Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No IPV6 after reboot!!!

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    28 Posts 6 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jcyr
      last edited by

      Ok, got to the bottom of this. In 2.2-BETA (i386) built on Wed Dec 03 13:29:19 CST 2014, selecting a link-local interface as unbound network interface causes an invalid access-control statement to be created since link-local addresses do not have a subnet. This causes unbound to fail at startup… resulting in no DNS support.

      Fixed by pull request #1360

      Everything seems to work now... (keeping fingers crossed)

      IPV6 Test: http://ipv6-test.com

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Thanks for the help tracking that down.

        I committed a change to switch unbound_configure and dhcpd_configure order in interfaces.inc, matching what you submitted. I don't see where it should make a difference either way, and I can't replicate what you're seeing there, but if you could provide feedback it'd be appreciated.

        1 Reply Last reply Reply Quote 0
        • J
          jcyr
          last edited by

          You guys don't have a Comcast cablemodem link? Presently the largest deployed IPV6 supporting network… any problems there will affect many.

          IPV6 Test: http://ipv6-test.com

          1 Reply Last reply Reply Quote 0
          • MikeV7896M
            MikeV7896
            last edited by

            I've rebooted my pfSense 2.2 box four times over the past two days - twice for snapshot updates. All times my Comcast IPv6 connection has come back online with no issues. I had issues in earlier builds where I would have to do a release/renew on my WAN interface to restore IPv6 connectivity, but that doesn't appear to be an issue for me anymore.

            The S in IOT stands for Security

            1 Reply Last reply Reply Quote 0
            • J
              jcyr
              last edited by

              The recent problems occurred only when using unbound with specific interfaces selected.

              IPV6 Test: http://ipv6-test.com

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                @jcyr:

                You guys don't have a Comcast cablemodem link?

                We're all fortunate enough to live somewhere where Comcast isn't the cable provider.

                1 Reply Last reply Reply Quote 0
                • MikeV7896M
                  MikeV7896
                  last edited by

                  @cmb:

                  @jcyr:

                  You guys don't have a Comcast cablemodem link?

                  We're all fortunate enough to live somewhere where Comcast isn't the cable provider.

                  Hahaha… I have another option (FiOS oddly enough) but their equipment in my MDU building is old enough that they can only provide me with 20-25Mbps down service via VDSL, while I can get 100Mbps down service from Comcast for about the same cost for internet only. That combined with IPv6 (which Verizon hasn't even started rolling out anywhere) is why I have picked Comcast over Verizon.

                  But I'm definitely not a developer here... just a user. :)

                  The S in IOT stands for Security

                  1 Reply Last reply Reply Quote 0
                  • J
                    jcyr
                    last edited by

                    @cmb:

                    @jcyr:

                    You guys don't have a Comcast cablemodem link?

                    We're all fortunate enough to live somewhere where Comcast isn't the cable provider.

                    Yeah, I read about the continuous drumbeat of Comcast grievances.

                    However, they've provided me with a rock-solid 55mbps link and early native IPV6 support. No V6 tunnels here… no complaints from me.

                    IPV6 Test: http://ipv6-test.com

                    1 Reply Last reply Reply Quote 0
                    • MikeV7896M
                      MikeV7896
                      last edited by

                      Ok…

                      So I went into the unbound settings... changed interfaces to localhost, lan, lan ipv6 link-local... changed outgoing interfaces to wan and wan ipv6 link-local. Saved changes, applied settings... unbound doesn't restart, in the log is...

                      Dec 4 21:31:40	unbound: [89497:0] error: cannot parse netblock: '/'
                      Dec 4 21:31:40	unbound: [89497:0] error: cannot parse access control: / allow
                      Dec 4 21:31:40	unbound: [89497:0] fatal error: Could not setup access control list
                      

                      This is the same issue that happened last time I reported it in the DNS Resolver thread. I don't obtain an IPv6 address on my WAN, just a prefix. But I need to keep WAN in the outgoing interfaces for IPv4.

                      But this isn't about unbound, this is about IPv6 not working after reboot. So I reboot the box…

                      On reboot, unbound doesn't restart. But IPv6 itself works fine. Below is a ping to the IP address of a VPS I have:

                      Pinging 2604:a880:800:xxx::xxxx with 32 bytes of data:
                      Reply from 2604:a880:800:xxx::xxxx: time=21ms
                      Reply from 2604:a880:800:xxx::xxxx: time=22ms
                      Reply from 2604:a880:800:xxx::xxxx: time=30ms
                      Reply from 2604:a880:800:xxx::xxxx: time=21ms
                      

                      Of course I can't use a hostname since unbound isn't started, but pinging the IP address works just fine. After I change Unbound's interfaces and outgoing interfaces back to all, it starts up and works just fine. I'm sure it would work fine if I just set Outoing Interfaces back to all… but not a big deal to me.

                      edit: regarding the unbound bug I mentioned earlier... the issue reported before was that this same situation happened with "All" selected when not obtaining a WAN DHCPv6 address, just a prefix... so the same fix needs to be applied to WAN as well.

                      The S in IOT stands for Security

                      1 Reply Last reply Reply Quote 0
                      • C
                        cmb
                        last edited by

                        @virgiliomi:

                        Ok…

                        So I went into the unbound settings... changed interfaces to localhost, lan, lan ipv6 link-local... changed outgoing interfaces to wan and wan ipv6 link-local. Saved changes, applied settings... unbound doesn't restart, in the log is...

                        That should be fixed by: https://github.com/pfsense/pfsense/pull/1365

                        which won't show up in snapshots until after 2.2-RC goes out to the mirrors, likely Friday.

                        1 Reply Last reply Reply Quote 0
                        • MikeV7896M
                          MikeV7896
                          last edited by

                          Sure enough, selecting just WAN for outgoing interface and LAN + Localhost for interfaces works just fine.

                          The S in IOT stands for Security

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.