IPv6 DHCP-PD – radvd dies after interface reset - dhcpv6 does not reaquire addr
-
Well, I get DHCPv6 traffic blocked even on LAN, without any bogonsv6 of course.
Jul 5 15:01:14 gw pf: 00:00:12.746276 rule 5/0(match): block in on vr0: (hlim 64, next-header UDP (17) payload length: 32) fe80::240:8cff:fe7a:7a5c.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=dcdc9d (client ID hwaddr type 1 00408c7a7a5c) (elapsed time 52080)) Jul 5 15:02:17 gw pf: 00:00:04.172277 rule 5/0(match): block in on vr0: (hlim 1, next-header UDP (17) payload length: 38) fe80::21b:78ff:fe0e:f84b.546 > ff02::1:2.547: [udp sum ok] dhcp6 inf-req (xid=23468c (elapsed time 0) (client ID hwaddr type 1 001b780ef84b) (option request status code))https://redmine.pfsense.org/issues/3074
-
Well, I get DHCPv6 traffic blocked even on LAN, without any bogonsv6 of course.
Jul 5 15:01:14 gw pf: 00:00:12.746276 rule 5/0(match): block in on vr0: (hlim 64, next-header UDP (17) payload length: 32) fe80::240:8cff:fe7a:7a5c.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=dcdc9d (client ID hwaddr type 1 00408c7a7a5c) (elapsed time 52080)) Jul 5 15:02:17 gw pf: 00:00:04.172277 rule 5/0(match): block in on vr0: (hlim 1, next-header UDP (17) payload length: 38) fe80::21b:78ff:fe0e:f84b.546 > ff02::1:2.547: [udp sum ok] dhcp6 inf-req (xid=23468c (elapsed time 0) (client ID hwaddr type 1 001b780ef84b) (option request status code))https://redmine.pfsense.org/issues/3074
Do you have a separate thread for that already? It doesn't quite belong in this one. Different issue entirely.
-
I have filed a separate issue… sorry. :-)
-
I have filed a separate issue… sorry. :-)
I saw it on there but I didn't know if there was a forum thread (I've been busy and not following close this week), it needs some discussion/troubleshooting on the forum and not back-and-forth on the ticket and I figured I'd try to help a bit, just not on the ticket since it's missing some info.
-
As mentioned in the other thread, I see the same issue of DHCP6 traffic not being allowed in when using "track interface" (i.e., no DHCP relay involved); see issue 3028.
-
I believe the issue that I'm seeing with track interface is due to what looks like a typo in /etc/inc/filter.inc:870:
$oc['track6-interface'] = $oc['track6-interface'];Looking at the surrounding code, it seems like the intended destination was $oic, not $oc. The typo causes the 'track6-interface' not to be added to FilterIfList, which in turn causes the pass rules to not be generated.
-
Confirmed on my local box that changing the destination of the assignment to $oic causes the appropriate rules to be generated on the tracking interface. Pull request.
-
radvd seems now to be stable for me too. But my Ubuntu clients don't get a address until I start dhclient -6 once?! The only address it sets is the fe80-address (SLAAC?)
I have 'iface eth0 inet6 auto' in the /etc/network/interfaces. Shouldn't they get a address automatically without starting a DHCP client?? -
radvd seems now to be stable for me too. But my Ubuntu clients don't get a address until I start dhclient -6 once?! The only address it sets is the fe80-address (SLAAC?)
I have 'iface eth0 inet6 auto' in the /etc/network/interfaces. Shouldn't they get a address automatically without starting a DHCP client??Probably best to put that in another thread, but my Ubuntu laptop pulls a V6 IP from DHCP without any intervention.
fe80 is link-local, you'll always have one of those when IPv6 is enabled, even if you don't have a connection to an IPv6 network. I use the network manager though, and IPv6 there is just set to "automatic"
$ sudo cat /etc/NetworkManager/system-connections/MYSSID [connection] id=MYSSID uuid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx type=802-11-wireless timestamp=1370526571 [802-11-wireless] ssid=MYSSID mode=infrastructure mac-address=00:xx:xx:xx:xx:xx seen-bssids=xx:xx:xx:xx:xx:xx;zz:zz:zz:zz:zz:zz; security=802-11-wireless-security [802-11-wireless-security] key-mgmt=wpa-psk psk=blah [ipv4] method=auto [ipv6] method=auto -
I've done a clean install of 2.1 and IPv6 now works, but dhcp6c reports an error and a filter reload is constantly triggered. Killing dhcp6c fixes the issue but takes down radvd with it.
Jul 9 14:40:57 dhcp6c[25113]: update_ia: status code for NA-0: no addresses Jul 9 14:40:58 php: rc.newwanipv6: ROUTING: setting default route to [ISP v4 gateway IP] Jul 9 14:40:51 check_reload_status: Reloading filter -
Yesterday I did a clean install of the following version
Version 2.1-RC0 (i386)
built on Mon Jul 8 21:26:14 EDT 2013
FreeBSD 8.3-RELEASE-p8So far (uptime is 17 hours) things appear to be working. Here are a few items that I have noticed so far
• pfSense shows that my WAN IPv6 IP is 2001:558:6033:ad:….
As far as I know, this is a valid DHCPv6 IP from Comcast.• IPv6 Test sites (example www.test-ipv6.com) return a 10/10 result
• IPv6 only sites (example ipv6.speedtest.comcast.net) load without issue
• Comcast's IPv6 Information Center site (www.comcast6.net) loads and shows the following information
Your IP address is 2601:d:4c00:ca:1118:.......
Congrats! You are using IPv6 on the Comcast Cable network.• The Service "radvd" is running on pfSense
The big question in my mind is what will happen once the lease is up on the IPv6 IP, and it goes to renew it? That was the problem before, and from what it sounds like, that issue has been corrected. I'll report back in a few days with how things go.
I've done a clean install of 2.1 and IPv6 now works, but dhcp6c reports an error and a filter reload is constantly triggered. Killing dhcp6c fixes the issue but takes down radvd with it.
Could you provide a bit more information on how I can check my system to see if I am getting a similar error?
Thanks,
–Brian
-
I am also not seeing any immediate issues with the July 8th build. Good job to everyone that helped to fix this!
-
I upgraded to the built of Fri Jul 5 18:13:39 EDT 2013 and it's now been running for over 4 days and renewed without problems. This is the first time it renewed and maintained IPv6 connectivity. All the tests and comcast6.net are working. Previous as others report it would not work after the 4 days.
What ever changes has been made there going in the right direction.
I'll give it another day or two then update to the latest snapshot and see what happens and post my results.
Thanks for your dedicated work it's appreciated.
-
Could you provide a bit more information on how I can check my system to see if I am getting a similar error?
The main symptom is 100% CPU usage on one core while the filter reloads indefinitely.
-
Could you provide a bit more information on how I can check my system to see if I am getting a similar error?
The main symptom is 100% CPU usage on one core while the filter reloads indefinitely.
I don't think I have that issue. I only have a single core CPU (Intel Pentium III) and the usage is mostly at 1%. Sometimes, it will spike to 34%, but that is not that often.
–Brian
-
Well, I have bad news to report.
Back on July 10, I reported that I had did a clean install of the following version
Version 2.1-RC0 (i386)
built on Mon Jul 8 21:26:14 EDT 2013
FreeBSD 8.3-RELEASE-p8Everything with IPv6 appeared to be working as it should have.
Well, my uptime is now just over 5 days, and as you can tell by the attached picture, I have again lost my IPv6 IP.
A few quick notes:
-
No IPv6 IP on the WAN side
-
IPv6 Test sites return 0/10
-
IPv6 only sites fail to load
-
The Service "radvd" is no longer listed in pfSense.
If anyone here would like more information, let me know and I'll be happy to get it and post it.
Thanks,
–Brian
-
-
Please provide a system log and configuration of the system to see if its related to this.
Also there have been some changes to firewall rules in latest snapshots which might impact functionality. -
Well, my uptime is now just over 5 days, and as you can tell by the attached picture, I have again lost my IPv6 IP.
–Brian
Clear /etc/bogonsv6 and see if it comes back. You may have to reboot.
-
@ermal:
Please provide a system log and configuration of the system to see if its related to this.
Also there have been some changes to firewall rules in latest snapshots which might impact functionality.Thanks for the reply.
So that we are on the same page, here is the information on the build that I am running
Version 2.1-RC0 (i386)
built on Mon Jul 8 21:26:14 EDT 2013
FreeBSD 8.3-RELEASE-p8Hardware information:
Using a Dell Tower, running with a Pentinum III CPU, 512 MB of Ram, and a 20 GB hard drive.Here are the last 50 entries from my system log.
Jul 9 13:57:04 php: rc.newwanip: Creating rrd update script
Jul 9 13:57:07 php: rc.newwanip: pfSense package system has detected an ip change 24.13.17.39 -> 24.13.17.39 … Restarting packages.
Jul 9 13:57:07 check_reload_status: Reloading filter
Jul 9 13:59:00 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 9 13:59:00 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 9 15:36:25 php: /index.php: webConfigurator authentication error for 'admin' from 192.168.1.100
Jul 9 15:36:25 php: /index.php: webConfigurator authentication error for 'admin' from 192.168.1.100
Jul 9 15:36:32 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 9 15:36:32 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 9 22:42:46 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 9 22:42:46 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 10 04:49:16 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 10 04:49:16 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 10 06:53:51 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 10 06:53:51 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 11 06:43:19 check_reload_status: updating dyndns WAN_DHCP
Jul 11 06:43:19 check_reload_status: Restarting ipsec tunnels
Jul 11 06:43:19 check_reload_status: Restarting OpenVPN tunnels/interfaces
Jul 11 06:43:19 check_reload_status: Reloading filter
Jul 11 06:43:36 check_reload_status: updating dyndns WAN_DHCP
Jul 11 06:43:36 check_reload_status: Restarting ipsec tunnels
Jul 11 06:43:36 check_reload_status: Restarting OpenVPN tunnels/interfaces
Jul 11 06:43:36 check_reload_status: Reloading filter
Jul 11 11:29:54 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 11 11:29:54 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 11 12:26:37 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 11 12:26:37 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 12 08:57:27 check_reload_status: updating dyndns WAN_DHCP,WAN_DHCP6
Jul 12 08:57:27 check_reload_status: Restarting ipsec tunnels
Jul 12 08:57:27 check_reload_status: Restarting OpenVPN tunnels/interfaces
Jul 12 08:57:27 check_reload_status: Reloading filter
Jul 12 14:26:36 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 12 14:26:36 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 12 18:46:36 dhcp6c[20735]: client6_timo: all information to be updated was canceled
Jul 12 18:50:18 dhcp6c[20735]: client6_timo: all information to be updated was canceled
Jul 13 14:01:13 dhcp6c[20735]: client6_timo: all information to be updated was canceled
Jul 13 14:03:45 dhcp6c[20735]: client6_timo: all information to be updated was canceled
Jul 14 23:25:40 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 14 23:25:40 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 15 02:51:03 check_reload_status: updating dyndns WAN_DHCP
Jul 15 02:51:03 check_reload_status: Restarting ipsec tunnels
Jul 15 02:51:03 check_reload_status: Restarting OpenVPN tunnels/interfaces
Jul 15 02:51:03 check_reload_status: Reloading filter
Jul 15 02:51:12 php: rc.newwanipv6: rc.newwanipv6: Informational is starting rl0.
Jul 15 02:51:12 php: rc.newwanipv6: rc.newwanipv6: on (IP address: 2001:558:6033:ad:3d6d:7e5d:7bea:f1ae) (interface: wan) (real interface: rl0).
Jul 15 02:51:13 php: rc.newwanipv6: ROUTING: setting default route to 24.13.16.1
Jul 15 02:51:13 php: rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::201:5cff:fe3d:4e41%rl0
Jul 15 02:51:15 check_reload_status: Reloading filter
Jul 15 05:19:52 php: /index.php: Successful login for user 'admin' from: 192.168.1.100
Jul 15 05:19:52 php: /index.php: Successful login for user 'admin' from: 192.168.1.100If you want the full log, I can do that if you can provide the command to run to get it.
As far as firewall rules, see the two attached pics for the rules on the WAN and LAN side. I know that whatever is there was added by default on the build that I am running, as I did not make any changes to the firewall rules.
Thanks,
–Brian
-
Clear /etc/bogonsv6 and see if it comes back. You may have to reboot.
How would I go about doing this step?
Thanks,
–Brian
