Native IPv6 with dynamic /56 range
-
Have you tried enabling "send IPv6 prefix hint"? My provider (Comcast) will only delegate a non-/64 prefix if explicitly requested that way.
-
Also, make sure to disable "block boron networks" on the LAN interface, as this is known to break IPv6. (This really should be either fixed or at least clearly indicated in the web interface…)
-
Also, make sure to disable "block boron networks" on the LAN interface, as this is known to break IPv6. (This really should be either fixed or at least clearly indicated in the web interface…)
I didn't know that - thank you!
But sadly this didn't fix my issue.
Iattacheduploaded you a few (of course anonymized ;)) screenshots:
Did I miss something?
Thank you very much!
-
Did you try checking "send IPv6 prefix hint" as I suggested earlier? If that doesn't work either, take a look at the system log and see if there are any error messages from radvd (and/or check if radvd is actually running).
-
Sorry, I made the printscreen before testing.
I enabled it afterwards.Regarding syslog:
System/General shows:
Dec 28 03:19:33 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:33 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:33 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:33 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:33 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:33 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:34 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:34 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:34 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:34 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:34 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:35 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:35 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:35 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:35 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:35 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:35 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:36 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:36 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:36 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:36 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:36 php: /interfaces.php: Clearing states to old gateway x.y.z.1.
Dec 28 03:19:36 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:36 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:36 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:36 kernel: arpresolve: can't allocate llinfo for x.y.z.1
Dec 28 03:19:36 php: /interfaces.php: The command '/sbin/ifconfig 'vr1' inet delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
Dec 28 03:19:37 check_reload_status: rc.newwanip starting vr1
Dec 28 03:19:37 php: /interfaces.php: Accept router advertisements on interface vr1
Dec 28 03:19:37 php: /interfaces.php: ROUTING: setting default route to x.y.z.1
Dec 28 03:19:37 dhcp6c[63786]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Dec 28 03:19:37 dhcp6c[63786]: client6_init: failed initialize control message authentication
Dec 28 03:19:37 dhcp6c[63786]: client6_init: skip opening control port
Dec 28 03:19:37 rtsold: Starting dhcp6 client for interface wan(vr1)
Dec 28 03:19:40 check_reload_status: updating dyndns wan
Dec 28 03:19:42 php: /interfaces.php: Removing static route for monitor fe80::????:3300%vr1 and adding a new route through fe80::????:3300
Dec 28 03:19:42 php: /interfaces.php: Creating rrd update script
Dec 28 03:19:42 check_reload_status: Reloading filter
Dec 28 03:19:45 php: rc.newwanip: rc.newwanip: Informational is starting vr1.
Dec 28 03:19:45 php: rc.newwanip: rc.newwanip: on (IP address: x.y.z.97) (interface: wan) (real interface: vr1).
Dec 28 03:19:46 php: rc.newwanip: ROUTING: setting default route to x.y.z.1
Dec 28 03:19:47 php: rc.newwanip: Removing static route for monitor fe80::????:3300%vr1 and adding a new route through fe80::????:3300
Dec 28 03:19:53 php: rc.newwanip: Resyncing OpenVPN instances for interface WAN.
Dec 28 03:19:53 php: rc.newwanip: Creating rrd update script
Dec 28 03:19:56 php: rc.newwanip: pfSense package system has detected an ip change x.y.z.97 -> x.y.z.97 … Restarting packages.
Dec 28 03:19:56 check_reload_status: Starting packages
Dec 28 03:19:56 check_reload_status: Reloading filter
Dec 28 03:20:06 php: rc.start_packages: Restarting/Starting all packages.
Dec 28 03:24:36 php: /diag_logs.php: Successful login for user 'admin' from: 192.168.1.2
Dec 28 03:24:36 php: /diag_logs.php: Successful login for user 'admin' from: 192.168.1.2System/Routing shows
Dec 26 03:39:39 radvd[58409]: version 1.9.1 started
Dec 26 03:48:41 radvd[58771]: Exiting, sigterm or sigint received.
Dec 26 03:48:41 radvd[58771]: sending stop adverts
Dec 26 03:48:41 radvd[58771]: removing /var/run/radvd.pidalso ps aux | grep radvd shows nothing (except grep)
So radvd doesn't seem to be running…
How shall I proceed?
And by the way what's about the "arpresolve: can't allocate llinfo for x.y.z.1" error (the IP is the WAN default GW)Thank you very much!
CHfish
-
The arpresolve error might have been a transient issue while the interface temporarily had no IP.
Are you sure that your ISP actually uses DHCP6-PD? What does the DHCP log say?
-
It would seem this thread kinda died. Well to anybody who stumbled in here spending hours on trying to get a /60 (in case of residential comcast accounts) or a /56 (for business), which comcast does provide, please be aware of this bug:
https://redmine.pfsense.org/issues/3286
radvd will not work with the prefix size set to anything larger than /64 from my understanding. I am in the same boat as the OP.
-
Well can you confirm that your WAN is cnfigured with an IPv6 from dhcp6?
Also can you try with a snapshot of 2.1 from tomorrow or with latest git changes in and see if that improves?
-
Same dice :(
Running version 2.1.1-PRERELEASE (amd64) built on Sat Feb 22 05:12:28 EST 2014
Works fine with a /64 prefix but when I change it to a /60, the LAN interface loses it's previous IP address (as expected) however, it never gets another IP address after the page reloads. The routing.log file indicates:
Feb 23 03:05:00 pfsense radvd[37559]: version 1.9.1 started Feb 23 03:05:00 pfsense radvd[37559]: IPv6 forwarding setting is: 0, should be 1 Feb 23 03:05:00 pfsense radvd[37559]: IPv6 forwarding seems to be disabled, but continuing anyway. Feb 23 03:05:02 pfsense radvd[38379]: attempting to reread config file Feb 23 03:05:02 pfsense radvd[38379]: resuming normal operation Feb 23 03:14:02 pfsense radvd[38379]: Exiting, sigterm or sigint received. Feb 23 03:14:02 pfsense radvd[38379]: sending stop adverts Feb 23 03:14:02 pfsense radvd[38379]: removing /var/run/radvd.pid Feb 23 03:14:05 pfsense radvd[36579]: version 1.9.1 started Feb 23 03:14:05 pfsense radvd[36579]: no auto-selected prefix on interface em2, disabling advertisements Feb 23 03:14:07 pfsense radvd[37099]: attempting to reread config file Feb 23 03:14:07 pfsense radvd[37099]: no auto-selected prefix on interface em2, disabling advertisements Feb 23 03:14:07 pfsense radvd[37099]: resuming normal operation Feb 23 03:15:35 pfsense radvd[37099]: Exiting, sigterm or sigint received. Feb 23 03:15:35 pfsense radvd[37099]: sending stop adverts Feb 23 03:15:35 pfsense radvd[37099]: removing /var/run/radvd.pid Feb 23 03:16:38 pfsense radvd[99545]: version 1.9.1 started Feb 23 03:16:38 pfsense radvd[99545]: no auto-selected prefix on interface em2, disabling advertisements
The scary part is the fact that the sysctl (i think, i'm not sure how bsd works) is set to IPv6 forwarding disabled after making the change. As you can see, there is no prefix config that radvd sees so it disables RAs. To answer your other question, the WAN interface does, in fact, have a DHCP6 address. When you run an ifconfig after making the change to /60 and then performing a release/renew operation, there is no stateless address assigned to LAN interface (however, there is still the same DHCP6 address assigned to the WAN interface).Here is a output of ifconfig when it is set to /64(with necessary redaction and unnecessary interfaces removed e.g. VPN links, unused OPT interfaces, etc..):
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=4209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso>ether 00:25:90:ca:17:18 inet x.x.x.x netmask 0xfffffc00 broadcast 255.255.255.255 inet6 fe80::225:90ff:feca:1718%em1 prefixlen 64 scopeid 0x2 inet6 2001:558:6007:a:714b:71d1:wxyz:wxyz prefixlen 128 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=4209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso>ether 00:25:90:ca:17:19 inet 172.16.1.254 netmask 0xffffff00 broadcast 172.16.1.255 inet6 2601:4:xyz:472:225:90ff:feca:1719 prefixlen 64 inet6 fe80::1:1%em2 prefixlen 64 scopeid 0x3 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active</full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso></up,broadcast,running,simplex,multicast>
em1 is the WAN, em2 is the LAN
-
As a follow up, the entries in the routing.log file - my mistake - they were showing up like this because I clicked on the release/renew buttons. This was probably not necessary, however, I wanted to be absolutely sure em1 would solicit a router. But the problem might be what I alluded to earlier because there were no logs of the daemon starting up after clicking on the renew button. Also, the whole entire time, since the beginning, the send prefix hint box has been checked.
For kicks, I also checked the dhcp6c_wan.conf file when it was set to /60 and it appears to be correct:
interface em1 { send ia-na 0; # request stateful address send ia-pd 0; # request prefix delegation request domain-name-servers; request domain-name; script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please }; id-assoc na 0 { }; id-assoc pd 0 { prefix ::/60 infinity; prefix-interface em2 { sla-id 0; sla-len 4; }; };
Here is an output of ifconfig when set to /60:
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=4209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso>ether 00:25:90:ca:17:18 inet x.x.x.x netmask 0xfffffc00 broadcast 255.255.255.255 inet6 fe80::225:90ff:feca:1718%em1 prefixlen 64 scopeid 0x2 inet6 2001:558:6007:a:714b:71d1:wxyz:wxyz prefixlen 128 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=4209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso>ether 00:25:90:ca:17:19 inet 172.16.1.254 netmask 0xffffff00 broadcast 172.16.1.255 inet6 fe80::1:1%em2 prefixlen 64 scopeid 0x3 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active</full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso></up,broadcast,running,simplex,multicast>
The interface apparently "ACCEPT_RTADV". I'm really not sure what is going on.. :'( i swear on all the tea in china this should work.
-
Getting a /60 from Comcast residential is working fine for me on 2.1-RELEASE. My dhcp6c_wan.conf looks exactly like yours, and I do get a v6 from a /64 out of the delegated /60 on my LAN interface (and other /64s on other interfaces).
Have you tried rebooting your router after setting the prefix length to 60?
-
Works fine with a /64 prefix but when I change it to a /60, the LAN interface loses it's previous IP address (as expected) however, it never gets another IP address after the page reloads.
I had hours of fun with this myself this week. If you already obtained addressing with a /64, you can't just change to a /60 or /56 (at least with Comcast).
The reason being the two Comcast DHCPv6 servers, which have different preferences, give different responses. The server that is holding the original /64 lease will continue sending it to you regardless of how you have pfSense configured. The other server (lower preference) will be sending you a fresh /60. But, that is ignored because the other server response is preferred.
You can see that here: https://forum.pfsense.org/index.php/topic,67572.msg370238.html#msg370238
When I was making my changes with a packet capture running, I did see releases being sent. However, they were obviously not doing anything and I didn't make the effort to analyze further.
–-
The workaround is fairly easy, and you have two options:
Option 1: Set to a /60. Change your WAN MAC address and reboot. Most likely you will also need to power cycle your cable modem.
This works because changing the MAC address also changes the DUID. So, you look like a new device on the network and get a totally new DHCP-PD lease with the requested /60.
It would be really nice if pfSense had the option to allow the user to set the DUID .. hint, hint! I've seen this on other platforms.
Option 2: Comcast leases are 1 week. So, disable IPv6, go on a cruise or something and when you get back the /64 lease will have expired and the /60 will just work.
I ended up doing Option 1 and I pulled the /60 right away.
-
This looks very promising. I will try this and post the results.
-
Well I am happy to report that now thanks to priller, I am able to obtain a /60 by waiting a week (went to the Bermuda Triangle and almost was lost at sea but that is a different story :P) I am able to set the IPv6 Prefix ID for the LAN interface (wired clients) to a hex value between 0 and f as expected, and after a reboot, the interface gets the correct prefix. Just to be sure, I changed the value to 1 and it worked as well.
However, when I attempt to 'Track' the WAN interface on a different interface (OPT1) I am not able to select 0 or 2-f. I also tried this with the LAN interface set to prefix ID 0 but I was not able to select 1-f either.
The help blurb for OPT1 is misleading as it believes that there are no other prefixes to assign (it reads "Enter a hexadecimal value between 0 and 0 here, default value is 0." when the LAN prefix is either 0 or 1 per the test above).
The pop up warning is also equally troublesome: "You specified an IPv6 prefix ID that is out of range."The prefix size value is currently set to /60 and there is only one prefix in use (on LAN only), what am I missing here? There are 15 other prefixes that can be used..?
-
Ah ha, I was wondering if you were going with "Option 2"! ;)
The help blurb for OPT1 is misleading as it believes that there are no other prefixes to assign (it reads "Enter a hexadecimal value between 0 and 0 here, default value is 0." when the LAN prefix is either 0 or 1 per the test above).
For the OPT interface, I noticed that when you first select Track WAN interface, the prefix selection is 0 - 0. When you hit Save, the prefix selection changes to 0 - f. Make a selection that is not already in use on another interface. WARNING: I noticed that there is no checking and it will allow you enter a prefix that is already in use, resulting in a duplicate prefix being assigned ( at least I got it to assign prefix "0" to multiple interfaces).
The prefix size value is currently set to /60 and there is only one prefix in use (on LAN only), what am I missing here? There are 15 other prefixes that can be used..?
The prefixes are assigned one per interface. So, LAN, DMZ, WHATEVER interfaces each get a unique /64.
-
Yeah, I remember having to click save in between to get the correct prefix range as well. I suppose I could have filed a bug…
-
I thought I posted something in here yesturday but all is well now I and I thank everyone for there assistance! It was saving the page that did the trick.
-
For those still encountering issues with Comcast's odd DHCPv6 setup
FYI, another trick to doing this if you don't want to have to change the MAC address and aren't willing to wait a week:Modify the WAN dhcp settings to request a /60 as previously detailed
Download http://www.ipv6.mtu.edu/wide_mkduid.pl which is a simple perl script to create a dhcp6c_duid file.
Run it on a Linux box (or something with Perl installed) like so
$ ./wide_mkduid.pl -t now -m <pfsense wan="" mac="" address="">successfully created /home/timw/dhcp6c_duid
DUID is 00:01:00:06:55:77:0a:34:XX:XX:XX:XX:XX:XX (MAC redacted)copy over the generated dhcp6c_duid to the pfsense box (I scp'd it into /tmp)
Save a copy of /var/db/dhcp6c_duid (just in case anything goes wrong)
cp /tmp/dhcp6c_duid /var/db/dhcp6c_duid
Go into the WAN settings in the Web UI and just resave them.Immediately after doing this I was received my shiny new /60 prefix delegation.</pfsense>