some changes to dual stack (rc.linkup) and radvd, but the latest build I see is from yesterday March 17th. I will wait for a new build later today, then do the update to let you know how it goes. Ironically, I have not lost my ipv6 lan address in the past 12 hours.
-
Yeah made some changes which should improve the situation.
Test with newer snapshots. -
@ermal:
Yeah made some changes which should improve the situation.
Test with newer snapshots.It gotten worse with the 20130318-1652 build. I can get the WAN interface IPv6 address, but cannot get the PD for LAN.
RADVD doesn't even start at all.
After upgrade, getting this on the dashboard:
[ There were error(s) loading the rules: pfctl: DIOCADDALTQ: Device busy - The line in question reads [0]: ]This message is constant: dhcp6c[16530]: client6_recvadvert: XID mismatch
–-----
Reverted back to:
2.1-BETA1 (amd64)
built on Sun Mar 17 12:19:16 EDT 2013
FreeBSD 8.3-RELEASE-p6... and everything came back.
-
It would have been helpful having the system logs rather than just it does not work!
This message is constant: dhcp6c[16530]: client6_recvadvert: XID mismatch
This might be not important since you might be seeing other clients reply/advertisments.
-
Here's what I saw after applying the 20130318-1652 build.
-
IPv4 was working fine.
-
IPv6 - The WAN obtained an address. There was never PD assigned to the LAN.
-
There are dozens of "client6_recvadvert: XID mismatch" messages.
-
I never saw RADVD start. Never saw it in a 'stopped' state, it just never appeared. There is not a single syslog message about it. Possibly it doesn't get called until there is IPV6 address on the LAN?
-
The dashboard kept flashing the following:
There were error(s) loading the rules: pfctl: DIOCADDALTQ: Device busy - The line in question reads 0 -
I attempted to revert back to previous configuration from GUI. Firmware –> Restore Full Backup.
This failed twice (as in didn't do anything, no syslog message) -
I then downloaded and installed the Sun Mar 17 12:19:16 build. When it came back up, system was normal.
Here's syslogs that appear to be anywhere relevant to the issue.
No indication that rc.newwanipv6 ever ran.
21:15:40 syslogd: kernel boot file is /boot/kernel/kernel
21:15:41 php: : Restarting/Starting all packages.21:15:54 dhcp6c[15951]: client6_recvadvert: XID mismatch
21:15:57 php: : Checking for and disabling any rules dependent upon disabled preprocessors for WAN…
21:17:46 dhcp6c[15951]: client6_recvadvert: XID mismatch21:35:41 php: : rc.newwanip: Informational is starting ovpns1.
21:35:42 apinger: Starting Alarm Pinger, apinger(23340)
21:35:42 apinger: bind socket: Can't assign requested address
21:35:45 dhcp6c[16042]: client6_recvadvert: XID mismatch21:35:48 php: : The command '/sbin/route change -inet6 default fe80::201:5cff:fe24:9301' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable route: writing to routing socket: Network is unreachable change net default: gateway fe80::201:5cff:fe24:9301: Network is unreachable'
21:35:58 php: : Checking for and disabling any rules dependent upon disabled preprocessors for WAN…
21:36:27 kernel: re1: promiscuous mode enabled
21:36:37 dhcp6c[16042]: client6_recvadvert: XID mismatch
-
-
Ok after a lot of fighting with it i finally think that tomorrow snapshot will behave ok.
The problem was that multiple dhcp6c were running at same time.Test with tomorrows snapshot and let me know.
-
Thanks for all the work you have put into it. I updated to ….
2.1-BETA1 (amd64)
built on Tue Mar 19 16:39:04 EDT 2013... and I'm pulling IPv6 addressing. A couple of issues/observations.
- RADVD - It comes up and stops and I have to manually start it.
Mar 19 19:29:51 pfsense radvd[57759]: version 1.9.1 started
Mar 19 19:29:54 pfsense radvd[57888]: our AdvManagedFlag on re0 doesn't agree with fe80::201:5cff:fe24:9301 <<–- Confirmed Gateway addr
Mar 19 19:29:57 pfsense radvd[57888]: our AdvManagedFlag on re0 doesn't agree with fe80::201:5cff:fe24:9301I have rebooted twice and same. It's stopped, but will manually start OK.
- Cannot pass IPv6 traffic from the LAN to the Internet
- The LAN is assigned the PD
- The hosts are seeing the RA. I've captured with Wireshark, on the hosts, and all looks correct.
- The WAN IPv6 gateway is up
- The default route on the hosts and pfsense is there.
However, IPv6 traffic from the LAN cannot access the Internet. My SWAG is that the error in #1 above has prevented the CMTS from inserting the LAN prefix into it's routing table, so I can't get anywhere (I've seen something like this before with other products).
If if go back to the Sun Mar 17 12:19:16 EDT 2013 build, everything starts working.
I've very sorry, but I don't know what else to add. ????
- /var/db/wan_ipv6 and /var/db/wan_cacheipv6
Neither reflects the current IPv6 WAN address. Is that an issue? It appeared to be a conflict when the address renews. rc.newwanipv6 is erroneously triggered thinking the WAN address has changed, when in reality it has not.
-
I am getting the same types of issues with the March 19th 16:35 build.
Mar 20 08:02:53 php: : rc.newwanipv6: Informational is starting fxp1.
Mar 20 08:02:58 php: : rc.newwanipv6: Failed to update wan IPv6, restarting…
Mar 20 08:02:58 dhcp6c[29010]: check_exit: exiting
Mar 20 08:03:02 php: : rc.newwanipv6: Informational is starting fxp1.
Mar 20 08:03:07 php: : rc.newwanipv6: Failed to update wan IPv6, restarting…It appears I can no longer use ping6 on the lan side, probably due to radvd not starting. I see radvd in the services section, but when I go to start it I get this error.
Mar 20 08:04:38 kernel: pid 89651 (radvd), uid 0: exited on signal 11 (core dumped) -
Thank you for the continued work on this. I've updated to the latest Mar 21 04:30:58 EDT 2013.
A few notes on this build:
- In the system log I am seeing quite frequently… dhcp6c[34635]: client6_recvadvert: XID mismatch
- Ping6 works fine from the firewall, but not from any clients on the local lan.
- radvd does not start automatically. However, I can start it now without it giving a core dump. When I do start it, I can ping from the local lan as well. :)
-
I updated to:
2.1-BETA1 (amd64)
built on Thu Mar 21 17:04:35 EDT 2013Appears to working OK. Only observations are:
-
I had to manually start radvd. Once started, there were no errors. IPv6 connectivity is good.
-
/var/db/wan_ipv6 and /var/db/wan_cacheipv6 don't have the current WAN IPv6 address. Problem or not???
So, I'll wait 48 hours and see what happens at dhcpv6 renewal time. That's when I have been loosing the LAN PD and have to reboot.
-
-
So, I'll wait 48 hours and see what happens at dhcpv6 renewal time. That's when I have been loosing the LAN PD and have to reboot.
It's now been over 72 hours and it's still solid. So, it looks like a good fix. Thanks!
-
Guess I spoke too soon. A different issue has shown itself now.
At exactly 4 days uptime, I lost all IPv6 addressing. The WAN IPv6 address was gone; the PD for the LAN was also gone.
4 days just happens to be the IPv6 lease time from Comcast. So, it looks like the lease expired and pfSense did not renew.
The only syslog during this event was:
Mar 26 07:35:03 dhcp6c[46766]: client6_timo: all information to be updated was canceled
Mar 26 07:38:12 dhcp6c[46766]: client6_timo: all information to be updated was canceled -
I'm still having similar problems. It looks like it was around 48 hours later, then my ipv6 lan addressing was also dropped.
Mar 21 12:14:43 radvd[66853]: version 1.9.1 started <–-----------------STARTED
Mar 21 12:38:50 radvd[67052]: attempting to reread config file
Mar 21 12:38:50 radvd[67052]: resuming normal operation
Mar 21 12:43:50 radvd[67052]: attempting to reread config file
Mar 21 12:43:50 radvd[67052]: resuming normal operation
Mar 23 11:55:35 radvd[67052]: Exiting, sigterm or sigint received. <–----------RADVD STOPPED, NEVER RESTARTEDWan IPv6 still works ok. I am using Comcast as well.
Using the latest Mar 26th build it looks like radvd is still not starting.
Mar 26 18:50:43 php: : rc.newwanip: Informational is starting fxp1.
Mar 26 18:50:43 php: : rc.newwanip: on (IP address: 71.238.140.xxx) (interface: wan) (real interface: fxp1).
Mar 26 18:50:43 php: : Accept router advertisements on interface fxp1
Mar 26 18:50:43 php: : ROUTING: setting default route to 71.238.140.1
Mar 26 18:50:43 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe3d:xxxx%fxp1
Mar 26 18:50:43 php: : ROUTING: setting default route to 71.238.140.1
Mar 26 18:50:43 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe3d:xxxx%fxp1
Mar 26 18:50:44 dhcpleases: Could not deliver signal HUP to process because its pidfile does not exist, No such file or directory.
Mar 26 18:50:44 dhcp6c[46524]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Mar 26 18:50:44 dhcp6c[46524]: client6_init: failed initialize control message authentication
Mar 26 18:50:44 dhcp6c[46524]: client6_init: skip opening control port -
Very interesting. I had to start radvd manually every time the system booted.
I decided to do a total reinstall, now radvd starts reliably (I imported the config.xml into the fresh install)
Does applying the update builds leave stuff behind that in-turn causes conflicts or doesn't update something?
Have to wait and see if the IPv6 address renewal problem is any better now.
-
I think I've fallen victim to this issue as well. IPv6 has disappeared from the LAN interface. RADVD service is simply gone from the services page now. It was there earlier. I think after 48 hours there is some sort of address renewal process which triggers this.
Without the LAN interface having any IPv6 connectivity, all IPv6 connectivity on the LAN has ceased. Strangely enough, the renewal code seems to correctly populate resolv.conf with the IPV6 DNS entries. Upon bootup, resolv.conf will only have IPv4 DNS. So startup and renewal each have their own issues.
This is on the March 26th snapshot nanobsd i386. ISP is Comcast.
-
I'm not sure if what I'm seeing after upgrading to the March 30th snapshot is the same issue for this thread but I don't have any IPv6 connectivity at all on the LAN. RADVD is sending advertisements, all LAN clients pick up an address (but not DNS) but there is no connectivity.
I can't ping the router's LAN address
I get a lot of failed to update WAN IPv6 address errors.
Mar 31 17:18:05 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe31:b7c1%vr1 Mar 31 10:18:08 php: : rc.newwanipv6: Failed to update wan IPv6, restarting... Mar 31 17:18:11 check_reload_status: Updating all dyndns Mar 31 10:18:18 php: : rc.newwanip: Informational is starting vr1. Mar 31 10:18:18 php: : rc.newwanip: on (IP address: 24.x.y.z) (interface: wan) (real interface: vr1). Mar 31 10:18:18 php: : Accept router advertisements on interface vr1 Mar 31 17:18:18 check_reload_status: Restarting ipsec tunnels Mar 31 10:18:18 php: : ROUTING: setting default route to 24.x.yyy.1 Mar 31 10:18:18 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe31:b7c1%vr1 Mar 31 17:18:20 check_reload_status: Reloading filter Mar 31 10:18:21 dhcp6c[18942]: client6_recvreply: status code: success Mar 31 10:18:21 dhcp6c[48004]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory Mar 31 10:18:22 dhcp6c[48004]: client6_init: failed initialize control message authentication Mar 31 10:18:22 dhcp6c[48004]: client6_init: skip opening control port Mar 31 10:18:23 php: : rc.newwanipv6: Informational is starting vr1. Mar 31 10:18:25 php: : Resyncing OpenVPN instances for interface WAN. Mar 31 10:18:26 php: : Creating rrd update script Mar 31 10:18:28 php: : rc.newwanipv6: Failed to update wan IPv6, restarting... Mar 31 10:18:28 dhcp6c[18942]: client6_recvadvert: XID mismatch Mar 31 10:18:28 dhcp6c[18942]: client6_recvadvert: XID mismatch Mar 31 10:18:28 dhcp6c[18942]: client6_recvadvert: XID mismatch Mar 31 10:18:28 dhcp6c[18942]: client6_recvadvert: XID mismatch Mar 31 10:18:28 dhcp6c[18942]: client6_recvadvert: XID mismatch Mar 31 10:18:28 dhcp6c[18942]: client6_recvadvert: XID mismatch Mar 31 10:18:28 dhcp6c[18942]: client6_recvreply: status code: success Mar 31 10:18:30 php: : rc.newwanipv6: Informational is starting vr1. Mar 31 10:18:30 php: : pfSense package system has detected an ip change 0.0.0.0 -> 24.x.y.z ... Restarting packages. Mar 31 17:18:30 check_reload_status: Starting packages Mar 31 10:18:35 php: : rc.newwanipv6: Failed to update wan IPv6, restarting... Mar 31 10:18:35 dhcp6c[18942]: check_exit: exiting Mar 31 10:18:40 php: : Restarting/Starting all packages. Mar 31 10:18:40 php: : The OpenVPN Client Export Utility package is missing its configuration file and must be reinstalled. Mar 31 10:18:44 php: : rc.newwanipv6: Informational is starting vr1. Mar 31 17:18:46 check_reload_status: Syncing firewall Mar 31 10:18:49 php: : rc.newwanipv6: Failed to update wan IPv6, restarting... Mar 31 17:18:54 php: : Creating rrd update script Mar 31 17:19:38 php: : PBI dir for zip-3.0-i386 was not found - cannot cleanup PBI files Mar 31 17:19:38 php: : PBI dir for p7zip-9.20.1-i386 was not found - cannot cleanup PBI files Mar 31 17:19:40 check_reload_status: Syncing firewall Mar 31 17:19:43 php: : Beginning package installation for OpenVPN Client Export Utility . Mar 31 17:21:48 check_reload_status: Syncing firewall Mar 31 10:21:49 syslogd: exiting on signal 15 Mar 31 10:21:49 syslogd: kernel boot file is /boot/kernel/kernel Mar 31 10:21:51 php: : Restarting/Starting all packages.
-
darkcrucible: Are you on a cable modem?
When I have seen the "dhcp6c[18942]: client6_recvadvert: XID mismatch", pfsense will just keep thrashing until I power cycle the cable modem and reboot pfsense. Then it clears and will obtain the IPv6 addressing (IPv4 is always fine).
This seems to happen after updating to a newer snapshot.
-
Bit of update. Once again at renewal time, all IPv6 addressing was lost. The only syslog message was:
Apr 1 13:32:49 dhcp6c[29310]: client6_timo: all information to be updated was canceled
During this time, I was also running a packet capture on the WAN.
It was interesting to see that pfSense was getting two replies from Comcast, different server ID's. One had the addresses that should have been renewed, the other had different addressing. So, I suspect the pfSense didn't like that and killed everything.
So, I have a contact within Comcast and will see what they have to say about the two different responses. And what the expected client response should have been.
Also, after a reboot, I'm back to having to manually start RADVD.
-
I have been having issues with my comcast ipv6 as well - have not gotten around to looking into it yet, not something that I really need.. Just like having up to play with when I want to play with ipv6.
But I am seeing
Mar 31 11:44:38 radvd[55232]: Exiting, failed to read config file.
Mar 31 11:44:38 radvd[55232]: error parsing or activating the config file: /var/etc/radvd.conf
Mar 31 11:44:38 radvd[55232]: syntax error in /var/etc/radvd.conf, line 2:
Mar 31 11:44:38 radvd[55232]: version 1.9.1 startedYou look in the conf and there is nothing there.
cat /var/etc/radvd.conf
Automatically Generated, do not edit
Currently running
2.1-BETA1 (i386)
built on Fri Mar 22 11:05:31 EDT 2013
FreeBSD 8.3-RELEASE-p6I will update when I get home and look into it a bit deeper. I was working fine for long time, then just noticed a while back not working after update to snap.. I to was going to do a clean install, just have not go around to that either..
If I do a sniff I do see this which seems odd - seems like offering 2 prefixes?
-
I have opened the following bug: https://redmine.pfsense.org/issues/2919
I was running a packet capture when the lease expired. The IPv6 DHCP server is responding properly, but pfSense never binds.
-
With the April 8th snapshot, IPv6 connectivity with my Comcast link is restored to the LAN clients. I skimmed through redmine to see what might be affecting this. A few items stood out. Not sure exactly which one.
Getting connectivity back is certainly an improvement. pfsense itself still doesn't use the IPv6 DNS given to it by Comcast and none of the LAN clients seem to use the IPv6 LAN address of pfsense for DNS forwarding like they used to back in February.
I'll report back in a few days after the renewal on whether connectivity remains and if the pfsense starts using IPv6 DNS at that point.
-
sweet!!!! I will try this build when I get home!
-
On my routers DHCP v6 not working at all after switching on rtsol.
rtsold should be used on IPv6 hosts (non-router nodes) only.
[2.1-BETA1][root@router.lan]/root(105): /usr/sbin/rtsold -1 -p /var/run/rtsold_em0.pid -O /var/etc/rtsold_em0_script.sh em0 rtsold: kernel is configured as a router, not a host
-
Still not working
2.1-BETA1 (i386)
built on Tue Apr 9 13:23:01 EDT 2013Get errors that radvd.conf is bad
Apr 10 08:09:51 radvd[74841]: Exiting, failed to read config file.
Apr 10 08:09:51 radvd[74841]: error parsing or activating the config file: /var/etc/radvd.conf
Apr 10 08:09:51 radvd[74841]: syntax error in /var/etc/radvd.conf, line 2:There is nothing in this file other than
[2.1-BETA1][root@pfsense.local.lan]/var/etc(11): cat /var/etc/radvd.conf
Automatically Generated, do not edit
[2.1-BETA1][root@pfsense.local.lan]/var/etc(12):
What is suppose to update this file? I tried clean install, and I did see my 2001 address on wan and 2006 address on lan, but it ended it :2 – and after reboot gone? No nothing on wan other than local link address, and nothing on lan.
This was working perfect, and then just stopped??
-
So I gave it some time, and now getting /128 on wan and /64 on lan
WAN (wan) -> em1 -> v4/DHCP4: 24.13.xx.xx/21
v6/DHCP6: 2001:558:xxxx:12c:405d:37e1:34e1:fe29/128
LAN (lan) -> em0 -> v4: 192.168.1.253/24
v6/t6: 2601:d:xxxx:d7:250:56ff:fe00:2/64So it is working - but here is question. I don't want the lan IP to use the mac, which clearly is where that address is coming from. What would be nicer is if the lan interface grabbed the first IP in the net
2601:d:xxxx:d7::1
so my mac on the lan interface is
em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:00:00:02Is there some setting that needs to be made so it doesn't do that, and just uses the first IP in the network its assigned?</vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast>
-
At 48 hours, the renewal time, the IPv6 LAN address disappears, RADVD vanishes from the services page, and resolv.conf picks up the IPv6 DNS from Comast (it only had the 75.75.x addresses prior to the renewal).
-
At 48 hours, the renewal time, the IPv6 LAN address disappears, RADVD vanishes from the services page, and resolv.conf picks up the IPv6 DNS from Comast (it only had the 75.75.x addresses prior to the renewal).
pfSense will only bind the LAN IPv6 prefix at boot time. Once the lease expires it will never rebind. It just keeps trying to infinity. I'd say this is definitely a Show-Stopper bug.
-
Yup seems I lost my IPs as well…
So I have updated to
2.1-BETA1 (i386)
built on Fri Apr 12 04:55:08 EDT 2013
FreeBSD 8.3-RELEASE-p7Still not working, so turned off ipv6 on the wan - then back on. Got my 2001 on my wan, then a bit later new 2601 on my lan - but different subnet. Gawd that sucks - if the /64 handed to me is going to change every time, I will just go back to the tunnel from HE. This never changed.
Also noticed that delete virtual IPs is still not working as well. Since the virtual I put on my lan with ::1 as the address vs the mac containing ipv6 it get would not delete. Using IE gives a warning about deleting, you say yes never deletes - firefox no such warning, but might because I popups blocked. But does not delete. So once got new address on lan, I change my virtual to be in that /64 and now I have ipv6 access again. But its a pain, lets see if goes away in 48 hours.
And I looked in the config - only place that address was listed was
<virtualip><vip><mode>ipalias</mode> <interface>lan</interface> <descr><type>single</type> <subnet_bits>64</subnet_bits> <subnet>2601:d:xxxx:d7::1</subnet></descr></vip></virtualip>
-
Still not working, so turned off ipv6 on the wan - then back on. Got my 2001 on my wan, then a bit later new 2601 on my lan - but different subnet. Gawd that sucks - if the /64 handed to me is going to change every time, I will just go back to the tunnel from HE. This never changed.
That's what I've ended up doing. HE is solid.
After studying my packet captures, I see two related issues here.
-
When it's time to renew, pfs sends a REBIND. The response from the server is a renewal of the same prefix. That's good, unfortunately that is not processed by pfs … that's bad. The result is that the LAN IPv6 address is purged and never returns.
-
When pfs does an initial SOLICIT. You get a response from two Comcast DHCP servers, each with a different prefix. One is the what you had before (as long as you are within the lease window) the other is a new one. If pfs remembered it's last prefix, it should just rebind on a matching response. However, it does not. The end result is that your LAN prefix can keep changing each time you reset/reboot. Again, that is in the bad category.
-
-
Any fix available yet? ???
My ISP (Deutsche Telekom) gives me an IPv6 address (dual stack) since I switched to IPTV. It comes via DHCP6, but it's not static (it changes everytime I reboot or go offline+online).
LAN is set to Track Interface.
When I reboot, WAN is getting the IPv6 IP, LAN is also getting another IPv6 IP, but radvd doesn't seem to work. When I go to Services and restart radvd my clients are also getting IPv6 IPs and it works perfect. But after about 10 or 20 minutes radvd kills itself and disappeares in the Services menu and the LAN interface doesn't have it's IPv6 address anymore.Apr 25 19:18:10 radvd[58188]: version 1.9.1 started
Apr 25 19:18:41 radvd[58287]: attempting to reread config file
Apr 25 19:18:41 radvd[58287]: resuming normal operation
Apr 25 19:29:22 radvd[58287]: sendmsg: Can't assign requested address
Apr 25 19:29:23 radvd[58287]: attempting to reread config file
Apr 25 19:29:23 radvd[58287]: syntax error in /var/etc/radvd.conf, line 44:
Apr 25 19:29:23 radvd[58287]: error parsing or activating the config file: /var/etc/radvd.conf
Apr 25 19:44:31 radvd[30802]: version 1.9.1 started
Apr 25 19:44:31 radvd[30802]: syntax error in /var/etc/radvd.conf, line 2:
Apr 25 19:44:31 radvd[30802]: error parsing or activating the config file: /var/etc/radvd.conf
Apr 25 19:44:31 radvd[30802]: Exiting, failed to read config file.Any suggestions? :-[
It's unusable for me at the moment. -
The reason the /64 allocation changes is that the /var/db/dhcp6c_duid file does not persist on reboot. Each reboot this file is recreated and a new DUID is assigned.
It would be nice to have the option to retain this file.
-
Any updates on this one?