No IPV6 after reboot!!!

MikeV7896

Comcast IPv6 is in production nationwide, and has been since the summer. They are not just testing anymore.

Try doing a release/renew on the Comcast interface and see if that changes anything. I've found that tends to fix most cases where IPv6 has issues.

eri--

Can you please provide your system logs after applying this change!
I think this would solve your issue in this regard.

diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
index 45bd189..b2912b7 100644
--- a/etc/inc/interfaces.inc
+++ b/etc/inc/interfaces.inc
@@ -3142,7 +3142,7 @@ function interface_track6_configure($interface = "lan", $wancfg, $linkupevent =
                break;
        }

-       if (!platform_booting() && $linkupevent == false) {
+       if ($linkupevent == false) {
                if (!function_exists('services_dhcpd_configure'))
                        require_once("services.inc");

jcyr

Thanks ermal. I'll give it a try tonight.

FisherKing

@virgiliomi:

Comcast IPv6 is in production nationwide, and has been since the summer. They are not just testing anymore.

Try doing a release/renew on the Comcast interface and see if that changes anything. I've found that tends to fix most cases where IPv6 has issues.

Release / renew is not picking up an IPv6 lease.  I'll try the patch in reply #10.
https://forum.pfsense.org/index.php?topic=84741.msg465401#msg465401

jcyr

Ok, now works with dnsmasq.

Only works with unbound if Network Interfaces and Outgoing Network Interfaces are set to 'All'. If specific interfaces are selected the unbound only bind to IPV4 addresses of selected interfaces (as per generated unbound.conf)

Pull request #1358 fixes unbound problem

cmb

I saw this thread earlier and started digging, got sidetracked for a bit and didn't come back and look here until I'd already committed largely the same thing you sent as a pull request, Jean. Thanks though! I'm pretty sure that fixes the last remaining scenario where PD-assigned v6 IPs can be skipped.

edit: scratch that re: the CLA, I see you do have one, I missed it earlier.

If you can gitsync, or report back tomorrow once a new snapshot is out to confirm, it'd be appreciated.

Thanks!

FisherKing

Running 2.2-BETA (i386)
built on Wed Dec 03 13:29:19 CST 2014

I am now picking up an IPv6 lease.

jcyr

Nope… still does not work reliably. DNSV6 resolution after reboot only works half the time with unbound and specific interfaces selected.

dnsmasq works. unbound with all interfaces selected works.

I've pretty much given up on unbound working reliably in pfSense 2.2 with comcast IPV6!

jcyr

Ok, got to the bottom of this. In 2.2-BETA (i386) built on Wed Dec 03 13:29:19 CST 2014, selecting a link-local interface as unbound network interface causes an invalid access-control statement to be created since link-local addresses do not have a subnet. This causes unbound to fail at startup… resulting in no DNS support.

Fixed by pull request #1360

Everything seems to work now... (keeping fingers crossed)

cmb

Thanks for the help tracking that down.

I committed a change to switch unbound_configure and dhcpd_configure order in interfaces.inc, matching what you submitted. I don't see where it should make a difference either way, and I can't replicate what you're seeing there, but if you could provide feedback it'd be appreciated.

jcyr

You guys don't have a Comcast cablemodem link? Presently the largest deployed IPV6 supporting network… any problems there will affect many.

MikeV7896

I've rebooted my pfSense 2.2 box four times over the past two days - twice for snapshot updates. All times my Comcast IPv6 connection has come back online with no issues. I had issues in earlier builds where I would have to do a release/renew on my WAN interface to restore IPv6 connectivity, but that doesn't appear to be an issue for me anymore.

jcyr

The recent problems occurred only when using unbound with specific interfaces selected.

cmb

@jcyr:

You guys don't have a Comcast cablemodem link?

We're all fortunate enough to live somewhere where Comcast isn't the cable provider.

MikeV7896

@cmb:

@jcyr:

You guys don't have a Comcast cablemodem link?

We're all fortunate enough to live somewhere where Comcast isn't the cable provider.

Hahaha… I have another option (FiOS oddly enough) but their equipment in my MDU building is old enough that they can only provide me with 20-25Mbps down service via VDSL, while I can get 100Mbps down service from Comcast for about the same cost for internet only. That combined with IPv6 (which Verizon hasn't even started rolling out anywhere) is why I have picked Comcast over Verizon.

But I'm definitely not a developer here... just a user. :)

jcyr

@cmb:

@jcyr:

You guys don't have a Comcast cablemodem link?

We're all fortunate enough to live somewhere where Comcast isn't the cable provider.

Yeah, I read about the continuous drumbeat of Comcast grievances.

However, they've provided me with a rock-solid 55mbps link and early native IPV6 support. No V6 tunnels here… no complaints from me.

MikeV7896

Ok…

So I went into the unbound settings... changed interfaces to localhost, lan, lan ipv6 link-local... changed outgoing interfaces to wan and wan ipv6 link-local. Saved changes, applied settings... unbound doesn't restart, in the log is...

Dec 4 21:31:40	unbound: [89497:0] error: cannot parse netblock: '/'
Dec 4 21:31:40	unbound: [89497:0] error: cannot parse access control: / allow
Dec 4 21:31:40	unbound: [89497:0] fatal error: Could not setup access control list

This is the same issue that happened last time I reported it in the DNS Resolver thread. I don't obtain an IPv6 address on my WAN, just a prefix. But I need to keep WAN in the outgoing interfaces for IPv4.

But this isn't about unbound, this is about IPv6 not working after reboot. So I reboot the box…

On reboot, unbound doesn't restart. But IPv6 itself works fine. Below is a ping to the IP address of a VPS I have:

Pinging 2604:a880:800:xxx::xxxx with 32 bytes of data:
Reply from 2604:a880:800:xxx::xxxx: time=21ms
Reply from 2604:a880:800:xxx::xxxx: time=22ms
Reply from 2604:a880:800:xxx::xxxx: time=30ms
Reply from 2604:a880:800:xxx::xxxx: time=21ms

Of course I can't use a hostname since unbound isn't started, but pinging the IP address works just fine. After I change Unbound's interfaces and outgoing interfaces back to all, it starts up and works just fine. I'm sure it would work fine if I just set Outoing Interfaces back to all… but not a big deal to me.

edit: regarding the unbound bug I mentioned earlier... the issue reported before was that this same situation happened with "All" selected when not obtaining a WAN DHCPv6 address, just a prefix... so the same fix needs to be applied to WAN as well.

cmb

@virgiliomi:

Ok…

So I went into the unbound settings... changed interfaces to localhost, lan, lan ipv6 link-local... changed outgoing interfaces to wan and wan ipv6 link-local. Saved changes, applied settings... unbound doesn't restart, in the log is...

That should be fixed by: https://github.com/pfsense/pfsense/pull/1365

which won't show up in snapshots until after 2.2-RC goes out to the mirrors, likely Friday.

MikeV7896

Sure enough, selecting just WAN for outgoing interface and LAN + Localhost for interfaces works just fine.