IPv6 with track interface on LAN stopped working
-
This was working perfectly, then all the sudden it stopped working. I can see in Logs where a PD is coming down the pipe but the LAN Track interface never populates with the PD.
for Testing purposes I built a new Pfsense box, No config just blank, setup WAN LAN, enabled Ipv6 and same result.
Sorry if my Logs are upside down, box was checked to have recent at top. This is what confuses it looks like I am getting correct responses.Sep 3 21:09:46 dhcp6c 49426 reset a timer on vmx0, state=REQUEST, timeo=1, retrans=1845
Sep 3 21:09:46 dhcp6c 49426 send request to ff02::1:2%vmx0
Sep 3 21:09:46 dhcp6c 49426 set IA_PD
Sep 3 21:09:46 dhcp6c 49426 set IA_PD prefix
Sep 3 21:09:46 dhcp6c 49426 set option request (len 4)
Sep 3 21:09:46 dhcp6c 49426 set elapsed time (len 2)
Sep 3 21:09:46 dhcp6c 49426 set identity association
Sep 3 21:09:46 dhcp6c 49426 set IA address
Sep 3 21:09:46 dhcp6c 49426 set server ID (len 14)
Sep 3 21:09:46 dhcp6c 49426 set client ID (len 14)
Sep 3 21:09:46 dhcp6c 49426 Sending Request
Sep 3 21:09:45 dhcp6c 49426 reset a timer on vmx0, state=REQUEST, timeo=0, retrans=911
Sep 3 21:09:45 dhcp6c 49426 send request to ff02::1:2%vmx0
Sep 3 21:09:45 dhcp6c 49426 set IA_PD
Sep 3 21:09:45 dhcp6c 49426 set IA_PD prefix
Sep 3 21:09:45 dhcp6c 49426 set option request (len 4)
Sep 3 21:09:45 dhcp6c 49426 set elapsed time (len 2)
Sep 3 21:09:45 dhcp6c 49426 set identity association
Sep 3 21:09:45 dhcp6c 49426 set IA address
Sep 3 21:09:45 dhcp6c 49426 set server ID (len 14)
Sep 3 21:09:45 dhcp6c 49426 set client ID (len 14)
Sep 3 21:09:45 dhcp6c 49426 a new XID (cd1ea5) is generated
Sep 3 21:09:45 dhcp6c 49426 Sending Request
Sep 3 21:09:45 dhcp6c 49426 server ID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd, pref=255
Sep 3 21:09:45 dhcp6c 49426 preference: 255
Sep 3 21:09:45 dhcp6c 49426 get DHCP option preference, len 1
Sep 3 21:09:45 dhcp6c 49426 IA_PD prefix: 2603:9000:b505:bb00::/56 pltime=567719 vltime=567719
Sep 3 21:09:45 dhcp6c 49426 get DHCP option IA_PD prefix, len 25
Sep 3 21:09:45 dhcp6c 49426 IA_PD: ID=0, T1=283859, T2=454175
Sep 3 21:09:45 dhcp6c 49426 get DHCP option IA_PD, len 41
Sep 3 21:09:45 dhcp6c 49426 IA_NA address: 2603:9000:ff00:b5:5cc7:f677:e6e4:6a7e pltime=566005 vltime=566005
Sep 3 21:09:45 dhcp6c 49426 get DHCP option IA address, len 24
Sep 3 21:09:45 dhcp6c 49426 IA_NA: ID=0, T1=283002, T2=452804
Sep 3 21:09:45 dhcp6c 49426 get DHCP option identity association, len 40
Sep 3 21:09:45 dhcp6c 49426 DUID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd
Sep 3 21:09:45 dhcp6c 49426 get DHCP option server ID, len 14
Sep 3 21:09:45 dhcp6c 49426 DUID: 00:01:00:01:22:e4:18:42:00:50:56:b7:ee:fb
Sep 3 21:09:45 dhcp6c 49426 get DHCP option client ID, len 14
Sep 3 21:09:45 dhcp6c 49426 receive advertise from fe80::2bc:60ff:fe93:1419%vmx0 on vmx0
Sep 3 21:09:45 dhcp6c 49426 reset a timer on vmx0, state=SOLICIT, timeo=1, retrans=2083
Sep 3 21:09:45 dhcp6c 49426 send solicit to ff02::1:2%vmx0
Sep 3 21:09:45 dhcp6c 49426 set IA_PD
Sep 3 21:09:45 dhcp6c 49426 set IA_PD prefix
Sep 3 21:09:45 dhcp6c 49426 set option request (len 4)
Sep 3 21:09:45 dhcp6c 49426 set elapsed time (len 2)
Sep 3 21:09:45 dhcp6c 49426 set identity association
Sep 3 21:09:45 dhcp6c 49426 set client ID (len 14)
Sep 3 21:09:45 dhcp6c 49426 Sending Solicit
Sep 3 21:09:44 dhcp6c 49426 reset a timer on vmx0, state=SOLICIT, timeo=0, retrans=1091
Sep 3 21:09:44 dhcp6c 49426 send solicit to ff02::1:2%vmx0
Sep 3 21:09:44 dhcp6c 49426 set IA_PD
Sep 3 21:09:44 dhcp6c 49426 set IA_PD prefix
Sep 3 21:09:44 dhcp6c 49426 set option request (len 4)
Sep 3 21:09:44 dhcp6c 49426 set elapsed time (len 2)
Sep 3 21:09:44 dhcp6c 49426 set identity association
Sep 3 21:09:44 dhcp6c 49426 set client ID (len 14)
Sep 3 21:09:44 dhcp6c 49426 a new XID (f6776d) is generated
Sep 3 21:09:44 dhcp6c 49426 Sending Solicit -
Also like to mention that during boot I see WAN Syslodg: Bind : Can't assign requested address.
sorry typed that from Memory, but it hangs the box for a few minutes, have read its FE80 Addresses that are stuck on the interface. -
That is not representative of actually getting a response. All I see there is Send Solicit. Look at the log I posted. See the send request and receive reply.
-
so I am not receiving a reply or is their anyway possible I'm Blocking it? When I hook laptop to Modem reboot everything I get WAN ipv6 address, so I am not blaming the ISP I have to be missing something.
Also I do have a Tunnel to HE.net and I do not forward all traffic out the HE gateway, I have a Rule on specific Vlan to route that traffic.
-
Log finally posted this Says No responses were received?
Sep 3 21:18:35 dhcp6c 86742 removing server (ID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd)
Sep 3 21:18:35 dhcp6c 86742 removing an event on vmx0, state=REQUEST
Sep 3 21:18:35 dhcp6c 86742 no responses were received
Sep 3 21:18:07 dhcp6c 86742 reset a timer on vmx0, state=REQUEST, timeo=9, retrans=27750
Sep 3 21:18:07 dhcp6c 86742 send request to ff02::1:2%vmx0
Sep 3 21:18:07 dhcp6c 86742 set IA_PD
Sep 3 21:18:07 dhcp6c 86742 set IA_PD prefix
Sep 3 21:18:07 dhcp6c 86742 set option request (len 4)
Sep 3 21:18:07 dhcp6c 86742 set elapsed time (len 2)
Sep 3 21:18:07 dhcp6c 86742 set identity associationFound this also in the Log, is this .Key thing a problem?
Sep 3 21:15:15 dhcp6c 5912 <5>[vmx0] (4)
Sep 3 21:15:15 dhcp6c 5912 <3>[interface] (9)
Sep 3 21:15:15 dhcp6c 5912 skip opening control port
Sep 3 21:15:15 dhcp6c 5912 failed initialize control message authentication
Sep 3 21:15:15 dhcp6c 5912 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Sep 3 21:15:15 dhcp6c 5912 extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:22:e4:18:42:00:50:56:b7:ee:fb -
Packet capture for IPv6 ICMPv6 on WAN and see what's actually going on out there. Maybe they don't like the DUID since they already think they have a lease out to the laptop. Are you requesting a PD on the laptop? I doubt it so that isn't a comparable test.
Have you called them? Maybe they need to clear something in their DHCP server.
No, that control port is not an issue.
| Sep 3 21:18:35 dhcp6c 86742 no responses were received
Exactly.
-
Correct on the laptop did not request a PD not really a valid test, other than It does get a WAN ipv6 address, so the least I should get one on the Wan IP on the pfsense box.
I will generate a custom unique UUID and force that out, you have a good point as pfsense spoofs the MAC and UUID -
I would get rid of any spoofed MAC addresses unless you know you need them. That's really hacky. It's almost always better to just have the ISP do what they need to do (if anything) so you can use the new MAC address.
DHCPv6 doesn't use MAC as an identifier. It uses the DUID. Thought part of the DUID generation input might be a link-layer (MAC) address.
-
I did that early today took out all the MAC fields, made sure they were Actually the MAC of that Interface card. SO im all clean there. the DUID or UUID is generated using the WAN's mac address.
Running packet capture now but its not finding the conversation just some icmp stuff.
-
I setup Syslog and can filter for dhcpd6, so I caught this in the Log when saving WAN/LAN forcing dhcpd6 to update:
reset a timer on vmx0
transmit failed: Can't assign requested address
set IA_PD
set IA_PD prefix
set option request (len 4)
set elapsed time (len 2)
set identity association
set client ID (len 18)
Sending Solicit
reset a timer on vmx0
transmit failed: Can't assign requested address
set IA_PD
set IA_PD prefix
set option request (len 4)
set elapsed time (len 2)
set identity association
set client ID (len 18)
Sending Solicit
reset a timer on vmx0
transmit failed: Can't assign requested address -
@Derelict you live in Vegas so I’m guessing you have Cox as well. Any tips to get ipv6 working? I just redid my install from scratch, set lan to track, nothing checked on WAN. Still only getting link-local ipv6 address. It’s driving me crazy!
-
This is what I use with Cox and a Netgear CM600:
-
so these are the logs from dhcp, any hints from them as to what is going on? I even tried swapping interfaces just now and still no good.
-
Anything else ever happen? It's not uncommon to take a few solicits before getting a response. Not sure why they delay.
With Cable it is strange because you are often actually talking to your modem, which is obtaining the address information from upstream via whatever method (I have never seen a Cable ISP any further up than the modem itself so it's a "black box" to me). Have you verified with Cox that your modem will work with IPv6 and that they don't have to enable something?
-
@derelict Yeah, if I go direct into my laptop from the modem I get an IPv6 address right away. I just switched back over to my edgerouter and boom, just like that it has an IPv6 address.
-
Ok, so if I plug the edgerouter into the modem then feed pfsense from the edgerouter it gets an ipv6 address but not direct to the modem. What the heck?!
-
All I can say is those settings work. if pfSense is sending the solicit and getting no reply, not sure where to have you go except upstream to them. Maybe try the unplug WAN, reboot modem, let it sync, reconnect WAN dance.
Maybe edit/save a new DUID in System > Advanced, Networking. Resetting the DUID might kick the DHCP server into gear but just a guess.
The DUID should be saved in the config anyway. I use DUID-LLT. You can manually get a new time in seconds with
date "+%s"
-
How can I view the actual DUID to confirm that its changing?
-
Should be in the dhcp6c logs
-
@dudleydogg That looks like the client cannot transmit on that interface at all.
Can't assign requested address likely means that the WAN interface addressing is pretty grossly misconfigured. Or maybe the default gateway is not something on the WAN subnet, or something else wrong with sending traffic out WAN. Hard to say based on that.
-
The DHCPv6 server should probably be enabled and RA on the tracked interface should probably be set to "Assisted" but that will not prevent the DHCPv6 on WAN and the prefix delegation from occurring. Though I seem to remember that there was a bug preventing it from attempting to get a PD if there were no interfaces set to track. I believe that has been fixed though.
-
@derelict I have though as much and wonder if their is a way to reset WAN back to default like their is some request for an address that is stuck. Only ipv6 I can make work is HE tunnel. Previously native from Spectrum (TWC) was working perfectly.
-
I'd call Cox. Or tweet (DM) them. They seem to respond there with some knowledge.
You might just have to let stuff expire (stop testing with laptops and routers) until they give you another lease.
-
@dxmaster said in IPv6 with track interface on LAN stopped working:
I just redid my install from scratch, set lan to track, nothing checked on WAN.
Just looking back. What do you mean nothing checked? WAN needs to be set to DHCPv6.
-
Ok, so it has been a few hours and USPS dropped off a shiny new 4 port intel nic that I threw in a spare computer and tossed a 64GB SSD in and all is well in the world. I have a feeling its something related to my unRaid servers NIC cards or something with the virtualization of pfSense within unRaid. I might toss this nic in my unRaid box and see if I can get it working with the new nic but either way, im up and running just fine on a different computer.
-
no responses were received
reset a timer on vmx0
send request to ff02::1:2%vmx0
set IA_PD
set IA_PD prefix
set option request (len 4)
set elapsed time (len 2)
set identity association
set IA address
set server ID (len 14)
set client ID (len 14)
Sending Request
So my router is requesting and I see a PD and ipv6 ip in the Logs but the last part of the log file does state no responses were received. Is their anything that could be preventing this request to go out my WAN to the ISP?and the send request does not seem to be a routable address is local link ff02
-
That is not link-local. It is multicast to ff02::1:2 (All_DHCP_Relay_Agents_and_Servers).
https://en.wikipedia.org/wiki/DHCPv6
Your problem is there is no response.
In order to verify the packet is actually going out on the wire, you will have to capture on the wire itself.
Been doing this a while and I have never seen a transmission out a port in a pcap that was not actually sent out on the wire.
-
@derelict Misconfigured on my Part or the ISP? I have installed pfsense from scratch and configured only WAN And LAN to test or verify its nothing in my configuration So clean install I still hang on WAN at boot, and no ipv6 is assigned. Only hardware is TWC modem, but its bridged. are their settings even in Bridge mode I need to be aware of?
How else can I configure or Wipe the WAN settings back to Default? -
You can't. They can either provide the information you need to configure the WAN interface or I guess it doesn't work.
Not possible for me to try it for you because I don't have one of those connections available to test on.
Not really sure what to recommend that hasn't already been said. You have never posted any logs that actually showed any kind of response to the DHCPv6 solicits.
-
@derelict I do appreciate you helping me sorry if I neglected to upload a log. If I debug the logfile for just DHCP this is what I capture from Solicit too Failure:
Debug 10.0.1.254 removing server (ID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd)
Debug 10.0.1.254 removing an event on vmx0 state=REQUEST
Info 10.0.1.254 no responses were received
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=9 retrans=30729
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=8 retrans=32136
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=7 retrans=32529
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=6 retrans=27864
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=5 retrans=29423
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=4 retrans=14139
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=3 retrans=7426
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=2 retrans=3731
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=1 retrans=1873
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=0 retrans=983
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Debug 10.0.1.254 a new XID (ddf60e) is generated
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 server ID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd pref=255
Debug 10.0.1.254 preference: 255
Debug 10.0.1.254 get DHCP option preference len 1
Debug 10.0.1.254 IA_PD prefix: 2603:9000:b501:cb00::/56 pltime=500360 vltime=500360
Debug 10.0.1.254 get DHCP option IA_PD prefix len 25
Debug 10.0.1.254 IA_PD: ID=0 T1=250180 T2=400288
Debug 10.0.1.254 get DHCP option IA_PD len 41
Debug 10.0.1.254 IA_NA address: 2603:9000:ff00:b5:420:f8c9:65a7:82d pltime=500360 vltime=500360
Debug 10.0.1.254 get DHCP option IA address len 24
Debug 10.0.1.254 IA_NA: ID=0 T1=250180 T2=400288
Debug 10.0.1.254 get DHCP option identity association len 40
Debug 10.0.1.254 DUID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd
Debug 10.0.1.254 get DHCP option server ID len 14
Debug 10.0.1.254 DUID: 00:04:87:ae:49:01:54:64:11:cb:bb:2c:9d:4b:6c:e6:b1:0e
Debug 10.0.1.254 get DHCP option client ID len 18
Debug 10.0.1.254 receive advertise from fe80::2bc:60ff:fe93:1419%vmx0 on vmx0
Debug 10.0.1.254 reset a timer on vmx0 state=SOLICIT timeo=8 retrans=117984
Debug 10.0.1.254 send solicit to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Solicit -
@derelict Finally after all this time I see this in the Logs Now:
got an expected reply, sleeping
so Magically all the sudden ipv6 for the moment is working. -
@dudleydogg said in IPv6 with track interface on LAN stopped working:
@derelict Finally after all this time I see this in the Logs Now:
got an expected reply, sleeping
so Magically all the sudden ipv6 for the moment is working.I spoke too soon, I can ping and trace ipv6 from lan and wan using diag in pfsense, but no pc's on network can route traffic out. and when I can do tracert from pc first hope is LAN ip not Gateway IP.
-
Going to have to show us the interface config you end up with on the client, the routing table on the client, and the firewall rules on the LAN interface for starters. And the routing table on the firewall.
-
@derelict said in IPv6 with track interface on LAN stopped working:
The DUID should be saved in the config anyway. I use DUID-LLT. You can manually get a new time in seconds with
date "+%s"
If you want the DUID-LLT to more closely resemble the one pfSense generates, use this, since they actually calculate from 1/1/2000 instead of 1/1/1970...
expr $(date +%s) - 946684800