Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help enabling IPv6 w/Android Devices on 2.3.2

    Scheduled Pinned Locked Moved IPv6
    19 Posts 6 Posters 6.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JKnottJ Offline
      JKnott
      last edited by

      Perhaps there's an issue with Samsung devices, rather than Android in general.  I have a Google Nexus 7 tablet, Nexus 5 phone and iPhone 6.  All work fine, as do my computers.  Perhaps you can have someone with another Android device, other than Samsung, try your network.

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      1 Reply Last reply Reply Quote 0
      • JKnottJ Offline
        JKnott
        last edited by

        If you Google on Samsung phone IPv6, you'll find hits about problems with Samsung phones.  Here are a couple:
        http://forums.androidcentral.com/samsung-galaxy-s7-edge/658317-shouldn-t-just-work-ipv6.html
        http://www.gossamer-threads.com/lists/nsp/ipv6/54641

        So, it appears it may be a Samsung issue.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • C Offline
          cmbroth
          last edited by

          I am having issues with IPv6 and Android as well.  On my network, we have a Nexus 5, a Nexus 5X and a Nexus 7.  All of them work except for my Nexus 5.  For some reason, my Nexus 5 cannot connect to my pfSense box using the global address.  It can connect using the local-link just fine.  Unfortunately, the phone puts the global address as the primary DNS on the phone.  So I have to wait for a timeout before the phone will try the dns query on the router's IPv4 address.

          I figured that this was an Android issue (perhaps even phone model specific), but it looks like JKnott has a Nexus 5 working.  My pfSense box is set to assisted and the phone is getting a IPv6 address and putting the router IPv6 address in the DNS list.  Any advice on debugging this would be helpful.

          Chris.

          1 Reply Last reply Reply Quote 0
          • JKnottJ Offline
            JKnott
            last edited by

            What is that "assisted" you're referring to?  I don't have any special configuration.  It just worked.

            BTW, this is one example of why it would be nice to be able to run Wireshark on pfSense.  It's hard to fix a problem, if you can't see what's happening.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • C Offline
              cmbroth
              last edited by

              Under the router mode set to "Assisted" under Services > DHCPv6 Server & RA > LAN > Router Advertisements

              You can run "Packet Capture" under Diagnostics and then download the file for under analysis in wireshark.  Unfortunately, I don't know enough to know what I am looking for in the packet capture.

              Chris.

              1 Reply Last reply Reply Quote 0
              • JKnottJ Offline
                JKnott
                last edited by

                ^^^^
                Do you have DHCPv6 enabled?  With SLAAC, it's normally used just for handing out servers addresses for DNS etc.  What happens if you set "router only"?  DNS will still work through IPv4.

                I know there is packet capture available.  However, with Wireshark, you can watch in real time and then click on a frame to see all the details.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                1 Reply Last reply Reply Quote 0
                • C Offline
                  cmbroth
                  last edited by

                  I do have dhcpdv6 enabled.

                  If I set the router advertisement daemon to "router only", will my local network even be using IPv6 if I don't give all of my systems static IPv6 addresses?

                  1 Reply Last reply Reply Quote 0
                  • JKnottJ Offline
                    JKnott
                    last edited by

                    Unlike IPv4, DHCPv6 is not needed to hand out IP addresses.  That's normally done with SLAAC and Router Advertisements (RA).  A host can also request an prefix with Router Solicitations (RS).  In this situation, DHCPv6 is only used to point to servers, such as DNS, WINS, NTP etc.  Since your devices already have DNS via IPv4, they will work fine, as it can deliver both A & AAAA records for IPv4 and IPv6 addresses.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    1 Reply Last reply Reply Quote 0
                    • C Offline
                      cmbroth
                      last edited by

                      As I understand it, if you only want SLAAC, the router advertisement needs to be set to "unmanaged" and not "router only".

                      https://doc.pfsense.org/index.php/Router_Advertisements

                      Chris.

                      1 Reply Last reply Reply Quote 0
                      • JKnottJ Offline
                        JKnott
                        last edited by

                        Give unmanaged a try and see what happens.

                        PfSense running on Qotom mini PC
                        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                        UniFi AC-Lite access point

                        I haven't lost my mind. It's around here...somewhere...

                        1 Reply Last reply Reply Quote 0
                        • I Offline
                          inferno480
                          last edited by

                          Unamanged made no difference to me, the Android phone would always report a link-local address only (maybe that's what happens if you're only using SLAAC, not sure?), but I was still getting the DNS timeouts.  Maybe it's possible to get the DNS server to listen on the link-local address?  Not sure that's ideal though.

                          The thing I struggle with is… this can't be a "me only" thing and this almost has to be something related to my setup/configuration, or else a LOT more people would be complaining.  Like I said, there are people posting that Unamanged or Assisted resolves the issue for them but it seems to make no difference to me.  I have the capability of running a Wireshark capture using port mirroring on the switch my LAN port is connected to, if it would be helpful.

                          I did have a couple questions about the General Setup DNS server screen, however...

                          Should I always populate that with two IPv4 and two IPv6 DNS servers?  Should I put IPv4 before IPv6?  What gateways should I select?  The webGUI mentions selecting a unique gateway per server, but I am using gateway groups / multi-wan, so I wasn't sure.  I even tried specifying "none" for all four but it had no real impact either way.

                          1 Reply Last reply Reply Quote 0
                          • JKnottJ Offline
                            JKnott
                            last edited by

                            The phone should have both a link local and global unicast address.  If it has only a link local address, then you won't be able to go beyond your local network.  Your phone should be responding to the router advertisements by creating an address from the advertised prefix and the MAC address or a random number.  For whatever reason, it's not doing that.  One work around for those Samsung phones is to get a WiFi router, with the WAN side connected to the local LAN and use it's WiFi only for those phones.  That way you'll only get an IPv4 connection.  It's not ideal, but it may be a way to get the phones working.

                            PfSense running on Qotom mini PC
                            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                            UniFi AC-Lite access point

                            I haven't lost my mind. It's around here...somewhere...

                            1 Reply Last reply Reply Quote 0
                            • P Offline
                              Paint
                              last edited by

                              I am having the same problem with my Samsung Note 4 (developer edition).

                              I had to download a program to disable ipv6 support on my device - now I no longer have the DNS issues with ipv6 and I can keep my RA Announcement configuration to Assisted. I realize that disabling IPv6 on my device is just a patch and not a fix to this problem. Good luck!

                              pfSense i5-4590
                              940/880 mbit Fiber Internet from FiOS
                              BROCADE ICX6450 48Port L3-Managed Switch w/4x 10GB ports
                              Netgear R8000 AP (DD-WRT)

                              1 Reply Last reply Reply Quote 0
                              • C Offline
                                cmbroth
                                last edited by

                                @Paint:

                                I had to download a program to disable ipv6 support on my device - now I no longer have the DNS issues with ipv6 and I can keep my RA Announcement configuration to Assisted. I realize that disabling IPv6 on my device is just a patch and not a fix to this problem. Good luck!

                                I have thought about that as well, but I haven't wanted to go through rooting my phone.

                                Chris.

                                1 Reply Last reply Reply Quote 0
                                • C Offline
                                  cmbroth
                                  last edited by

                                  Is there any reason that I cannot change my RDNSS entry so that it uses the router's local IPv6 address instead of the global one?  The RFC says that using the local-link is ok, but I wasn't sure if there are any unintended consequences.

                                  Thanks,
                                  Chris.

                                  1 Reply Last reply Reply Quote 0
                                  • B Offline
                                    bimmerdriver
                                    last edited by

                                    For what it's worth, my GS7 is getting ipv4 and ipv6 addresses (two global and one link-local) from my pfsense router. I ran test-ipv6.com and ipv6-test.com and both were fine. The only issues were that former noted a tunnel is being used for ipv6 and the latter noted there is no ipv6 hostname. Speedtest and ping test both work fine.

                                    I'm using assisted mode.

                                    1 Reply Last reply Reply Quote 0
                                    • K Offline
                                      kpa
                                      last edited by

                                      @cmbroth:

                                      Is there any reason that I cannot change my RDNSS entry so that it uses the router's local IPv6 address instead of the global one?  The RFC says that using the local-link is ok, but I wasn't sure if there are any unintended consequences.

                                      Thanks,
                                      Chris.

                                      I'm guessing that the global address is used because a downstream IPv6 router could pick the RDNSS entry up and re-use it for its own LAN, this won't work if the address is a link-local address because the address wouldn't be reachable outside the original LAN.

                                      1 Reply Last reply Reply Quote 0
                                      • C Offline
                                        cmbroth
                                        last edited by

                                        I'm guessing that the global address is used because a downstream IPv6 router could pick the RDNSS entry up and re-use it for its own LAN, this won't work if the address is a link-local address because the address wouldn't be reachable outside the original LAN.

                                        In my case, I don't have any routers downstream.

                                        Thanks,
                                        Chris.

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.