pfSense host gets IPv6 from ISP (Google Fiber) but not LAN clients

rsaanon

I am successfully able to pull a DHCP6 from Google Fiber Network (as per the pfSense Status page); however, none of the LAN clients are able to get the IPv6 lease.

On the pfSense side, I have configured the LAN interface to:

• IPv6 Configuration Type: Track Interface
• Track Interface is set to: WAN

Additionally, the PC clients have the IPv6 support enabled in the Networking/Adapter options.

In the past (a while back), I have managed to get the clients to get IPv6 lease, but not lately. Not sure what has changed.

Any insights would be greatly appreciated!

-r

jimp

Are you certain your ISP is giving you a prefix delegation? And is that prefix delegation size correctly selected in the WAN DHCPv6 settings?

rsaanon

@jimp - Thx for responding.

WAN Delegation Prefix Size: 56

DHCP the log snippet below.

Sep 26 10:02:20	dhcp6c	79038	got an expected reply, sleeping.
Sep 26 10:02:20	dhcp6c	79038	removing an event on em0.2, state=RENEW
Sep 26 10:02:20	dhcp6c	79038	script "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh" terminated
Sep 26 10:02:20	dhcp6c		dhcp6c renew, no change - bypassing update on em0.2
Sep 26 10:02:20	dhcp6c	79038	executes /var/etc/dhcp6c_wan_dhcp6withoutra_script.sh
Sep 26 10:02:20	dhcp6c	79038	update a prefix 2605:xxxx:xxxx:xxxx::/64 pltime=64800, vltime=86400
Sep 26 10:02:20	dhcp6c	79038	update an IA: PD-0
Sep 26 10:02:20	dhcp6c	79038	dhcp6c Received INFO
Sep 26 10:02:20	dhcp6c	79038	unknown or unexpected DHCP6 option vendor specific info, len 39
Sep 26 10:02:20	dhcp6c	79038	get DHCP option vendor specific info, len 39
Sep 26 10:02:20	dhcp6c	79038	IA_PD prefix: 2605:xxxx:xxxx:xxxx::/64 pltime=64800 vltime=86400
Sep 26 10:02:20	dhcp6c	79038	get DHCP option IA_PD prefix, len 25
Sep 26 10:02:20	dhcp6c	79038	IA_PD: ID=0, T1=900, T2=14400
Sep 26 10:02:20	dhcp6c	79038	get DHCP option IA_PD, len 41
Sep 26 10:02:20	dhcp6c	79038	DUID: 00:01:00:01:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
Sep 26 10:02:20	dhcp6c	79038	get DHCP option client ID, len 14
Sep 26 10:02:20	dhcp6c	79038	DUID: 00:03:00:01:xx:xx:xx:xx:xx:xx
Sep 26 10:02:20	dhcp6c	79038	get DHCP option server ID, len 10
Sep 26 10:02:20	dhcp6c	79038	receive reply from fe80::e681:xxxx:xxxx:xxxx%em0.2 on em0.2
Sep 26 10:02:20	dhcp6c	79038	send renew to ff02::1:2%em0.2
Sep 26 10:02:20	dhcp6c	79038	set IA_PD
Sep 26 10:02:20	dhcp6c	79038	set IA_PD prefix
Sep 26 10:02:20	dhcp6c	79038	set option request (len 4)
Sep 26 10:02:20	dhcp6c	79038	set elapsed time (len 2)
Sep 26 10:02:20	dhcp6c	79038	set server ID (len 10)
Sep 26 10:02:20	dhcp6c	79038	set client ID (len 14)
Sep 26 10:02:20	dhcp6c	79038	a new XID (6e3516) is generated
Sep 26 10:02:20	dhcp6c	79038	Sending Renew
Sep 26 10:02:20	dhcp6c	79038	reset a timer on em0.2, state=RENEW, timeo=0, retrans=10431
Sep 26 10:02:20	dhcp6c	79038	IA timeout for PD-0, state=ACTIVE
Sep 26 10:02:07	dhcp6c	79038	got an expected reply, sleeping.
Sep 26 10:02:07	dhcp6c	79038	removing an event on em0.2, state=RENEW
Sep 26 10:02:07	dhcp6c	79038	script "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh" terminated
Sep 26 10:02:07	dhcp6c		dhcp6c renew, no change - bypassing update on em0.2
Sep 26 10:02:07	dhcp6c	79038	executes /var/etc/dhcp6c_wan_dhcp6withoutra_script.sh
Sep 26 10:02:07	dhcp6c	79038	add an address 2605:xxxx:xxxx:xxxx::1/128 on em0.2
Sep 26 10:02:07	dhcp6c	79038	update an address 2605:xxxx:xxxx:xxxx::1 pltime=64800, vltime=18078597966930727296

jimp

I don't see any sign of a /56 in that log file. Only a /64.

rsaanon

I had noticed that as well and tried changing the WAN/Delegation Prefix Size to /64 after which the pfSense host was no longer able to pull IPv6 from the ISP (even after a reboot). Changed it back to a /56 and the pfSense box successfully pulled IPv6 lease from ISP.

rsaanon

FYI: Under LAN/Track IPv6 Interface, the IPv6 Prefix ID is set to the default of 0. Wondering if that needs to be changed. Also, in the past I had left that setting to the default of 0.

Since the problem is not with pulling IPv6 from ISP, but instead clients not able to get IPv6 from the pfSense box, I am guessing the problem is somewhere in the LAN interface configuration (eg: may be ipv6 prefix id needs to be set to /64 or /56?).

jimp

The prefix ID on LAN is generally 0 since it's the first one. As long as LAN is set to track WAN for IPv6 that should be all you need to do.

It really looks like it's failing to pull the prefixes properly from the ISP. I don't think it's a LAN settings issue at all, but a problem in what they're sending you.

jimp

For example, on my test setup here I have my edge handing out /60 blocks to routers behind, and it shows this:

Sep 26 10:53:10 missy dhcp6c[94557]: get DHCP option IA_PD prefix, len 25
Sep 26 10:53:10 missy dhcp6c[94557]:   IA_PD prefix: 2001:db8:1:ee10::/60 pltime=4500 vltime=7200

And then later it shows the individual prefixes being applied:

Sep 26 10:53:10 missy dhcp6c[94557]: make an IA: PD-0
Sep 26 10:53:10 missy dhcp6c[94557]: create a prefix 2001:db8:1:ee10::/60 pltime=4500, vltime=7200
Sep 26 10:53:10 missy dhcp6c[94557]: add an address 2001:db8:1:ee10:290:bff:fe7a:8a66/64 on igb1
Sep 26 10:53:10 missy dhcp6c[94557]: add an address 2001:db8:1:ee11:290:bff:fe7a:8a67/64 on ix0
Sep 26 10:53:10 missy dhcp6c[94557]: add an address 2001:db8:1:ee12:290:bff:fe7a:8a68/64 on ix1
Sep 26 10:53:10 missy dhcp6c[94557]: T1(2250) and/or T2(3600) is locally determined
Sep 26 10:53:10 missy dhcp6c[94557]: make an IA: NA-0
Sep 26 10:53:10 missy dhcp6c[94557]: create an address 2001:db8::ffff:c9e4 pltime=4500, vltime=11007750181759228960
Sep 26 10:53:10 missy dhcp6c[94557]: add an address 2001:db8::ffff:c9e4/128 on igb0

That was after an edit/save/apply on WAN, though. Your logs appear to be from a renew and not from a new request.

rsaanon

@jimp Thanks again for taking time.

Still doubt that there's any issues with pulling the prefixes properly from the ISP as the pfSense box itself successfully pulls an IPv6 from ISP (ie: the WAN interface shows the IPv4 as well as the IPv6. Going to troubleshoot some mo' later.. Will post any updates. Thanks!
-r

jimp

I just showed you what a working setup looks like and what a working server sends. Your server is not sending that, thus your server is not working properly.

Getting a working WAN address is not the same as getting a working and viable prefix delegation from upstream. One can work while the other is broken.

NickyDoes

@rsaanon, looking for an update.

Did you ever get IPv6 working smoothly with Google Fiber?
Do you still have Google Fiber? What is your PD size now?

@jimp said in pfSense host gets IPv6 from ISP (Google Fiber) but not LAN clients:

I just showed you what a working setup looks like and what a working server sends. Your server is not sending that, thus your server is not working properly.

Getting a working WAN address is not the same as getting a working and viable prefix delegation from upstream. One can work while the other is broken.