PFSense Not Working with DHCPV6 or Stateless on tracking interface
-
You need to enter the address range, it's not telling what the range is, it's giving you you the limits of the range you can use.
-
@marjohn56:
Set the range to something like this:
::eeee:0000:0000:0001 to ::eeee:ffff:ffff:ffff
That's based on a /56 prefix.
It doesn't matter what size the prefix is (as long as it's at least a /64). The range is /64 from :: to ::ffff:ffff:ffff:ffff. The bits that fill in the difference between the prefix and /64 are prefix id, in the lan settings.
-
@marjohn56:
Set the range to something like this:
::eeee:0000:0000:0001 to ::eeee:ffff:ffff:ffff
That's based on a /56 prefix.
It doesn't matter what size the prefix is (as long as it's at least a /64). The range is /64 from :: to ::ffff:ffff:ffff:ffff. The bits that fill in the difference between the prefix and /64 are prefix id, in the lan settings.
What prefix ID in the LAN Settings, where's that then? It would be different if it was a /48 prefix, unless you wanted 65k+ subnets. :P
-
Well, it's up to 8 bits, not that anyone would ever have that many subnets. The rest would be for delegated prefixes. But the point that the dhcpv6 subnet range is 64 bits is the same, irrespective of whether your ISP gave you a /56 or some other size of prefix.
-
We're arguing semantics here, I say potato you say poTAto type thing, the ops issue was he had not entered anything.
-
Lets ignore dhcpv6 entirely for a moment.
I want to know:
why I can't get an ipv6 address from router advertisement on my box when I have tracking interface used, with unmanaged router advertisementwhile
I can get an ipv6 address from router advertisement on my box when I have when I have static interface set to the same IP that would be used by tracking interface, with unmanaged router advertisement turned on
-
This is what happens to my pfSense in this scenario with a nightly change of the WAN address: The LAN interface gets a global IPv6 address once directly after setting it to track the WAN interface but never again when the WAN interfaces's address changes. Looks like the tracking doesn't work. And then the router advertisements obviously cannot work either.
-
Lets ignore dhcpv6 entirely for a moment.
I want to know:
why I can't get an ipv6 address from router advertisement on my box when I have tracking interface used, with unmanaged router advertisementwhile
I can get an ipv6 address from router advertisement on my box when I have when I have static interface set to the same IP that would be used by tracking interface, with unmanaged router advertisement turned on
Don't know, but I set mine to assisted and have never had a problem. That way the client can decide what they want either way,
-
This is what happens to my pfSense in this scenario with a nightly change of the WAN address: The LAN interface gets a global IPv6 address once directly after setting it to track the WAN interface but never again when the WAN interfaces's address changes. Looks like the tracking doesn't work. And then the router advertisements obviously cannot work either.
Why would the wan interface address change?
dhcp6c should be sending renew signals. What is your dhcp log showing with respect to dhcp6c?
This is what mine looks like, OK my dhcp6c is modified to give more info and the interface.inc is different but the process of renew is pretty much the same except it says renew. In fact with the newer dhcp6c and interface.inc the call to rc.newwanipv6 does not get called on renew and my system runs solidly as do many others.
Can you give some more information rather than just saying it does not work. Do you need to set 'Do not wait for a RA' or not, what is the refresh time of your ISP? If you run dhcp6c in debug mode it will give you all the information you need to decide if the problem is there or not.
If the lease is not being renewed then you have a problem, but the first thing to do is to find out what the renew time should be and look at the logs around that time and see what's happening.
-
@marjohn56:
Why would the wan interface address change?
Comcast claims I have a static ipv6, but I've seen the network ID change.
Why they change me occassionally, I don't know.
It's really annoying.I don't want to risk a situation where the network ID changes, and then the ipv6 network goes down when I'm not there.
If I have a tracking interface, with working unmanaged RA, it'll be self healing.
With tracking interface:
If the network address changes, then the router advertisement changes, which then the local host ipv6 address changes.It's a safety net.
-
I've never known an ISP to change a static without advising the client first, it would cause absolute havoc.
It sounds like you have a 'Sticky' static address, which can be made even more sticky by fixing the DUID and IAID, as the IAID does is fixed with pfSense ( at present ) that will not change. I suggest you set your DUID to fix it at its current value. You can also turn on 'Do not send release' which will prevent dhcp6c from sending a release signal, some ISP's will give you a new address/prefix if they get a release signal. However as Comcast say you are on a static this should not happen either.
I have a sticky dhcp6 address, through experimentation it's been found that if both the above are carried out, fixing the DUID and never sending a release signal then the prefix never changes, the only side note would be if pfsense went offline for several days, in which case I 'might' get a new prefix.
-
Comcast claims I have a static ipv6, but I've seen the network ID change.
Google searches still show that Comcast does not support static ipv6 addressing. My ipv6 address changes every time they put in a new modem. My ipv4 address is unchanged across all the supplied modems.
Don't expect a static any time soon. The 'static' problem is supposed to be taken care of by DNS when the router and DNS providers get it all working. "Services, DHCPv6 Server & RA, LAN, DHCPv6 Server, Dynamic DNS Display" is the new static in it's early stages.
I don't want to risk a situation where the network ID changes, and then the ipv6 network goes down when I'm not there.
If I have a tracking interface, with working unmanaged RA, it'll be self healing.
No it won't. Try repowering the modem with a switch in between the router and the cable box so the router can't sense link down. The address won't change but connectivity will be lost.
NATv6 FTW until this problem is fixed.
-
You can also turn on 'Do not send release' which will prevent dhcp6c from sending a release signal, some ISP's will give you a new address/prefix if they get a release signal.
Where is that setting? I sometimes get a new prefix and in testing I could see pfSense send a DHCPv6 release after I disconnected and reconnected the WAN Ethernet cable. My DUID has not changed since last May. I'm on Rogers.
-
You can also turn on 'Do not send release' which will prevent dhcp6c from sending a release signal, some ISP's will give you a new address/prefix if they get a release signal.
Where is that setting? I sometimes get a new prefix and in testing I could see pfSense send a DHCPv6 release after I disconnected and reconnected the WAN Ethernet cable. My DUID has not changed since last May. I'm on Rogers.
Interfaces/WAN/DHCP6 Client Configuration - Do not allow PD/Address release.
DUID hold is in System/Advanced/Networking.
-
I don't see that, even under Advanced Configuration. I'm running pfSense 2.3.2_1.
-
DHCP6 Client Configuration, 2.4B ;)
"Do not allow PD/Address release"
"dhcp6c will send a release to the ISP on exit, some ISPs then release the allocated address or prefix. This option prevents that signal ever being sent" -
@hda:
DHCP6 Client Configuration, 2.4B ;)
"Do not allow PD/Address release"
"dhcp6c will send a release to the ISP on exit, some ISPs then release the allocated address or prefix. This option prevents that signal ever being sent"Did I fail to mention that… Beg pardon 8)
-
DHCP6 Client Configuration, 2.4B
There's a version 2.4B???
I'm supposedly at the latest and I don't see that setting anywhere.
-
DUID hold is in System/Advanced/Networking.
I don't see that one either. My version of pfSense must have come from a parallel universe or something, as it doesn't appear to have either of those settings.
-
It's a setting in the pfSense 2.4 beta.
