PFSense Not Working with DHCPV6 or Stateless on tracking interface
-
I've never known an ISP to change a static without advising the client first, it would cause absolute havoc.
It sounds like you have a 'Sticky' static address, which can be made even more sticky by fixing the DUID and IAID, as the IAID does is fixed with pfSense ( at present ) that will not change. I suggest you set your DUID to fix it at its current value. You can also turn on 'Do not send release' which will prevent dhcp6c from sending a release signal, some ISP's will give you a new address/prefix if they get a release signal. However as Comcast say you are on a static this should not happen either.
I have a sticky dhcp6 address, through experimentation it's been found that if both the above are carried out, fixing the DUID and never sending a release signal then the prefix never changes, the only side note would be if pfsense went offline for several days, in which case I 'might' get a new prefix.
-
Comcast claims I have a static ipv6, but I've seen the network ID change.
Google searches still show that Comcast does not support static ipv6 addressing. My ipv6 address changes every time they put in a new modem. My ipv4 address is unchanged across all the supplied modems.
Don't expect a static any time soon. The 'static' problem is supposed to be taken care of by DNS when the router and DNS providers get it all working. "Services, DHCPv6 Server & RA, LAN, DHCPv6 Server, Dynamic DNS Display" is the new static in it's early stages.
I don't want to risk a situation where the network ID changes, and then the ipv6 network goes down when I'm not there.
If I have a tracking interface, with working unmanaged RA, it'll be self healing.
No it won't. Try repowering the modem with a switch in between the router and the cable box so the router can't sense link down. The address won't change but connectivity will be lost.
NATv6 FTW until this problem is fixed.
-
You can also turn on 'Do not send release' which will prevent dhcp6c from sending a release signal, some ISP's will give you a new address/prefix if they get a release signal.
Where is that setting? I sometimes get a new prefix and in testing I could see pfSense send a DHCPv6 release after I disconnected and reconnected the WAN Ethernet cable. My DUID has not changed since last May. I'm on Rogers.
-
You can also turn on 'Do not send release' which will prevent dhcp6c from sending a release signal, some ISP's will give you a new address/prefix if they get a release signal.
Where is that setting? I sometimes get a new prefix and in testing I could see pfSense send a DHCPv6 release after I disconnected and reconnected the WAN Ethernet cable. My DUID has not changed since last May. I'm on Rogers.
Interfaces/WAN/DHCP6 Client Configuration - Do not allow PD/Address release.
DUID hold is in System/Advanced/Networking.
-
I don't see that, even under Advanced Configuration. I'm running pfSense 2.3.2_1.
-
DHCP6 Client Configuration, 2.4B ;)
"Do not allow PD/Address release"
"dhcp6c will send a release to the ISP on exit, some ISPs then release the allocated address or prefix. This option prevents that signal ever being sent" -
@hda:
DHCP6 Client Configuration, 2.4B ;)
"Do not allow PD/Address release"
"dhcp6c will send a release to the ISP on exit, some ISPs then release the allocated address or prefix. This option prevents that signal ever being sent"Did I fail to mention that… Beg pardon 8)
-
DHCP6 Client Configuration, 2.4B
There's a version 2.4B???
I'm supposedly at the latest and I don't see that setting anywhere.
-
DUID hold is in System/Advanced/Networking.
I don't see that one either. My version of pfSense must have come from a parallel universe or something, as it doesn't appear to have either of those settings.
-
It's a setting in the pfSense 2.4 beta.
-
I'll have to watch for that new version. Any idea when it will be available?
-
I'll have to watch for that new version. Any idea when it will be available?
For several months now… Its in beta but its very stable. Either install from clean, my preference, or you can select 2.4 as you should find it in update/update settings.
-
You can also turn on 'Do not send release' which will prevent dhcp6c from sending a release signal, some ISP's will give you a new address/prefix if they get a release signal.
I've found that in v2.3.3 and have set it. Hopefully it works, so my prefix won't change simply because I unplugged my Ethernet cable.
Incidentally, why did pfSense send a DHCPv6 release when the computers was merely disconnected from the modem & reconnected? I could see that happening when I monitored the connection with Wireshark. A release is something that should be specifically requested and not occur for something as trivial as a disconnect/reconnect.
-
You can also turn on 'Do not send release' which will prevent dhcp6c from sending a release signal, some ISP's will give you a new address/prefix if they get a release signal.
I've found that in v2.3.3 and have set it. Hopefully it works, so my prefix won't change simply because I unplugged my Ethernet cable.
Incidentally, why did pfSense send a DHCPv6 release when the computers was merely disconnected from the modem & reconnected? I could see that happening when I monitored the connection with Wireshark. A release is something that should be specifically requested and not occur for something as trivial as a disconnect/reconnect.
Because dhcp6c exits and on exit it sends a release, hence the addition of the no-release flag and an updated dhcp6c client.
-
The question is why it sends the release by default. With IPv4 DHCP, a device normally requests the same address on re-connection and gets it if available. You have to specifically request a release. Why shouldn't it be the same with IPv6?
-
The question is why it sends the release by default. With IPv4 DHCP, a device normally requests the same address on re-connection and gets it if available. You have to specifically request a release. Why shouldn't it be the same with IPv6?
Because it's a totally different client and bears little resemblance to its v4 counterpart.
-
DHCPv6 has something called "DUID" the purpose of which is to identify the client so it get the same prefix. Having the default release means that no longer works. With IPv4, a changed address could affect a single device, but on IPv6 at least a /64, but often more, affecting potentially gazillions of addresses. When the prefix changed, I had to go and update all the DNS entries for devices on my network, even if I did nothing more than connect in a managed switch, so that I could monitor the traffic with Wireshark. I don't think the release should be happening, unless specifically requested, as happens with IPv4.
-
That's why it's been modified along with the DUID stored in the config.
-
I've found that in v2.3.3 and have set it. Hopefully it works, so my prefix won't change simply because I unplugged my Ethernet cable.
It appears to work. I have disconnected/reconnected the WAN cable several times since yesterday. My prefix stays the same and I'm not seeing any DHCPv6 release.
-
I've found that in v2.3.3 and have set it. Hopefully it works, so my prefix won't change simply because I unplugged my Ethernet cable.
It appears to work. I have disconnected/reconnected the WAN cable several times since yesterday. My prefix stays the same and I'm not seeing any DHCPv6 release.
:) That's OK then.
I began the work on dhcp6c almost a year ago when my ISP rolled out IPv6. There were quite a few issues to deal with, dhcp6 before RA being the first. Then there was loss of PD when ever the connection dropped, partially corrected by the no-release flag but if you ran a RAM drive then the DUID would change, this could be avoided by using an early shell command to copy the DUID from the drive to the RAM at boot, but it was still not held in the config; this was done a couple of months back. We are now awaiting a further PR to be accepted upstream which adds a few other features missing from dhcp6c. I and my testers are running it and we now have VERY quiet logs.
