IPv6 Native with Telstra, Australia
-
@larrikin said in IPv6 Native with Telstra, Australia:
I am reading info on how other 3rd party routers have got theirs up and running with Telstra and trying to translate that into pfsense.
Maybe you should post some of those.
-
@derelict Sure. Here is one https://forums.whirlpool.net.au/archive/2597579
-
OK so prefix-only probably translates to:
Request only an IPv6 prefix
Only request an IPv6 prefix, do not request an IPv6 addressDid you check that?
-
@derelict said in IPv6 Native with Telstra, Australia:
OK so prefix-only probably translates to:
Request only an IPv6 prefix
Only request an IPv6 prefix, do not request an IPv6 addressDid you check that?
Yes - I've tried that too.
-
OK and what did the dhcp6c logs look like when you only enabled that and tried it?
You're going to have to be a lot more forthcoming with information. We can't test it from here. Only you can.
-
Here are the logs. Want another packet capture too?
Feb 27 10:26:01 dhcp6c 48288 reset a timer on em0, state=SOLICIT, timeo=4, retrans=16326
Feb 27 10:26:01 dhcp6c 48288 send solicit to ff02::1:2%em0
Feb 27 10:26:01 dhcp6c 48288 set IA_PD
Feb 27 10:26:01 dhcp6c 48288 set IA_PD prefix
Feb 27 10:26:01 dhcp6c 48288 set option request (len 4)
Feb 27 10:26:01 dhcp6c 48288 set elapsed time (len 2)
Feb 27 10:26:01 dhcp6c 48288 set client ID (len 14)
Feb 27 10:26:01 dhcp6c 48288 Sending Solicit
Feb 27 10:25:53 dhcp6c 48288 reset a timer on em0, state=SOLICIT, timeo=3, retrans=8065
Feb 27 10:25:53 dhcp6c 48288 send solicit to ff02::1:2%em0
Feb 27 10:25:53 dhcp6c 48288 set IA_PD
Feb 27 10:25:53 dhcp6c 48288 set IA_PD prefix
Feb 27 10:25:53 dhcp6c 48288 set option request (len 4)
Feb 27 10:25:53 dhcp6c 48288 set elapsed time (len 2)
Feb 27 10:25:53 dhcp6c 48288 set client ID (len 14)
Feb 27 10:25:53 dhcp6c 48288 Sending Solicit
Feb 27 10:25:49 dhcp6c 48288 reset a timer on em0, state=SOLICIT, timeo=2, retrans=3982
Feb 27 10:25:49 dhcp6c 48288 send solicit to ff02::1:2%em0
Feb 27 10:25:49 dhcp6c 48288 set IA_PD
Feb 27 10:25:49 dhcp6c 48288 set IA_PD prefix
Feb 27 10:25:49 dhcp6c 48288 set option request (len 4)
Feb 27 10:25:49 dhcp6c 48288 set elapsed time (len 2)
Feb 27 10:25:49 dhcp6c 48288 set client ID (len 14)
Feb 27 10:25:49 dhcp6c 48288 Sending Solicit
Feb 27 10:25:47 dhcp6c 48288 reset a timer on em0, state=SOLICIT, timeo=1, retrans=2083
Feb 27 10:25:47 dhcp6c 48288 send solicit to ff02::1:2%em0
Feb 27 10:25:47 dhcp6c 48288 set IA_PD
Feb 27 10:25:47 dhcp6c 48288 set IA_PD prefix
Feb 27 10:25:47 dhcp6c 48288 set option request (len 4)
Feb 27 10:25:47 dhcp6c 48288 set elapsed time (len 2)
Feb 27 10:25:47 dhcp6c 48288 set client ID (len 14)
Feb 27 10:25:47 dhcp6c 48288 Sending Solicit -
@derelict 0_1551224042344_packetcapture.cap.zip
That's the latest packet capture based on turning on "request only an IPv6 prefix".
-
@derelict said in IPv6 Native with Telstra, Australia:
OK and what did the dhcp6c logs look like when you only enabled that and tried it?
You're going to have to be a lot more forthcoming with information. We can't test it from here. Only you can.
Mate - really appreciate you helping me. Apologies if I am not giving enough info. I'll just assume from here on in to include logs and packet captures every time you ask me to change something. Shout out if you need more info than those things.
What just seems strange to me is this whole neighbor solicitation thing on ICMP. It doesn't seem to be able to get past that and onto UDP.
-
@derelict This is the only info I can get out of the Telstra router which does get a valid IPv6 address. Not sure its helpful, but thought I'd give it to you:
01.01.2018 11:01:08 DHCPv6: Request on eth0, interval 4000ms.
01.01.2018 11:01:10 DHCPv6: gets IPv6 address: 2001:8003:f00:3209:ac01:1e31:de2d:8725/128, valid/preferred: 3600/3600, PD: 2001:8003:Xxxx:6600::/56, valid/preferred: 3600/3600, gateway: fe80::4e16:fcff:fe2f:893, DNS: -
@derelict More DHCPv6 logs from a reboot:
Feb 27 10:45:51 dhcp6c 50809 reset a timer on em0, state=SOLICIT, timeo=0, retrans=1091
Feb 27 10:45:51 dhcp6c 50809 send solicit to ff02::1:2%em0
Feb 27 10:45:51 dhcp6c 50809 set IA_PD
Feb 27 10:45:51 dhcp6c 50809 set IA_PD prefix
Feb 27 10:45:51 dhcp6c 50809 set option request (len 4)
Feb 27 10:45:51 dhcp6c 50809 set elapsed time (len 2)
Feb 27 10:45:51 dhcp6c 50809 set client ID (len 14)
Feb 27 10:45:51 dhcp6c 50809 a new XID (57b82e) is generated
Feb 27 10:45:51 dhcp6c 50809 Sending Solicit
Feb 27 10:45:50 dhcp6c 50809 reset a timer on em0, state=INIT, timeo=0, retrans=891
Feb 27 10:45:50 dhcp6c 50646 called
Feb 27 10:45:50 dhcp6c 50646 called
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>end of closure [}] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>end of closure [}] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[8] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[sla-len] (7)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[0] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[sla-id] (6)
Feb 27 10:45:50 dhcp6c 50646 <3>begin of closure [{] (1)
Feb 27 10:45:50 dhcp6c 50646 <5>[em1] (3)
Feb 27 10:45:50 dhcp6c 50646 <3>[prefix-interface] (16)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[infinity] (8)
Feb 27 10:45:50 dhcp6c 50646 <3>[56] (2)
Feb 27 10:45:50 dhcp6c 50646 <3>[/] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[::] (2)
Feb 27 10:45:50 dhcp6c 50646 <3>[prefix] (6)
Feb 27 10:45:50 dhcp6c 50646 <13>begin of closure [{] (1)
Feb 27 10:45:50 dhcp6c 50646 <13>[0] (1)
Feb 27 10:45:50 dhcp6c 50646 <13>[pd] (2)
Feb 27 10:45:50 dhcp6c 50646 <3>[id-assoc] (8)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>end of closure [}] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>comment [# we'd like some nameservers please] (35)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
Feb 27 10:45:50 dhcp6c 50646 <3>[script] (6)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[domain-name] (11)
Feb 27 10:45:50 dhcp6c 50646 <3>[request] (7)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[domain-name-servers] (19)
Feb 27 10:45:50 dhcp6c 50646 <3>[request] (7)
Feb 27 10:45:50 dhcp6c 50646 <3>comment [# request prefix delegation] (27)
Feb 27 10:45:50 dhcp6c 50646 <3>end of sentence [;] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[0] (1)
Feb 27 10:45:50 dhcp6c 50646 <3>[ia-pd] (5)
Feb 27 10:45:50 dhcp6c 50646 <3>[send] (4)
Feb 27 10:45:50 dhcp6c 50646 <3>begin of closure [{] (1)
Feb 27 10:45:50 dhcp6c 50646 <5>[em0] (3)
Feb 27 10:45:50 dhcp6c 50646 <3>[interface] (9)
Feb 27 10:45:50 dhcp6c 50646 skip opening control port
Feb 27 10:45:50 dhcp6c 50646 failed initialize control message authentication
Feb 27 10:45:50 dhcp6c 50646 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Feb 27 10:45:50 dhcp6c 50646 extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:24:07:f7:52:00:0c:29:05:a3:a1 -
That doesn't show a DHCP attempt.
You might want to reset to defaults and start over.
Resetting everything related to the WAN DHCP6 should be enough but nobody knows what you've clicked to try to fix this.
-
@larrikin Well then that whirlpool link you posted is wrong because obviously it issues a WAN IP address.
-
Did you get traffic on IPv6/UDP/547 on the WAN? If that's not happening nothing is going to work.
-
@derelict said in IPv6 Native with Telstra, Australia:
@larrikin Well then that whirlpool link you posted is wrong because obviously it issues a WAN IP address.
Welcome to my confusion of the land of contradictions with the information that is out there on how Telstra IPv6 actually works :). The Telstra modem I showed you above has a WAN v6IP address. There is another Telstra modem I have where it doesn't get a WAN v6IP address. It's different per their modems.
-
@derelict said in IPv6 Native with Telstra, Australia:
Did you get traffic on IPv6/UDP/547 on the WAN? If that's not happening nothing is going to work.
I only get the ICMP traffic with the neighbor solicitation that you see in the packet capture. Telstra responds to my pfsense request using ICMP neighbor solicitation, but my pfsense doesn't seem to do anything with their response, so it just goes into a perpetual loop. That's the problem from Telstra's perspective.
-
@derelict said in IPv6 Native with Telstra, Australia:
That doesn't show a DHCP attempt.
You might want to reset to defaults and start over.
Resetting everything related to the WAN DHCP6 should be enough but nobody knows what you've clicked to try to fix this.
I've done exactly that. The config I have is exactly the one you've asked me to do. I have nothing else configured. Let me know if you want screen shots. I've literally disabled everything. I've even factory reset pfsense. Then freshly did the config as per what you asked. That is the config that is currently live.
-
@derelict said in IPv6 Native with Telstra, Australia:
Did you get traffic on IPv6/UDP/547 on the WAN? If that's not happening nothing is going to work.
I've reached back out to Telstra quoting you exactly on the above, and pointing them to this thread. I think that I need Telstra's engagement on this if we are to take it further. It seems from your side (correct me if I am wrong), that you feel I'm doing the right things in terms of config, and the fact we are literally seeing nothing on UDP, shows something is up on Telstra's end.
The only thing I cannot rationalise is Telstra's point that Telstra is responding to pfsense on ICMP neighbor solicitation and pfsense doesn't do anything with it. I think their position is that unless pfsense deals with that, then the problem is on the pfsense side of the fence.
Thoughts?
-
@derelict said in IPv6 Native with Telstra, Australia:
That doesn't show a DHCP attempt.
You might want to reset to defaults and start over.
Resetting everything related to the WAN DHCP6 should be enough but nobody knows what you've clicked to try to fix this.
I've just re-read this and your comment "that doesn't show a DHCP attempt" intrigues me. Is that a Telstra side issue or a pfsense side issue?
Again, I've factory reset my pfsense, and configured it the way you've asked. Is this a bug with pfsense? I am lost as to what you are suggesting the root cause might be. Is this likely a pfsense config issue or a Telstra issue?
Remember Telstra has stated this:
I can see it sending Ipv6 DHCPv6
13:30:59.553687 In
Juniper PCAP Flags [no-L2, In]
-----original packet-----
PFE proto 6 (ipv6): (hlim 1, next-header: UDP (17), length: 146) fe80::20c:29ff:fe05:a3a1.dhcpv6-server > ff02::1:2.dhcpv6-server: [udp sum ok] dhcp6 Relay-forwardIt’s also unable to establish Ipv6 neighbours which I suspect is a reason why it’s not functioning correctly
13:31:01.106029 In
Juniper PCAP Flags [no-L2, In]
-----original packet-----
PFE proto 6 (ipv6): (hlim 255, next-header: ICMPv6 (58), length: 32) fe80::20c:29ff:fe05:a3a1 > ff02::1:ff2f:893: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::4e16:fcff:fe2f:893
source link-address option (1), length 8 (1): 00:0c:29:05:a3:a1
0x0000: 000c 2905 a3a113:31:02.073018 Out
Juniper PCAP Flags [no-L2]
-----original packet-----
PFE proto 6 (ipv6): (class 0xc0, hlim 255, next-header: ICMPv6 (58), length: 32) 2001:8003:0:bdf:f0:3:9:0 > ff02::1:ff05:a3a1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::20c:29ff:fe05:a3a1
source link-address option (1), length 8 (1): 4c:16:fc:2f:08:93
0x0000: 4c16 fc2f 0893 -
@larrikin No. Your side needs to ask for a DHCP6 from the provider.
If you packet capture on the WAN as I described above and edit/save a DHCP6 WAN interface and you do not see DHCP6 packets in the capture, you are very likely doing something completely wrong. No, it's not a bug in pfSense as I have illustrated above. Thousands and thousands and thousands of people are successfully using pfSense and DHCP6. Me included.
Your ISP cannot do anything to stop at least the DHCP6 Solicit packet going out your WAN. If that is not there, you are doing it wrong.
-
@derelict said in IPv6 Native with Telstra, Australia:
@larrikin No. Your side needs to ask for a DHCP6 from the provider.
If you packet capture on the WAN as I described above and edit/save a DHCP6 WAN interface and you do not see DHCP6 packets in the capture, you are very likely doing something completely wrong. No, it's not a bug in pfSense as I have illustrated above. Thousands and thousands and thousands of people are successfully using pfSense and DHCP6. Me included.
Your ISP cannot do anything to stop at least the DHCP6 Solicit packet going out your WAN. If that is not there, you are doing it wrong.
What am I doing wrong? I've following the exact config you suggested precisely. I factory reset the pfsense firewall and then simply configured it as exactly as you instructed. I've even attached the packet capture since doing that above.
