IPv6 Connectivity problem in vm

Gertjan

Why did you decide to use "Interface Tracking" ?
As per ISP information ?

According to https://docs.netgate.com/pfsense/en/latest/book/interfaces/ipv6-wan-types.html#track-interface there should be lines in the logs related to this delegation exchange. Are there any logs lines ? Logs lines are the principal source of information when debugging - and you have none ??

You have a dual WAN (also a very error prone thing) : you're tracking the right WAN interface ?
And what about System > Routing > Gateways : is the right gateway selected ?

edit : NDP uses ICMP6 for discovering "who lives on a network segment" and is somewhat comparable with the ARP protocol used by IPv4. It's build into the IPv6 kernel and driver stack part, and doesn't need any user configuration. ( although : block ICMP6 on your LAN type interface and you'll "break" IPv6 )
See https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol

Bob.Dig

@Gertjan I don't have dual wan and track interface is the default in pfSense. What is wrong with that?

"Change DHCPv6 display lease time from UTC to local time" didn't help.

Bob.Dig

@Gertjan I appreciate your help but you have a total different setup with that he-tunnel and probably not having dualstack on your wan.

Bob.Dig

When I do a "route print" in the windows vm, there is a difference between full connectivity and problematic connectivity. The following (first) line is missing after some time.

IPv6 Route Table
Active Routes:
If Metric Network Destination Gateway
9 271 ::/0 fe80::215:5dff:fe01:7507

This is the PrivatSwitch Interface.

Bob.Dig

I found this in the logs:
route 0::/0 lifetime (60) conflicts with AdvDefaultLifetime (0), default routes will flap!

So I guess it is a problem with radvd. Ubuntu has no problem with that but windows does. I remember when I was adding the second LAN-Interface called Privat Switch, it was missing the defaults at least under Router Advertisements completely. I also switched the interfaces once, which one should get IPv6 and which one not. So something is broken there.

Is there a way in pfSense to bring the defaults to that setting?

JKnott

@Bob-Dig said in IPv6 Connectivity problem in vm:

So I guess it is a problem with radvd. Ubuntu has no problem with that but windows does.

I have 2 computers with Windows 10 in VirtualBox on Linux. Neither have a problem with radvd. You can run Wireshark in Windows and watch for ICMP6 to see what's happening.

Bob.Dig

@JKnott Thanks. But I guess you don't have those problems under
Status - System Logs - SystemRouting like I have, log was flooded with:

route 0::/0 lifetime (60) conflicts with AdvDefaultLifetime (0), default routes will flap!

So after I changed the Router lifetime to 1000s in ServicesDHCPv6 Server & RA PRIVATSWITCHRouter Advertisements
Later I get those log entries flooding:

Mar 13 08:58:28 	radvd 	81932 	version 2.18 started
Mar 13 08:58:29 	radvd 	82558 	attempting to reread config file
Mar 13 08:58:29 	radvd 	82558 	resuming normal operation
Mar 13 08:58:31 	radvd 	82558 	attempting to reread config file
Mar 13 08:58:31 	radvd 	82558 	resuming normal operation
Mar 13 08:58:45 	radvd 	82558 	attempting to reread config file
Mar 13 08:58:45 	radvd 	82558 	resuming normal operation 

Also I am using the 2.5.0-DEVELOPMENT Branch

So is it possible to reset the DHCPv6 Server & RA, because there seems to be the problem.

Gertjan

Dono if this is related : https://redmine.pfsense.org/projects/pfsense/issues?per_page=100&query_id=104, look for the 'radv' occurrences on the list.

@JKnott : you're using 2.5.0 - and if so, what version ?

Bob.Dig

@Gertjan 2.5.0 get updates three times a day and I am remembering the problem with no defaults for the DHCPv6 Server & RA was only when I was adding the second LAN-Interface later on. So probably no one noticed it.

If I can't reset it, I will have to go back to 2.4.* and do everything manually.

Gertjan

There is no reset button.

But what you can do, is saving your config, and then reset to default the entire setup.
When done, take a look at the config xml file, look for 'radv', and compare and copy if needed that part into your config.xml.

This a a part of the config, related to 'radv' :

You'll find two blocks of these, as you have two LAN type interfaces.

When you edited (if needed), you import back in your config file.

Bob.Dig

What I finally did was deleting the interface and then creating it new. This time there seems to be no problem.

Thanks everybody.

I have to read more log files to get a sense, when there is something not ok.

Also I crafted some new IPv6 addresses in the DHCPv6 Server, like this one:
::192:168:2:37