IPv6 with track interface on LAN stopped working

Derelict · Sep 6, 2018, 8:15 PM

The DHCPv6 server should probably be enabled and RA on the tracked interface should probably be set to "Assisted" but that will not prevent the DHCPv6 on WAN and the prefix delegation from occurring. Though I seem to remember that there was a bug preventing it from attempting to get a PD if there were no interfaces set to track. I believe that has been fixed though.

Dudleydogg · Sep 6, 2018, 10:54 PM

@derelict I have though as much and wonder if their is a way to reset WAN back to default like their is some request for an address that is stuck. Only ipv6 I can make work is HE tunnel. Previously native from Spectrum (TWC) was working perfectly.

Derelict · Sep 6, 2018, 11:23 PM

I'd call Cox. Or tweet (DM) them. They seem to respond there with some knowledge.

You might just have to let stuff expire (stop testing with laptops and routers) until they give you another lease.

Derelict · Sep 6, 2018, 11:24 PM

@dxmaster said in IPv6 with track interface on LAN stopped working:

I just redid my install from scratch, set lan to track, nothing checked on WAN.

Just looking back. What do you mean nothing checked? WAN needs to be set to DHCPv6.

dxmaster · Sep 7, 2018, 4:12 AM

Ok, so it has been a few hours and USPS dropped off a shiny new 4 port intel nic that I threw in a spare computer and tossed a 64GB SSD in and all is well in the world. I have a feeling its something related to my unRaid servers NIC cards or something with the virtualization of pfSense within unRaid. I might toss this nic in my unRaid box and see if I can get it working with the new nic but either way, im up and running just fine on a different computer.

Dudleydogg · Sep 7, 2018, 8:00 PM

no responses were received
reset a timer on vmx0
send request to ff02::1:2%vmx0
set IA_PD
set IA_PD prefix
set option request (len 4)
set elapsed time (len 2)
set identity association
set IA address
set server ID (len 14)
set client ID (len 14)
Sending Request
So my router is requesting and I see a PD and ipv6 ip in the Logs but the last part of the log file does state no responses were received. Is their anything that could be preventing this request to go out my WAN to the ISP?

and the send request does not seem to be a routable address is local link ff02

Derelict · Sep 8, 2018, 4:43 AM

That is not link-local. It is multicast to ff02::1:2 (All_DHCP_Relay_Agents_and_Servers).

https://en.wikipedia.org/wiki/DHCPv6

Your problem is there is no response.

In order to verify the packet is actually going out on the wire, you will have to capture on the wire itself.

Been doing this a while and I have never seen a transmission out a port in a pcap that was not actually sent out on the wire.

Dudleydogg · Sep 9, 2018, 11:10 PM

@derelict Misconfigured on my Part or the ISP? I have installed pfsense from scratch and configured only WAN And LAN to test or verify its nothing in my configuration So clean install I still hang on WAN at boot, and no ipv6 is assigned. Only hardware is TWC modem, but its bridged. are their settings even in Bridge mode I need to be aware of?
How else can I configure or Wipe the WAN settings back to Default?

Derelict · Sep 9, 2018, 11:44 PM

You can't. They can either provide the information you need to configure the WAN interface or I guess it doesn't work.

Not possible for me to try it for you because I don't have one of those connections available to test on.

Not really sure what to recommend that hasn't already been said. You have never posted any logs that actually showed any kind of response to the DHCPv6 solicits.

Dudleydogg · Sep 10, 2018, 7:49 PM

@derelict I do appreciate you helping me sorry if I neglected to upload a log. If I debug the logfile for just DHCP this is what I capture from Solicit too Failure:
Debug 10.0.1.254 removing server (ID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd)
Debug 10.0.1.254 removing an event on vmx0 state=REQUEST
Info 10.0.1.254 no responses were received
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=9 retrans=30729
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=8 retrans=32136
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=7 retrans=32529
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=6 retrans=27864
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=5 retrans=29423
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=4 retrans=14139
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=3 retrans=7426
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=2 retrans=3731
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=1 retrans=1873
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=0 retrans=983
Debug 10.0.1.254 send request to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set IA address
Debug 10.0.1.254 set server ID (len 14)
Debug 10.0.1.254 set client ID (len 18)
Debug 10.0.1.254 a new XID (ddf60e) is generated
Info 10.0.1.254 Sending Request
Debug 10.0.1.254 server ID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd pref=255
Debug 10.0.1.254 preference: 255
Debug 10.0.1.254 get DHCP option preference len 1
Debug 10.0.1.254 IA_PD prefix: 2603:9000:b501:cb00::/56 pltime=500360 vltime=500360
Debug 10.0.1.254 get DHCP option IA_PD prefix len 25
Debug 10.0.1.254 IA_PD: ID=0 T1=250180 T2=400288
Debug 10.0.1.254 get DHCP option IA_PD len 41
Debug 10.0.1.254 IA_NA address: 2603:9000:ff00:b5:420:f8c9:65a7:82d pltime=500360 vltime=500360
Debug 10.0.1.254 get DHCP option IA address len 24
Debug 10.0.1.254 IA_NA: ID=0 T1=250180 T2=400288
Debug 10.0.1.254 get DHCP option identity association len 40
Debug 10.0.1.254 DUID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd
Debug 10.0.1.254 get DHCP option server ID len 14
Debug 10.0.1.254 DUID: 00:04:87:ae:49:01:54:64:11:cb:bb:2c:9d:4b:6c:e6:b1:0e
Debug 10.0.1.254 get DHCP option client ID len 18
Debug 10.0.1.254 receive advertise from fe80::2bc:60ff:fe93:1419%vmx0 on vmx0
Debug 10.0.1.254 reset a timer on vmx0 state=SOLICIT timeo=8 retrans=117984
Debug 10.0.1.254 send solicit to ff02::1:2%vmx0
Debug 10.0.1.254 set IA_PD
Debug 10.0.1.254 set IA_PD prefix
Debug 10.0.1.254 set option request (len 4)
Debug 10.0.1.254 set elapsed time (len 2)
Debug 10.0.1.254 set identity association
Debug 10.0.1.254 set client ID (len 18)
Info 10.0.1.254 Sending Solicit

Dudleydogg · Sep 18, 2018, 5:32 PM

@derelict Finally after all this time I see this in the Logs Now:
got an expected reply, sleeping
so Magically all the sudden ipv6 for the moment is working.

Dudleydogg · Sep 23, 2018, 4:28 AM

@dudleydogg said in IPv6 with track interface on LAN stopped working:

@derelict Finally after all this time I see this in the Logs Now:
got an expected reply, sleeping
so Magically all the sudden ipv6 for the moment is working.

I spoke too soon, I can ping and trace ipv6 from lan and wan using diag in pfsense, but no pc's on network can route traffic out. and when I can do tracert from pc first hope is LAN ip not Gateway IP.

Derelict · Sep 23, 2018, 5:10 PM

Going to have to show us the interface config you end up with on the client, the routing table on the client, and the firewall rules on the LAN interface for starters. And the routing table on the firewall.

luckman212 · Sep 24, 2018, 3:30 PM

@derelict said in IPv6 with track interface on LAN stopped working:

The DUID should be saved in the config anyway. I use DUID-LLT. You can manually get a new time in seconds with date "+%s"

If you want the DUID-LLT to more closely resemble the one pfSense generates, use this, since they actually calculate from 1/1/2000 instead of 1/1/1970...

expr $(date +%s) - 946684800