No IPV6 after reboot!!!
-
LAN side IPV6 is broken on my setup after reboot of latest build (the following scenario is completely reproducible)
2.2-BETA (i386)
built on Sat Nov 29 02:37:09 CST 2014After reboot, pfSense ifconfig shows:
em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=4219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwtso>ether 00:50:c2:23:57:1e
inet6 fe80::250:c2ff:fe23:571e%em0 prefixlen 64 scopeid 0x1
inet 24.98.144.135 netmask 0xfffffc00 broadcast 255.255.255.255
inet 192.168.100.2 netmask 0xffffff00 broadcast 192.168.100.255
inet6 xxxx:xxxx:xxxx:xxxx:4585:53ba:4a7f:ecbb prefixlen 128
nd6 options=23 <performnud,accept_rtadv,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=5219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso>ether 00:50:c2:23:57:1f
inet6 fe80::250:c2ff:fe23:571f%em1 prefixlen 64 scopeid 0x2
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
pflog0: flags=100 <promisc>metric 0 mtu 33172
pfsync0: flags=0<> metric 0 mtu 1500
syncpeer: 224.0.0.240 maxupd: 128 defer: on
syncok: 1
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536
nd6 options=21 <performnud,auto_linklocal>em1_vlan20: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=103 <rxcsum,txcsum,tso4>ether 00:50:c2:23:57:1f
inet 192.168.4.1 netmask 0xfffffc00 broadcast 192.168.7.255
inet6 yyyy:yyyy:yyyy:yyy4:250:c2ff:fe23:571f prefixlen 64
inet6 fe80::1:1%em1_vlan20 prefixlen 64 scopeid 0x7
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 20 vlanpcp: 0 parent interface: em1
em1_vlan10: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=103 <rxcsum,txcsum,tso4>ether 00:50:c2:23:57:1f
inet 192.168.0.1 netmask 0xfffffc00 broadcast 192.168.3.255
inet6 yyyy:yyyy:yyyy:yyy0:250:c2ff:fe23:571f prefixlen 64
inet6 fe80::1:1%em1_vlan10 prefixlen 64 scopeid 0x8
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 10 vlanpcp: 0 parent interface: em1All seems normal there, with IPV6 properly shown for interfaces. However LAN side clients do not get IPV6 addresses upon connection:
Wireless LAN adapter Wireless Network Connection 6:
Connection-specific DNS Suffix . : sharon.lan
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 7260
Physical Address. . . . . . . . . : FC-F8-AE-F7-DE-E2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d428:3e84:20df:f401%33(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.32(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Saturday, November 29, 2014 9:30:03 AM
Lease Expires . . . . . . . . . . : Saturday, November 29, 2014 10:00:03 AM
Default Gateway . . . . . . . . . : fe80::1:1%33
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 603781294
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-69-6E-01-C8-0A-A9-E5-BE-FFDNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : EnabledOnly link-local, no preferred IPV6 address!
Then we manually restart radvd and reconnect the client. Now we get an IPV6 address, but still no DNS server IPV6 address!!!
Wireless LAN adapter Wireless Network Connection 6:
Connection-specific DNS Suffix . : sharon.lan
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 7260
Physical Address. . . . . . . . . : FC-F8-AE-F7-DE-E2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : yyyy:yyyy:yyyy:yyy0:d428:3e84:20df:f401(Prefe
rred)
Temporary IPv6 Address. . . . . . : yyyy:yyyy:yyyy:yyy0:4d88:58a5:8dc1:e37b(Prefe
rred)
Link-local IPv6 Address . . . . . : fe80::d428:3e84:20df:f401%33(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.32(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Saturday, November 29, 2014 9:35:32 AM
Lease Expires . . . . . . . . . . : Saturday, November 29, 2014 10:05:31 AM
Default Gateway . . . . . . . . . : fe80::1:1%33
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 603781294
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-69-6E-01-C8-0A-A9-E5-BE-FFDNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : EnabledSo now we manually restart unbound and reconnect the client:
Wireless LAN adapter Wireless Network Connection 6:
Connection-specific DNS Suffix . : sharon.lan
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 7260
Physical Address. . . . . . . . . : FC-F8-AE-F7-DE-E2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : yyyy:yyyy:yyyy:yyy0::2000(Preferred)
Lease Obtained. . . . . . . . . . : Saturday, November 29, 2014 9:38:39 AM
Lease Expires . . . . . . . . . . : Saturday, November 29, 2014 11:38:39 AM
IPv6 Address. . . . . . . . . . . : yyyy:yyyy:yyyy:yyy0:d428:3e84:20df:f401(Prefe
rred)
Temporary IPv6 Address. . . . . . : yyyy:yyyy:yyyy:yyy0:4089:6e10:b45c:4b65(Prefe
rred)
Link-local IPv6 Address . . . . . : fe80::d428:3e84:20df:f401%33(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.32(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Saturday, November 29, 2014 9:38:38 AM
Lease Expires . . . . . . . . . . : Saturday, November 29, 2014 10:08:38 AM
Default Gateway . . . . . . . . . : fe80::1:1%33
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 603781294
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-69-6E-01-C8-0A-A9-E5-BE-FFDNS Servers . . . . . . . . . . . : yyyy:yyyy:yyyy:yyy0:250:c2ff:fe23:571f
192.168.0.1
NetBIOS over Tcpip. . . . . . . . : EnabledNow all is well!!! Manual intervention after reboot to get V6 working doesn't strike me as design intent, so what is the problem?</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,tso4></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,tso4></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwtso></up,broadcast,running,simplex,multicast>
-
There was a problem with the parentheses missing around an "if" block in /etc/inc/unbound.inc in that build. That could certainly have caused some issues with unbound IPv6 configuration.
It would be worth first applying the little fix here:
https://github.com/pfsense/pfsense/commit/8c2a5a738b2105eba3971baf888fd5a1d8f92960I don't think it will be far-reaching enough to fix all that you report, but who knows?
Certainly worth fixing the known bug and re-trying a boot. -
That Unbound issue shouldn't have any relation, at least it wouldn't with whether or not radvd or DHCPv6 is working. Still a good idea to patch (and thanks Phil for getting that fix in).
There isn't anything to go on there. What is your config like? Is radvd and/or DHCPv6 running after boot? What does a packet capture filtered on v6 on LAN show?
-
The config is attached (rename .txt to .xml).
Yes, radvd and unbound are running after boot. Don't seem to be doing much good till restarted though!
DHCPv6 is only useful for interfaces with static IPs, so not running here.
How do I take a boot time packet capture? What else?
I've gone back to Nov. 26 th build, which works fine with dnsmasq, but not with unbound.
-
Ok, went back to latest build, rebooted (both radvd and unbound are running after boot), and took IPV6 capture of LAN interface during client connect. Nothing but link local stuff there!!!
-
Can you provide more details on your config and you radvd.conf?
-
I've already provided the config file. What other configuration details could I provide?
I'm basically running a standard Comcast Cablemodem WAN side interface, and a single LAN side interface carrying 2 VLANs to a managed switch.
Like I've said before, the Nov 26th build works fine when dnsmasq configured. Any build after that has failed whether dnsmasq is provisioned or unbound.
Here's what radvd.conf looks like after reboot with today's build… clearly misconfigured!!! It's almost as if the radvd.conf was generated before Comcast has advertized its IPV6 options (which can take 5 to 6 seconds longer that IPV4).
Automatically Generated, do not edit
Generated config for dhcp6 delegation from wan on opt1
interface em1_vlan20 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1500;
AdvOtherConfigFlag on;
prefix ::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
DNSSL sharon.lan { };
};Generated config for dhcp6 delegation from wan on opt2
interface em1_vlan10 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1500;
AdvOtherConfigFlag on;
prefix ::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
DNSSL sharon.lan { };
};This is what it looks like after reboot using Nov. 26th build... Better, other than the inconsistencies between vlan10 and vlan20 configurations. At least this works!
Automatically Generated, do not edit
Generated for DHCPv6 Server opt2
interface em1_vlan10 {
AdvSendAdvert on;
MinRtrAdvInterval 5;
MaxRtrAdvInterval 20;
AdvLinkMTU 1500;
AdvDefaultPreference medium;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix xxxxxxxx:xx0::/64 {
DeprecatePrefix on;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
route ::/0 {
RemoveRoute on;
};
RDNSS fdd4:462a:d7f5:d223::1 { };
DNSSL sharon.lan { };
};Generated config for dhcp6 delegation from wan on opt1
interface em1_vlan20 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1500;
AdvOtherConfigFlag on;
prefix xxxxxxxx:xx4::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
RDNSS xxxxxxxx:xx4:250:c2ff:fe23:571f { };
DNSSL sharon.lan { };
}; -
Still broken in:
2.2-BETA (i386)
built on Mon Dec 01 14:00:10 CST 2014Same symptoms.
-
Just updated to:
2.2-BETA (i386)
built on Mon Dec 01 23:39:36 CST 2014After reboot, I am no longer getting a IPv6 lease on my Comcast link where previously I was.
I am running a dual WAN, and the other WAN provider does not currently provide IPv6. Comcast has been providing IPv6, but I have not yet confirmed with them if IPv6 is in production or just testing.In any event, it was there before the update, and now it's gone. I'll see about confirming IPv6 availability with them tomorrow.
-
Comcast IPv6 is in production nationwide, and has been since the summer. They are not just testing anymore.
Try doing a release/renew on the Comcast interface and see if that changes anything. I've found that tends to fix most cases where IPv6 has issues.
-
Can you please provide your system logs after applying this change!
I think this would solve your issue in this regard.diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 45bd189..b2912b7 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -3142,7 +3142,7 @@ function interface_track6_configure($interface = "lan", $wancfg, $linkupevent = break; } - if (!platform_booting() && $linkupevent == false) { + if ($linkupevent == false) { if (!function_exists('services_dhcpd_configure')) require_once("services.inc");
-
Thanks ermal. I'll give it a try tonight.
-
@virgiliomi:
Comcast IPv6 is in production nationwide, and has been since the summer. They are not just testing anymore.
Try doing a release/renew on the Comcast interface and see if that changes anything. I've found that tends to fix most cases where IPv6 has issues.
Release / renew is not picking up an IPv6 lease. I'll try the patch in reply #10.
https://forum.pfsense.org/index.php?topic=84741.msg465401#msg465401 -
Ok, now works with dnsmasq.
Only works with unbound if Network Interfaces and Outgoing Network Interfaces are set to 'All'. If specific interfaces are selected the unbound only bind to IPV4 addresses of selected interfaces (as per generated unbound.conf)
Pull request #1358 fixes unbound problem
-
I saw this thread earlier and started digging, got sidetracked for a bit and didn't come back and look here until I'd already committed largely the same thing you sent as a pull request, Jean. Thanks though! I'm pretty sure that fixes the last remaining scenario where PD-assigned v6 IPs can be skipped.
edit: scratch that re: the CLA, I see you do have one, I missed it earlier.
If you can gitsync, or report back tomorrow once a new snapshot is out to confirm, it'd be appreciated.
Thanks!
-
Running 2.2-BETA (i386)
built on Wed Dec 03 13:29:19 CST 2014I am now picking up an IPv6 lease.
-
Nope… still does not work reliably. DNSV6 resolution after reboot only works half the time with unbound and specific interfaces selected.
dnsmasq works. unbound with all interfaces selected works.
I've pretty much given up on unbound working reliably in pfSense 2.2 with comcast IPV6!
-
Ok, got to the bottom of this. In 2.2-BETA (i386) built on Wed Dec 03 13:29:19 CST 2014, selecting a link-local interface as unbound network interface causes an invalid access-control statement to be created since link-local addresses do not have a subnet. This causes unbound to fail at startup… resulting in no DNS support.
Fixed by pull request #1360
Everything seems to work now... (keeping fingers crossed)
-
Thanks for the help tracking that down.
I committed a change to switch unbound_configure and dhcpd_configure order in interfaces.inc, matching what you submitted. I don't see where it should make a difference either way, and I can't replicate what you're seeing there, but if you could provide feedback it'd be appreciated.
-
You guys don't have a Comcast cablemodem link? Presently the largest deployed IPV6 supporting network… any problems there will affect many.