Odd IPv6 Issue
-
I have Time Warner (now Spectrum). The WAN interface has the DHCP6 option set for IPv6 Config Type and I have it set to request a /56 delegation size. The WAN interface is assigned 2606:yyyy:xxxx
xxxx:xxxx:xxx:xxxx from TW.I have four different VLANs which I've set the IPv6 config type to track the WAN interface. Each of the four VLANs has a different prefix ID (0-3) and obtain a different IPv6 /64 range starting with 2606:yyyy. I have the RA daemon for each VLAN set to advertise as Unmanaged with the router priority set as high.
Now here's the odd part. IPv6 only works for a short time on each of the clients PCs when running an "ipconfig /renew6" as seen in this short video:
Windows Firewall is off for testing purposes in the above video.
Now similarly, upon disconnecting an Android phone from the wireless and reconnecting it, the IPv6 works for a short time before reverting back to IPv4.
I can't for the life of me figure out what would be causing this behavior! Thank you for your help.
-
Does pfSense maintain an IPv6 address?
BTW, why don't people ever have even issues? ;)
-
It does maintain an IP and can ping ipv6.google.com
-
Might be a good idea to sniff with wireshark and have look at what messages you see from your router (router advertisements or answers to router discoveries). You might want to filter for ICMP6 packages.
Did you set the router lifetime in the RA settings on the firewall? -
@pmisch:
Might be a good idea to sniff with wireshark and have look at what messages you see from your router (router advertisements or answers to router discoveries). You might want to filter for ICMP6 packages.
Did you set the router lifetime in the RA settings on the firewall?I changed the router lifetime to 1800 and still no change. I ran Wireshark and didn't see anything abnormal with the RA messages. Although I am new at reading these. Maybe you could have a look:
RA
Frame 118915: 246 bytes on wire (1968 bits), 246 bytes captured (1968 bits) on interface 0 Ethernet II, Src: AdiEngin_xx:xx:xx (xx:xx:xx:xx:xx:xx), Dst: AsustekC_39:04:98 (xx:xx:xx:xx:xx:xx) Internet Protocol Version 6, Src: fe80::1:1, Dst: fe80::e899:1dd9:b899:72ae 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000 Payload Length: 192 Next Header: ICMPv6 (58) Hop Limit: 255 Source: fe80::1:1 Destination: fe80::e899:1dd9:b899:72ae [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Internet Control Message Protocol v6 Type: Router Advertisement (134) Code: 0 Checksum: 0x6d13 [correct] [Checksum Status: Good] Cur hop limit: 64 Flags: 0x08, Prf (Default Router Preference): High Router lifetime (s): 1800 Reachable time (ms): 0 Retrans timer (ms): 0 ICMPv6 Option (Prefix information : 2606:6000:xxxx:xxxx::/64) Type: Prefix information (3) Length: 4 (32 bytes) Prefix Length: 64 Flag: 0xe0, On-link flag(L), Autonomous address-configuration flag(A), Router address flag(R) Valid Lifetime: 86400 Preferred Lifetime: 14400 Reserved Prefix: 2606:6000:xxxx:xxxx:: ICMPv6 Option (Route Information : Medium ::/0) Type: Route Information (24) Length: 3 (24 bytes) Prefix Length: 0 Flag: 0x00, Route Preference: Medium Route Lifetime: 60 Prefix: :: ICMPv6 Option (Recursive DNS Server 2001:4860:4860::8888 2001:4860:4860::8844) Type: Recursive DNS Server (25) Length: 5 (40 bytes) Reserved Lifetime: 20 Recursive DNS Servers: 2001:4860:4860::8888 Recursive DNS Servers: 2001:4860:4860::8844 ICMPv6 Option (DNS Search List Option home.internal.yyyy.com home.internal.yyyy.com) Type: DNS Search List Option (31) Length: 8 (64 bytes) Reserved Lifetime: 20 Domain Names: home.internal.yyyy.com Domain Names: home.internal.yyyy.com ICMPv6 Option (MTU : 1500) Type: MTU (5) Length: 1 (8 bytes) Reserved MTU: 1500 ICMPv6 Option (Source link-layer address : xx:xx:xx:xx:xx:xx) Type: Source link-layer address (1) Length: 1 (8 bytes) Link-layer address: AdiEngin_xx:xx:xx (xx:xx:xx:xx:xx:xx) -
So I think I've identified the issue but I don't have any clue what would be causing it. When I do an ipconfig /renew6, the default gateway of fe80::1:1%2 is added. After approximately 1 minute, the default gateway is dropped and only the IPv4 gateway remains.
-
Just a wild shot : your device can actually "ICMP" pfSense ? (I guess without it a IPV6 ping reply it will drop the gateway …)
-
Just a wild shot : your device can actually "ICMP" pfSense ? (I guess without it a IPV6 ping reply it will drop the gateway …)
The fe80::1:1 still is pingable and so is the actual IPv6 address after the fe80::1:1 gateway is dropped…I have no idea what the issue is!!!
-
I keep getting this when starting radvd:
[Dec 02 19:44:36] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10 [Dec 02 19:44:36] radvd (87691): igb1.10 is up [Dec 02 19:44:36] radvd (87691): igb1.10 is running [Dec 02 19:44:36] radvd (87691): igb1.10 supports multicast [Dec 02 19:44:36] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10 [Dec 02 19:44:36] radvd (87691): igb1.10 is up [Dec 02 19:44:36] radvd (87691): igb1.10 is running [Dec 02 19:44:36] radvd (87691): igb1.10 supports multicast [Dec 02 19:44:36] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:44:39] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:44:42] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:44:45] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:44:48] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:44:51] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:44:52] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10 [Dec 02 19:44:52] radvd (87691): igb1.10 is up [Dec 02 19:44:52] radvd (87691): igb1.10 is running [Dec 02 19:44:52] radvd (87691): igb1.10 supports multicast [Dec 02 19:44:54] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:44:57] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:00] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:06] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:08] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10 [Dec 02 19:45:08] radvd (87691): igb1.10 is up [Dec 02 19:45:08] radvd (87691): igb1.10 is running [Dec 02 19:45:08] radvd (87691): igb1.10 supports multicast [Dec 02 19:45:09] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:12] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:15] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:18] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:21] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:24] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:27] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:30] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:33] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:36] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:36] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10 [Dec 02 19:45:36] radvd (87691): igb1.10 is up [Dec 02 19:45:36] radvd (87691): igb1.10 is running [Dec 02 19:45:36] radvd (87691): igb1.10 supports multicast [Dec 02 19:45:39] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:41] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10 [Dec 02 19:45:41] radvd (87691): igb1.10 is up [Dec 02 19:45:41] radvd (87691): igb1.10 is running [Dec 02 19:45:41] radvd (87691): igb1.10 supports multicast [Dec 02 19:45:42] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:45] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:48] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:51] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:53] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10 [Dec 02 19:45:53] radvd (87691): igb1.10 is up [Dec 02 19:45:53] radvd (87691): igb1.10 is running [Dec 02 19:45:53] radvd (87691): igb1.10 supports multicast [Dec 02 19:45:54] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:45:57] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:46:00] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1Everytime I do a manual /renew6, the logs show:
[Dec 02 19:45:53] radvd (87691): igb1.10 is up [Dec 02 19:45:53] radvd (87691): igb1.10 is running [Dec 02 19:45:53] radvd (87691): igb1.10 supports multicastFollowed by this over and over again until the new /renew6:
[Dec 02 19:46:15] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:46:18] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:46:21] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:46:24] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 [Dec 02 19:46:27] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1 -
How is RADVD set up?
-
Thanks for the replies. The issue ended up being a bug with IGMP snooping on my Ubiquiti Edgeswitch. Disabling IGMP snooping on the specific VLAN with unmanaged RAs set allowed the RAs to be broadcasted to the clients.
