IPv6 Native with Telstra, Australia

Larrikin · Feb 26, 2019, 4:44 PM

So I now have the config you posted above. Results below. I would also say the ISP doesn't know a thing about pfsense, so not sure how much help they will be to us. That said, the guy does respond to me if I have specific questions.

Here is the debug DHCP log with the config you suggested above:

Feb 27 03:43:11 dhcp6c 17859 reset a timer on em0, state=SOLICIT, timeo=3, retrans=8065
Feb 27 03:43:11 dhcp6c 17859 send solicit to ff02::1:2%em0
Feb 27 03:43:11 dhcp6c 17859 set IA_PD
Feb 27 03:43:11 dhcp6c 17859 set IA_PD prefix
Feb 27 03:43:11 dhcp6c 17859 set option request (len 4)
Feb 27 03:43:11 dhcp6c 17859 set elapsed time (len 2)
Feb 27 03:43:11 dhcp6c 17859 set identity association
Feb 27 03:43:11 dhcp6c 17859 set client ID (len 14)
Feb 27 03:43:11 dhcp6c 17859 Sending Solicit

Larrikin · Feb 26, 2019, 4:46 PM

@derelict Here is the new packet capture from the settings you told me to implement:

0_1551199609614_packetcapture.cap.zip

Larrikin · Feb 26, 2019, 4:49 PM

@derelict Interestingly, zero UDP packets in the packet captures. All ICMP neighbor solicitation.

Larrikin · Feb 26, 2019, 4:53 PM

@derelict Also, no idea how to packet capture their router doing DHCPv6 negotiation. Their router plugs straight into the IPoE interface and I don't have a hub where I can plug wireshark or anything like that to capture packets. Any ideas welcome on how to achieve that. Their router also has custom firmware so no ability to packet capture off of it. I can check their limited logs, but that's about it. Let me know if you want me to that.

Larrikin · Feb 26, 2019, 5:17 PM

@derelict

Here are screen shots of my LAN interface

RA:

Gateway:

Derelict · Feb 26, 2019, 5:17 PM

They do not have to know anything about pfSense. They should be able to tell you what is required of ANY dhcp6 client to pull an address and PD. Then we just make pfSense do what they require instead of guessing.

Larrikin · Feb 26, 2019, 5:20 PM

@derelict said in IPv6 Native with Telstra, Australia:

They do not have to know anything about pfSense. They should be able to tell you what is required of ANY dhcp6 client to pull an address and PD. Then we just make pfSense do what they require instead of guessing.

What I've given you is everything they have given me when I've asked. I don't think they intend on giving me any more info unless there is a specific question you want me to go back and ask them. They haven't provided me with any further info. I've literally given you exactly what they have given me. They think the issue is to do with neighbor solicitation and pfsense not accepting it.

Larrikin · Feb 26, 2019, 5:26 PM

@derelict said in IPv6 Native with Telstra, Australia:

They do not have to know anything about pfSense. They should be able to tell you what is required of ANY dhcp6 client to pull an address and PD. Then we just make pfSense do what they require instead of guessing.

So in summary - I'm out of moves. I feel that if this is ever going to get resolved, and we need more info from Telstra, then I would need to ask them specific questions for them to answer (and I don't know what those questions are).

I've asked the general questions like you've already asked me which is "how do they expect a client to get a DHCPv6 PD" and their response was the email above, plus the monitoring of my control plane, and coming back to me saying its a neighbor solicitation issue with pfsense.

Derelict · Feb 26, 2019, 7:54 PM

You should absolutely see traffic on WAN on UDP/547

That is Solicit, Advertise, Request, Reply

All I did was start that capture then edit/save Interfaces > WAN

Derelict · Feb 26, 2019, 9:29 PM

@larrikin said in IPv6 Native with Telstra, Australia:

I am reading info on how other 3rd party routers have got theirs up and running with Telstra and trying to translate that into pfsense.

Maybe you should post some of those.

Larrikin · Feb 26, 2019, 11:16 PM

@derelict Sure. Here is one https://forums.whirlpool.net.au/archive/2597579

Derelict · Feb 26, 2019, 11:21 PM

OK so prefix-only probably translates to:

Request only an IPv6 prefix
Only request an IPv6 prefix, do not request an IPv6 address

Did you check that?

Larrikin · Feb 26, 2019, 11:22 PM

@derelict said in IPv6 Native with Telstra, Australia:

OK so prefix-only probably translates to:

Request only an IPv6 prefix
Only request an IPv6 prefix, do not request an IPv6 address

Did you check that?

Yes - I've tried that too.

Derelict · Feb 26, 2019, 11:23 PM

OK and what did the dhcp6c logs look like when you only enabled that and tried it?

You're going to have to be a lot more forthcoming with information. We can't test it from here. Only you can.

Larrikin · Feb 26, 2019, 11:27 PM

@derelict

Here are the logs. Want another packet capture too?

Feb 27 10:26:01 dhcp6c 48288 reset a timer on em0, state=SOLICIT, timeo=4, retrans=16326
Feb 27 10:26:01 dhcp6c 48288 send solicit to ff02::1:2%em0
Feb 27 10:26:01 dhcp6c 48288 set IA_PD
Feb 27 10:26:01 dhcp6c 48288 set IA_PD prefix
Feb 27 10:26:01 dhcp6c 48288 set option request (len 4)
Feb 27 10:26:01 dhcp6c 48288 set elapsed time (len 2)
Feb 27 10:26:01 dhcp6c 48288 set client ID (len 14)
Feb 27 10:26:01 dhcp6c 48288 Sending Solicit
Feb 27 10:25:53 dhcp6c 48288 reset a timer on em0, state=SOLICIT, timeo=3, retrans=8065
Feb 27 10:25:53 dhcp6c 48288 send solicit to ff02::1:2%em0
Feb 27 10:25:53 dhcp6c 48288 set IA_PD
Feb 27 10:25:53 dhcp6c 48288 set IA_PD prefix
Feb 27 10:25:53 dhcp6c 48288 set option request (len 4)
Feb 27 10:25:53 dhcp6c 48288 set elapsed time (len 2)
Feb 27 10:25:53 dhcp6c 48288 set client ID (len 14)
Feb 27 10:25:53 dhcp6c 48288 Sending Solicit
Feb 27 10:25:49 dhcp6c 48288 reset a timer on em0, state=SOLICIT, timeo=2, retrans=3982
Feb 27 10:25:49 dhcp6c 48288 send solicit to ff02::1:2%em0
Feb 27 10:25:49 dhcp6c 48288 set IA_PD
Feb 27 10:25:49 dhcp6c 48288 set IA_PD prefix
Feb 27 10:25:49 dhcp6c 48288 set option request (len 4)
Feb 27 10:25:49 dhcp6c 48288 set elapsed time (len 2)
Feb 27 10:25:49 dhcp6c 48288 set client ID (len 14)
Feb 27 10:25:49 dhcp6c 48288 Sending Solicit
Feb 27 10:25:47 dhcp6c 48288 reset a timer on em0, state=SOLICIT, timeo=1, retrans=2083
Feb 27 10:25:47 dhcp6c 48288 send solicit to ff02::1:2%em0
Feb 27 10:25:47 dhcp6c 48288 set IA_PD
Feb 27 10:25:47 dhcp6c 48288 set IA_PD prefix
Feb 27 10:25:47 dhcp6c 48288 set option request (len 4)
Feb 27 10:25:47 dhcp6c 48288 set elapsed time (len 2)
Feb 27 10:25:47 dhcp6c 48288 set client ID (len 14)
Feb 27 10:25:47 dhcp6c 48288 Sending Solicit

Larrikin · Feb 26, 2019, 11:34 PM

@derelict 0_1551224042344_packetcapture.cap.zip

That's the latest packet capture based on turning on "request only an IPv6 prefix".

Larrikin · Feb 26, 2019, 11:37 PM

@derelict said in IPv6 Native with Telstra, Australia:

OK and what did the dhcp6c logs look like when you only enabled that and tried it?

You're going to have to be a lot more forthcoming with information. We can't test it from here. Only you can.

Mate - really appreciate you helping me. Apologies if I am not giving enough info. I'll just assume from here on in to include logs and packet captures every time you ask me to change something. Shout out if you need more info than those things.

What just seems strange to me is this whole neighbor solicitation thing on ICMP. It doesn't seem to be able to get past that and onto UDP.

Larrikin · Feb 26, 2019, 11:43 PM

@derelict This is the only info I can get out of the Telstra router which does get a valid IPv6 address. Not sure its helpful, but thought I'd give it to you:

01.01.2018 11:01:08 DHCPv6: Request on eth0, interval 4000ms.
01.01.2018 11:01:10 DHCPv6: gets IPv6 address: 2001:8003:f00:3209:ac01:1e31:de2d:8725/128, valid/preferred: 3600/3600, PD: 2001:8003:Xxxx:6600::/56, valid/preferred: 3600/3600, gateway: fe80::4e16:fcff:fe2f:893, DNS:

Larrikin · Feb 26, 2019, 11:47 PM

@derelict More DHCPv6 logs from a reboot:

Feb 27 10:45:51 dhcp6c 50809 reset a timer on em0, state=SOLICIT, timeo=0, retrans=1091
Feb 27 10:45:51 dhcp6c 50809 send solicit to ff02::1:2%em0
Feb 27 10:45:51 dhcp6c 50809 set IA_PD
Feb 27 10:45:51 dhcp6c 50809 set IA_PD prefix
Feb 27 10:45:51 dhcp6c 50809 set option request (len 4)
Feb 27 10:45:51 dhcp6c 50809 set elapsed time (len 2)
Feb 27 10:45:51 dhcp6c 50809 set client ID (len 14)
Feb 27 10:45:51 dhcp6c 50809 a new XID (57b82e) is generated
Feb 27 10:45:51 dhcp6c 50809 Sending Solicit
Feb 27 10:45:50 dhcp6c 50809 reset a timer on em0, state=INIT, timeo=0, retrans=891
Feb 27 10:45:50 dhcp6c 50646 called
Feb 27 10:45:50 dhcp6c 50646 called
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>end of closure [}] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>end of closure [}] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[8] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[sla-len] (7)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[0] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[sla-id] (6)
Feb 27 10:45:50 dhcp6c 50646 <3>begin of closure [{] (1)
Feb 27 10:45:50 dhcp6c 50646 <5>[em1] (3)
Feb 27 10:45:50 dhcp6c 50646 <3>[prefix-interface] (16)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[infinity] (8)
Feb 27 10:45:50 dhcp6c 50646 <3>[56] (2)
Feb 27 10:45:50 dhcp6c 50646 <3>[/] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[::] (2)
Feb 27 10:45:50 dhcp6c 50646 <3>[prefix] (6)
Feb 27 10:45:50 dhcp6c 50646 <13>begin of closure [{] (1)
Feb 27 10:45:50 dhcp6c 50646 <13>[0] (1)
Feb 27 10:45:50 dhcp6c 50646 <13>[pd] (2)
Feb 27 10:45:50 dhcp6c 50646 <3>[id-assoc] (8)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>end of closure [}] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>comment [# we'd like some nameservers please] (35)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
Feb 27 10:45:50 dhcp6c 50646 <3>[script] (6)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[domain-name] (11)
Feb 27 10:45:50 dhcp6c 50646 <3>[request] (7)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[domain-name-servers] (19)
Feb 27 10:45:50 dhcp6c 50646 <3>[request] (7)
Feb 27 10:45:50 dhcp6c 50646 <3>comment [# request prefix delegation] (27)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[0] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[ia-pd] (5)
Feb 27 10:45:50 dhcp6c 50646 <3>[send] (4)
Feb 27 10:45:50 dhcp6c 50646 <3>begin of closure [{] (1)
Feb 27 10:45:50 dhcp6c 50646 <5>[em0] (3)
Feb 27 10:45:50 dhcp6c 50646 <3>[interface] (9)
Feb 27 10:45:50 dhcp6c 50646 skip opening control port
Feb 27 10:45:50 dhcp6c 50646 failed initialize control message authentication
Feb 27 10:45:50 dhcp6c 50646 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Feb 27 10:45:50 dhcp6c 50646 extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:24:07:f7:52:00:0c:29:05:a3:a1

Derelict · Feb 27, 2019, 12:28 AM

That doesn't show a DHCP attempt.

You might want to reset to defaults and start over.

Resetting everything related to the WAN DHCP6 should be enough but nobody knows what you've clicked to try to fix this.