May 1 - IPv6 broken?
-
I had this issue before on the last snapshot I was using (about a week or two ago) but I could always get it to come online, now I can't.
I have an HE.net tunnel and have the GIF interface configured like it needs to be. I assign it to an interface named "WANv6", tell it no IPv4 and Static IPv6. I give it all it's parameters just like I always have and it seems like it isn't taking the address. I can save and apply the changes just fine but when I go back to the dashboard, the Interfaces list is blank for "WANv6" indicating it has no address. The gateway doesn't come up either but that's obvious given the interface doesn't have an address. I attempt to change the gateway and it won't let me telling me the selected interface doesn't have an IPv6 address (basically confirming what I've observed myself).
In the past I was able to make a minor change such as changing the subnet from /64 to something else and then back to /64, save and apply and it would come online. This is not the case anymore. I have tried completely disabling the added interface and re-enabling with no luck. I've even tried the subnet adjustment trick on the GIF tunnel and it doesn't help. At this point about the only thing I haven't done is blow away all of the IPv6 config and start over.
Anyone else noticing this? What can I do to help test/fix this?
Joel
-
I assign it to an interface named "WANv6", tell it no IPv4 and Static IPv6.
This is wrong even with 2.1.x. Should be None for both.
-
When did this change? I've been using IPv6 since the days of having to gitsync in the special IPv6 changes from the CLI and even then you had to have an address on the interface. This has always been the case. Besides, if the interface has no address assigned, how can it have a gateway assigned? I see that doc says to use dynamic and my system does create a dynamic gateway but it too is offline.
See here: http://iserv.nl/files/pfsense/ipv6/ I know that's the old instructions but it proves that for 2.1.x, you DID have an address assigned there, so when did this change and why is it just NOW becoming a problem? Trust me, I've set up all of my IPv6 installations from 2.1.x and newer just like that and they're just now an issue apparently.
FWIW, I did what that doc suggests. I changed my WANv6 interface to "none" for both address families, removed my manually added IPV6 gateway and set the auto-created dynamic gateway as default. I still have no IPv6 connectivity and it actually made things worse for me. Browsing on my computer is dead slow (probably because it's trying IPv6 first and failing now, though I'm not sure why it wasn't doing this before). And test-ipv6.com gives me a 0/10 score with no IPv6 connectivity detected at all. I put everything back like I had it (with an address on WANv6 and a manually added gateway) and I'm still having browsing issues due to a broken IPv6 setup.
-
Reboot after making the dynamic GW default.
-
Well isn't that some crazy shit.
OK so I deleted everything IPv6 related (interfaces, GIF tunnel, all of it). I then re-added it all following the new docs leaving the interface fully unassigned and marked the gateway as default. I noticed this time it added two gateways, one is a "tunnel" gateway that wasn't present before. This one had IPv6 as it's family, the other (the one I saw before) had IPv4 as it's family. I didn't get anywhere until I saw your post about rebooting.
It still doesn't show the gateway in the list (monitoring shows "unknown" and no address displayed, unlike the docs which magically show the gateway present and monitored). I now can browse at normal speeds and I get 10/10 on the test. The test does show that my browser is preferring IPv4, possibly because of all the browsing I've been doing with a broken implementation. I assume testing in another browser or a reboot of the browser/computer will fix that.
It seems to be working now, though this apparently new method seems very strange to me and almost broken. As it stands now, I have basically an "empty" interface as it doesn't show an address or gateway. If it works it works, but this just doesn't feel right. Why did it change in the first place?
-
Why did it change in the first place?
Because it was broken in the first place? :D
https://redmine.pfsense.org/issues/3484