Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?

    Scheduled Pinned Locked Moved IPv6
    50 Posts 6 Posters 7.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JKnottJ
      JKnott @bimmerdriver
      last edited by

      @bimmerdriver said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

      According to the most recent email I got from the ISP, the CPE only accepts unsolicited RA with unicast destination address.

      That's nonsense. Unsolicited RAs only go to the multicast address. If they were only sent to the unicast address, how would the router know the unicast address of something that didn't send a request?

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      B 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @bimmerdriver
        last edited by

        @bimmerdriver said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

        I really doubt a VP is going to take an appointment with a residential subscriber for a bitch session about their network. lolz

        Actually, I went through something similar a few months ago. I had a problem where the cable company's CMTS wasn't working properly. I had determined the failure was not on my network and even identified the failing system by name. I had the office of the President involved and finally got it resolved, after a senior tech proved the problem was with a specific CMTS (mine) at the head end.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • JKnottJ
          JKnott @Derelict
          last edited by JKnott

          @Derelict said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

          That's pretty non-committal and I haven't found anything more authoritative but that says the response to an RS will be unicast to the host sending the RS being responded to and, if unsolicited, it will be to the all-nodes multicast address.

          Here's what it says in IPv6 Essentials 3rd ed, by Silvia Hagen, pg 90:

          "By inspecting the IP header of the Router Advertisement message, you can determine
          whether this Router Advertisement is periodic or was sent in reply to a Solicitation
          message. A periodic advertisement’s Destination address will be the all-nodes multicast
          address ff02::1. A solicited advertisement’s Destination address will be the address of the
          interface that originated the solicitation message. Again, the hop limit is set to 255."

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • jahonixJ
            jahonix @johnpoz
            last edited by

            @johnpoz said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

            ...your post on the other distro board...

            This forum is amazing! Just by following/reading this thread I learned a lot.
            On the "other distro board" wasn't even a single reply to the question. 🤔 Tells it all, doesn't it?

            Thanks for sharing knowledge and discuss professionally on this forum, really appreciate it!

            JKnottJ 1 Reply Last reply Reply Quote 1
            • JKnottJ
              JKnott @jahonix
              last edited by

              @jahonix said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

              On the "other distro board" wasn't even a single reply to the question.

              I don't know what that other distro is, but here it's all about networking with pfSense. Many of us here work professionally with networks. This means we tend to know more about networks than users on Linux sites. When I had that problem a few months ago, I found I had to teach both the tier 2 support and senior tech about some of the finer points about IPv6.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              jahonixJ 1 Reply Last reply Reply Quote 0
              • jahonixJ
                jahonix @JKnott
                last edited by

                @JKnott said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

                I don't know what that other distro is, but ...

                The fork of pfSense, maybe?
                So it's not that far off the track as "other Linux sites" might be.

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  @JKnott said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

                  I don't know what that other distro is

                  hehe - yeah bimmerdriver posted pretty much same question over on the forums for the distro that I will not name ;) I mentioned that in my posted about the juniper setting not being default to not send unsolicated RAs.

                  Its like 3rd or 4th listing on the google search I stated - if you want to find it.. Its crickets over there for his question..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • B
                    bimmerdriver @JKnott
                    last edited by

                    @JKnott said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

                    @bimmerdriver said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

                    According to the most recent email I got from the ISP, the CPE only accepts unsolicited RA with unicast destination address.

                    That's nonsense. Unsolicited RAs only go to the multicast address. If they were only sent to the unicast address, how would the router know the unicast address of something that didn't send a request?

                    I'm not going to post the email, but that's what I was told.

                    JKnottJ 1 Reply Last reply Reply Quote 0
                    • JKnottJ
                      JKnott @bimmerdriver
                      last edited by

                      @bimmerdriver said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

                      I'm not going to post the email, but that's what I was told.

                      Perhaps it's time to escalate. I find the first level support isn't much good for unusual problems, so I wind up asking for 2nd level right off. Even then, I had to explain how DHCPv6-PD worked to the tier 2 guy, including how the assigned address is not used for routing etc. I walked him through things to try, while I monitored with Packet Capture or Wireshark, tested through my cell phone and more. Then they guys who were responsible for fixing the problem refused, as I had my own equipment beyond the modem, even though the problem was proven to not be at my end. It took a lot of effort, but I finally got the problem resolved. You might have to do the same.

                      What did that guy say about the RFC that shows how it's supposed to work?

                      BTW, that book I quoted from is an excellent IPv6 reference.

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      B 1 Reply Last reply Reply Quote 0
                      • B
                        bimmerdriver @JKnott
                        last edited by bimmerdriver

                        @JKnott I'm not going to dox my contact, but "that guy" is not in first or second or any other level of support. He is an engineer. It's not that he doesn't understand what the RFCs say, but rather that these issues reflect vendor-supplied cpe and edge routers and the respective vendors won't cooperate in a timely manner or at all to resolve them. If I disagree with anything he says, it's that these issues are being tolerated and in some cases accommodated, rather than being corrected.

                        JKnottJ 1 Reply Last reply Reply Quote 0
                        • JKnottJ
                          JKnott @bimmerdriver
                          last edited by

                          @bimmerdriver said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

                          If I disagree with anything he says, it's that these issues are being tolerated and in some cases accommodated, rather than being corrected.

                          What happens with other customers? I doubt pfSense is the only router that has this issue. With that sort of attitude, perhaps it's time to find another ISP. I don't understand the point of offering a service that won't work with most of the devices out there. If you've been following here long enough, you're no doubt aware some providers have some strange ideas.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          B 1 Reply Last reply Reply Quote 0
                          • B
                            bimmerdriver @JKnott
                            last edited by bimmerdriver

                            @JKnott said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

                            @bimmerdriver said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

                            If I disagree with anything he says, it's that these issues are being tolerated and in some cases accommodated, rather than being corrected.

                            What happens with other customers? I doubt pfSense is the only router that has this issue. With that sort of attitude, perhaps it's time to find another ISP. I don't understand the point of offering a service that won't work with most of the devices out there. If you've been following here long enough, you're no doubt aware some providers have some strange ideas.

                            ISPs usually hide behind the position that if you aren't using their equipment, they are not obligated to provide any support. This is what you would get from first or second level support from virtually any ISP in my experience. You have to admit that only a very small portion of the subscriber base is using anything other than the ISP-supplied CPE.

                            As for switching ISPs, been there, done that. The only alternative is Shaw and they suck even more than Telus.

                            DerelictD JKnottJ 2 Replies Last reply Reply Quote 0
                            • DerelictD
                              Derelict LAYER 8 Netgate @bimmerdriver
                              last edited by

                              @bimmerdriver Seems they could un-disable unsolicited RAs to adhere to the standard and their devices could continue to operate outside the standard, send RSs, and get unicast RAs in response. Both should work in that case.

                              Chattanooga, Tennessee, USA
                              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                              Do Not Chat For Help! NO_WAN_EGRESS(TM)

                              1 Reply Last reply Reply Quote 0
                              • JKnottJ
                                JKnott @bimmerdriver
                                last edited by

                                @bimmerdriver said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

                                ISPs usually hide behind the position that if you aren't using their equipment, they are not obligated to provide any support. This is what you would get from first or second level support from virtually any ISP in my experience. You have to admit that only a very small portion of the subscriber base is using anything other than the ISP-supplied CPE.
                                As for switching ISPs, been there, done that. The only alternative is Shaw and they suck even more than Telus.

                                I'm on Rogers and use their modem in bridge mode, with a computer running pfSense as my firewall/router. As I mentioned, the guys responsible for maintaining the network didn't want to do anything because I had my own router/firewall, even though I was able to prove the problem was not on my network and could even identify the failing system by name. On top of that, both tier 2 support and a senior tech verified it was a Rogers problem. It was only after the senior tech brought his own modem to my home, found it failed and then took it to the head end and tested with my CMTS and 3 others, but found it only failed with mine, that they finally got around to fixing the problem. If I hadn't stuck with it and even contacted the office of the president, it would likely not be fixed and this was a problem that affected everyone on my node. Since the engineer refuses to be compliant with the RFC, then I'd say escalate to upper management and let them know their engineer is refusing to be compliant with published Internet specifications. Perhaps contacting the CRTC or CCTS might be in order.

                                PfSense running on Qotom mini PC
                                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                UniFi AC-Lite access point

                                I haven't lost my mind. It's around here...somewhere...

                                1 Reply Last reply Reply Quote 0
                                • J
                                  jdu-9999
                                  last edited by

                                  @bimmerdriver were you ever able to figure out a solution for this? I'm assuming the ISP involved is Telus. They appear to be uninterested in changing this behaviour despite my attempts to point out they are not following the RFC. The only solution they've offered is to swap out the network hardware for one of their newer modems that ignores the RFC.

                                  B 1 Reply Last reply Reply Quote 0
                                  • B
                                    bimmerdriver @jdu-9999
                                    last edited by

                                    @jdu-9999 You're correct, the ISP is Telus. To be honest, I had better things to do, so I basically gave up. I'm curious about who you talked to. Can we take this offline?

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      jdu-9999
                                      last edited by

                                      It appears that if you add a cron job to run "/sbin/rtsol -a" once an hour it'll keep the IPv6 connection. I suspect someone read RFC 6275 and decided that "Router advertisements in such networks SHOULD be sent only when solicited" also applied to this network, despite it not technically being a mobile network. (Telus are also a mobile carrier, so it's possible this is where the confusion came from.)

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.