IPv6 stops working after about 30 mins
-
I use pfSense as a modem/router since about 1 year with IPv4 (PPPoE connection).
I now configured pfSense for dual stack IPv4 / IPv6.
My interfaces get public IPv6 addresses, I can ping IPv6 addresses from these interfaces (via Diagnostics>Ping in pfSense) and IPv6 tests (test-ipv6.com and the like) from a wireless Windows client on the 178_COMP network work flawlessly.
Unfortunately, after about 30 mins, I can no longer ping IPv6 addresses from the interfaces and IPv6 tests from the wireless Windows client fail .
When I disconnect and reconnect the WAN interface, it works again and fails again after about 30 mins. Grateful for any pointers to what's going on .Here is a screenshot of my interfaces (the blanked out parts in the IPv6 addresses are identical between WAN, LAN and 178_COMP):
My ISP provided me with the following info regarding IPv6:
- native IPv6
- DHCPv6
- Prefix delegation size: /56 (dynamic)
So, I configured my WAN interface as follows (the MTU of 1492 was a value given by my ISP when configuring pfSense for IPv4 a year ago):
The LAN and 178_COMP interface are configured such (in LAN, the IPv6 Prefix ID is 0):
Here's a screenshot from the DHCPv6 server for the 178_COMP interface (RA is set to assisted):
Here's a screenshot from the Windows wireless client (this was after another disconnect/reconnect of the WAN, so the network prefix changed but it is identical to the network prefix of the 178_COMP interface). When doing (successful) IPv6 tests with this client, the tests say that it's public IPv6 address is the one ending on c54b (Temporary IPv6 address)
This is what I see in the DHCP system logs from reconnecting the WAN to the point where IPv6 fails (I replaced some values by U, V, X, Y, Z):
Mar 15 00:11:32 dhcp6c 78579 Sending Solicit Mar 15 00:11:32 dhcp6c 78579 a new XID (73645e) is generated Mar 15 00:11:32 dhcp6c 78579 set client ID (len 14) Mar 15 00:11:32 dhcp6c 78579 set identity association Mar 15 00:11:32 dhcp6c 78579 set elapsed time (len 2) Mar 15 00:11:32 dhcp6c 78579 set option request (len 4) Mar 15 00:11:32 dhcp6c 78579 set IA_PD Mar 15 00:11:32 dhcp6c 78579 send solicit to ff02::1:2%pppoe0 Mar 15 00:11:32 dhcp6c 78579 reset a timer on pppoe0, state=SOLICIT, timeo=0, retrans=1091 Mar 15 00:11:34 dhcp6c 78579 Sending Solicit Mar 15 00:11:34 dhcp6c 78579 set client ID (len 14) Mar 15 00:11:34 dhcp6c 78579 set identity association Mar 15 00:11:34 dhcp6c 78579 set elapsed time (len 2) Mar 15 00:11:34 dhcp6c 78579 set option request (len 4) Mar 15 00:11:34 dhcp6c 78579 set IA_PD Mar 15 00:11:34 dhcp6c 78579 send solicit to ff02::1:2%pppoe0 Mar 15 00:11:34 dhcp6c 78579 reset a timer on pppoe0, state=SOLICIT, timeo=1, retrans=2083 Mar 15 00:11:36 dhcp6c 78579 Sending Solicit Mar 15 00:11:36 dhcp6c 78579 set client ID (len 14) Mar 15 00:11:36 dhcp6c 78579 set identity association Mar 15 00:11:36 dhcp6c 78579 set elapsed time (len 2) Mar 15 00:11:36 dhcp6c 78579 set option request (len 4) Mar 15 00:11:36 dhcp6c 78579 set IA_PD Mar 15 00:11:36 dhcp6c 78579 send solicit to ff02::1:2%pppoe0 Mar 15 00:11:36 dhcp6c 78579 reset a timer on pppoe0, state=SOLICIT, timeo=2, retrans=3982 Mar 15 00:11:36 dhcp6c 78579 receive advertise from fe80::YYYY:YYYY:YYYY:3100%pppoe0 on pppoe0 Mar 15 00:11:36 dhcp6c 78579 get DHCP option server ID, len 10 Mar 15 00:11:36 dhcp6c 78579 DUID: 00:03:00:01:38:0e:4d:d3:31:00 Mar 15 00:11:36 dhcp6c 78579 get DHCP option client ID, len 14 Mar 15 00:11:36 dhcp6c 78579 DUID: 00:01:00:01:24:91:24:1e:ac:1f:6b:7c:8a:94 Mar 15 00:11:36 dhcp6c 78579 get DHCP option IA_PD, len 41 Mar 15 00:11:36 dhcp6c 78579 IA_PD: ID=0, T1=600, T2=960 Mar 15 00:11:36 dhcp6c 78579 get DHCP option IA_PD prefix, len 25 Mar 15 00:11:36 dhcp6c 78579 IA_PD prefix: 2a02:ZZZ:4c6:f400::/56 pltime=1200 vltime=3600 Mar 15 00:11:36 dhcp6c 78579 get DHCP option DNS, len 32 Mar 15 00:11:36 dhcp6c 78579 server ID: 00:03:00:01:38:0e:4d:d3:31:00, pref=-1 Mar 15 00:11:36 dhcp6c 78579 reset timer for pppoe0 to 0.998901 Mar 15 00:11:37 dhcp6c 78579 picked a server (ID: 00:03:00:01:38:0e:4d:d3:31:00) Mar 15 00:11:37 dhcp6c 78579 Sending Request Mar 15 00:11:37 dhcp6c 78579 a new XID (f4ce9d) is generated Mar 15 00:11:37 dhcp6c 78579 set client ID (len 14) Mar 15 00:11:37 dhcp6c 78579 set server ID (len 10) Mar 15 00:11:37 dhcp6c 78579 set elapsed time (len 2) Mar 15 00:11:37 dhcp6c 78579 set option request (len 4) Mar 15 00:11:37 dhcp6c 78579 set IA_PD prefix Mar 15 00:11:37 dhcp6c 78579 set IA_PD Mar 15 00:11:37 dhcp6c 78579 send request to ff02::1:2%pppoe0 Mar 15 00:11:37 dhcp6c 78579 reset a timer on pppoe0, state=REQUEST, timeo=0, retrans=1025 Mar 15 00:11:37 dhcp6c 78579 receive reply from fe80::YYYY:YYYY:YYYY:3100%pppoe0 on pppoe0 Mar 15 00:11:37 dhcp6c 78579 get DHCP option server ID, len 10 Mar 15 00:11:37 dhcp6c 78579 DUID: 00:03:00:01:38:0e:4d:d3:31:00 Mar 15 00:11:37 dhcp6c 78579 get DHCP option client ID, len 14 Mar 15 00:11:37 dhcp6c 78579 DUID: 00:01:00:01:24:91:24:1e:ac:1f:6b:7c:8a:94 Mar 15 00:11:37 dhcp6c 78579 get DHCP option IA_PD, len 41 Mar 15 00:11:37 dhcp6c 78579 IA_PD: ID=0, T1=600, T2=960 Mar 15 00:11:37 dhcp6c 78579 get DHCP option IA_PD prefix, len 25 Mar 15 00:11:37 dhcp6c 78579 IA_PD prefix: 2a02:ZZZ:4c6:f400::/56 pltime=1200 vltime=3600 Mar 15 00:11:37 dhcp6c 78579 get DHCP option DNS, len 32 Mar 15 00:11:37 dhcp6c 78579 dhcp6c Received REQUEST Mar 15 00:11:37 dhcp6c 78579 nameserver[0] 2a02:ZZZ:0:195:218:24:0:2 Mar 15 00:11:37 dhcp6c 78579 nameserver[1] 2a02:ZZZ:0:195:218:2:32:38 Mar 15 00:11:37 dhcp6c 78579 make an IA: PD-0 Mar 15 00:11:37 dhcp6c 78579 create a prefix 2a02:ZZZ:4c6:f400::/56 pltime=1200, vltime=3600 Mar 15 00:11:37 dhcp6c 78579 add an address 2a02:ZZZ:4c6:f400:XXXX:XXXX:XXXX:84e1/64 on igb1 Mar 15 00:11:37 dhcp6c 78579 add an address 2a02:ZZZ:4c6:f401:XXXX:XXXX:XXXX:8a94/64 on ix0.178 Mar 15 00:11:37 dhcp6c 78579 executes /var/etc/dhcp6c_wan_script.sh Mar 15 00:11:47 dhcp6c dhcp6c REQUEST on pppoe0 - running rc.newwanipv6 Mar 15 00:11:47 dhcp6c 78579 script "/var/etc/dhcp6c_wan_script.sh" terminated Mar 15 00:11:47 dhcp6c 78579 removing an event on pppoe0, state=REQUEST Mar 15 00:11:47 dhcp6c 78579 removing server (ID: 00:03:00:01:38:0e:4d:d3:31:00) Mar 15 00:11:47 dhcp6c 78579 got an expected reply, sleeping. Mar 15 00:21:37 dhcp6c 78579 IA timeout for PD-0, state=ACTIVE Mar 15 00:21:37 dhcp6c 78579 reset a timer on pppoe0, state=RENEW, timeo=0, retrans=10244 Mar 15 00:21:37 dhcp6c 78579 Sending Renew Mar 15 00:21:37 dhcp6c 78579 a new XID (d7bdae) is generated Mar 15 00:21:37 dhcp6c 78579 set client ID (len 14) Mar 15 00:21:37 dhcp6c 78579 set server ID (len 10) Mar 15 00:21:37 dhcp6c 78579 set elapsed time (len 2) Mar 15 00:21:37 dhcp6c 78579 set option request (len 4) Mar 15 00:21:37 dhcp6c 78579 set IA_PD prefix Mar 15 00:21:37 dhcp6c 78579 set IA_PD Mar 15 00:21:37 dhcp6c 78579 send renew to ff02::1:2%pppoe0 Mar 15 00:21:37 dhcp6c 78579 receive reply from fe80::YYYY:YYYY:YYYY:3100%pppoe0 on pppoe0 Mar 15 00:21:37 dhcp6c 78579 get DHCP option server ID, len 10 Mar 15 00:21:37 dhcp6c 78579 DUID: 00:03:00:01:38:0e:4d:d3:31:00 Mar 15 00:21:37 dhcp6c 78579 get DHCP option client ID, len 14 Mar 15 00:21:37 dhcp6c 78579 DUID: 00:01:00:01:24:91:24:1e:ac:1f:6b:7c:8a:94 Mar 15 00:21:37 dhcp6c 78579 get DHCP option IA_PD, len 41 Mar 15 00:21:37 dhcp6c 78579 IA_PD: ID=0, T1=600, T2=960 Mar 15 00:21:37 dhcp6c 78579 get DHCP option IA_PD prefix, len 25 Mar 15 00:21:37 dhcp6c 78579 IA_PD prefix: 2a02:ZZZ:4c6:f400::/56 pltime=1200 vltime=3600 Mar 15 00:21:37 dhcp6c 78579 get DHCP option DNS, len 32 Mar 15 00:21:37 dhcp6c 78579 dhcp6c Received INFO Mar 15 00:21:37 dhcp6c 78579 nameserver[0] 2a02:ZZZ:0:195:218:24:0:2 Mar 15 00:21:37 dhcp6c 78579 nameserver[1] 2a02:ZZZ:0:195:218:2:32:38 Mar 15 00:21:37 dhcp6c 78579 update an IA: PD-0 Mar 15 00:21:37 dhcp6c 78579 update a prefix 2a02:ZZZ:4c6:f400::/56 pltime=1200, vltime=3600 Mar 15 00:21:37 dhcp6c 78579 executes /var/etc/dhcp6c_wan_script.sh Mar 15 00:21:37 dhcp6c dhcp6c renew, no change - bypassing update on pppoe0 Mar 15 00:21:37 dhcp6c 78579 script "/var/etc/dhcp6c_wan_script.sh" terminated Mar 15 00:21:37 dhcp6c 78579 removing an event on pppoe0, state=RENEW Mar 15 00:21:37 dhcp6c 78579 got an expected reply, sleeping. Mar 15 00:31:37 dhcp6c 78579 IA timeout for PD-0, state=ACTIVE Mar 15 00:31:37 dhcp6c 78579 reset a timer on pppoe0, state=RENEW, timeo=0, retrans=9557 Mar 15 00:31:37 dhcp6c 78579 Sending Renew Mar 15 00:31:37 dhcp6c 78579 a new XID (7727c4) is generated Mar 15 00:31:37 dhcp6c 78579 set client ID (len 14) Mar 15 00:31:37 dhcp6c 78579 set server ID (len 10) Mar 15 00:31:37 dhcp6c 78579 set elapsed time (len 2) Mar 15 00:31:37 dhcp6c 78579 set option request (len 4) Mar 15 00:31:37 dhcp6c 78579 set IA_PD prefix Mar 15 00:31:37 dhcp6c 78579 set IA_PD Mar 15 00:31:37 dhcp6c 78579 send renew to ff02::1:2%pppoe0 Mar 15 00:31:37 dhcp6c 78579 receive reply from fe80::YYYY:YYYY:YYYY:3100%pppoe0 on pppoe0 Mar 15 00:31:37 dhcp6c 78579 get DHCP option server ID, len 10 Mar 15 00:31:37 dhcp6c 78579 DUID: 00:03:00:01:38:0e:4d:d3:31:00 Mar 15 00:31:37 dhcp6c 78579 get DHCP option client ID, len 14 Mar 15 00:31:37 dhcp6c 78579 DUID: 00:01:00:01:24:91:24:1e:ac:1f:6b:7c:8a:94 Mar 15 00:31:37 dhcp6c 78579 get DHCP option IA_PD, len 41 Mar 15 00:31:37 dhcp6c 78579 IA_PD: ID=0, T1=600, T2=960 Mar 15 00:31:37 dhcp6c 78579 get DHCP option IA_PD prefix, len 25 Mar 15 00:31:37 dhcp6c 78579 IA_PD prefix: 2a02:ZZZ:4c6:f400::/56 pltime=1200 vltime=3600 Mar 15 00:31:37 dhcp6c 78579 get DHCP option DNS, len 32 Mar 15 00:31:37 dhcp6c 78579 dhcp6c Received INFO Mar 15 00:31:37 dhcp6c 78579 nameserver[0] 2a02:ZZZ:0:195:218:24:0:2 Mar 15 00:31:37 dhcp6c 78579 nameserver[1] 2a02:ZZZ:0:195:218:2:32:38 Mar 15 00:31:37 dhcp6c 78579 update an IA: PD-0 Mar 15 00:31:37 dhcp6c 78579 update a prefix 2a02:ZZZ:4c6:f400::/56 pltime=1200, vltime=3600 Mar 15 00:31:37 dhcp6c 78579 executes /var/etc/dhcp6c_wan_script.sh Mar 15 00:31:37 dhcp6c dhcp6c renew, no change - bypassing update on pppoe0 Mar 15 00:31:37 dhcp6c 78579 script "/var/etc/dhcp6c_wan_script.sh" terminated Mar 15 00:31:37 dhcp6c 78579 removing an event on pppoe0, state=RENEW Mar 15 00:31:37 dhcp6c 78579 got an expected reply, sleeping. Mar 15 00:41:37 dhcp6c 78579 IA timeout for PD-0, state=ACTIVE Mar 15 00:41:37 dhcp6c 78579 reset a timer on pppoe0, state=RENEW, timeo=0, retrans=10192 Mar 15 00:41:37 dhcp6c 78579 Sending Renew Mar 15 00:41:37 dhcp6c 78579 a new XID (381cbb) is generated Mar 15 00:41:37 dhcp6c 78579 set client ID (len 14) Mar 15 00:41:37 dhcp6c 78579 set server ID (len 10) Mar 15 00:41:37 dhcp6c 78579 set elapsed time (len 2) Mar 15 00:41:37 dhcp6c 78579 set option request (len 4) Mar 15 00:41:37 dhcp6c 78579 set IA_PD prefix Mar 15 00:41:37 dhcp6c 78579 set IA_PD Mar 15 00:41:37 dhcp6c 78579 send renew to ff02::1:2%pppoe0 Mar 15 00:41:37 dhcp6c 78579 receive reply from fe80::YYYY:YYYY:YYYY:3100%pppoe0 on pppoe0 Mar 15 00:41:37 dhcp6c 78579 get DHCP option server ID, len 10 Mar 15 00:41:37 dhcp6c 78579 DUID: 00:03:00:01:38:0e:4d:d3:31:00 Mar 15 00:41:37 dhcp6c 78579 get DHCP option client ID, len 14 Mar 15 00:41:37 dhcp6c 78579 DUID: 00:01:00:01:24:91:24:1e:ac:1f:6b:7c:8a:94 Mar 15 00:41:37 dhcp6c 78579 get DHCP option IA_PD, len 41 Mar 15 00:41:37 dhcp6c 78579 IA_PD: ID=0, T1=600, T2=960 Mar 15 00:41:37 dhcp6c 78579 get DHCP option IA_PD prefix, len 25 Mar 15 00:41:37 dhcp6c 78579 IA_PD prefix: 2a02:ZZZ:4c6:f400::/56 pltime=1200 vltime=3600 Mar 15 00:41:37 dhcp6c 78579 get DHCP option DNS, len 32 Mar 15 00:41:37 dhcp6c 78579 dhcp6c Received INFO Mar 15 00:41:37 dhcp6c 78579 nameserver[0] 2a02:ZZZ:0:195:218:24:0:2 Mar 15 00:41:37 dhcp6c 78579 nameserver[1] 2a02:ZZZ:0:195:218:2:32:38 Mar 15 00:41:37 dhcp6c 78579 update an IA: PD-0 Mar 15 00:41:37 dhcp6c 78579 update a prefix 2a02:ZZZ:4c6:f400::/56 pltime=1200, vltime=3600 Mar 15 00:41:37 dhcp6c 78579 executes /var/etc/dhcp6c_wan_script.sh Mar 15 00:41:37 dhcp6c dhcp6c renew, no change - bypassing update on pppoe0 Mar 15 00:41:37 dhcp6c 78579 script "/var/etc/dhcp6c_wan_script.sh" terminated Mar 15 00:41:37 dhcp6c 78579 removing an event on pppoe0, state=RENEW Mar 15 00:41:37 dhcp6c 78579 got an expected reply, sleeping.
In the Gateways system logs, I see some error messages (but these appear when IPv6 is still working):
Mar 15 00:11:09 dpinger WAN_DHCP6 fe80::YYYY:YYYY:YYYY:3100%pppoe0: sendto error: 65 Mar 15 00:11:09 dpinger WAN_DHCP6 fe80::YYYY:YYYY:YYYY:3100%pppoe0: sendto error: 65 Mar 15 00:11:10 dpinger WAN_DHCP6 fe80::YYYY:YYYY:YYYY:3100%pppoe0: sendto error: 65 Mar 15 00:11:10 dpinger WAN_DHCP6 fe80::YYYY:YYYY:YYYY:3100%pppoe0: sendto error: 65 Mar 15 00:11:11 dpinger WAN_DHCP6 fe80::YYYY:YYYY:YYYY:3100%pppoe0: sendto error: 6 Mar 15 00:11:11 dpinger WAN_DHCP6 fe80::YYYY:YYYY:YYYY:3100%pppoe0: sendto error: 6 Mar 15 00:11:12 dpinger WAN_DHCP6 fe80::YYYY:YYYY:YYYY:3100%pppoe0: sendto error: 6 Mar 15 00:11:35 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 195.VVV.VV.6 bind_addr 8U.UUU.UU.U03 identifier "WAN_PPPOE " Mar 15 00:11:35 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr fe80::YYYY:YYYY:YYYY:3100%pppoe0 bind_addr fe80::XXXX:XXXX:XXXX:84e1%pppoe0 identifier "WAN_DHCP6 " Mar 15 00:11:39 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 195.VVV.VV.6 bind_addr 8U.UUU.UU.U03 identifier "WAN_PPPOE " Mar 15 00:11:39 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr fe80::YYYY:YYYY:YYYY:3100%pppoe0 bind_addr fe80::XXXX:XXXX:XXXX:84e1%pppoe0 identifier "WAN_DHCP6 " Mar 15 00:11:46 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 195.VVV.VV.6 bind_addr 8U.UUU.UU.U03 identifier "WAN_PPPOE " Mar 15 00:11:46 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr fe80::YYYY:YYYY:YYYY:3100%pppoe0 bind_addr fe80::XXXX:XXXX:XXXX:84e1%pppoe0 identifier "WAN_DHCP6 "
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
Prefix delegation size: /56 (dynamic)
Yet you show 48 for prefix delegation size. I don't know if that will cause the problem, but the two should match. Since your ISP provides a /56. you can use that or longer. So, you could use 56 or 60 or even 64 etc., but not 48. Also, do the devices still have valid IPv6 addresses after it fails?
BTW, that /56 means you can have up to 256 networks, each with it's own /64. I see you selected 1 for your prefix ID. That's your 2nd /64. If you wanted to use the first, it would be 0. Your choices are 0 - ff and must be different for each interface.
-
Thanks for taking the time to look at my problem. I clearly misunderstood 'Prefix Delegation Size' in the DHCPv6 Server Options. I thought this was only relevant if other routers were behind the pfSense box.
So I changed 'Prefix Delegation Size' to /64 because I want LAN, 178_COMP, etc each to have a /64 subnet. Do I need to enter something for 'Prefix Delegation Range'?
@JKnott said in IPv6 stops working after about 30 mins:
I see you selected 1 for your prefix ID. That's your 2nd /64. If you wanted to use the first, it would be 0. Your choices are 0 - ff and must be different for each interface.
I gave 0 to the LAN interface and 1 to the 178_COMP interface.
-
Take the whole /56. That's what I did, even though I've only used 4 /64s. With 64, you're only asking for a single /64. With 128 bit IPv6 addresses, the least significant 64 bits are for the host address within a /64 and the most significant bits, specify your network.
Incidentally, some ISPs hand out /48s, which provide 65536 /64s.
Also, with IPv6 we no longer have to worry about an address shortage. With only 1/8th of the IPv6 address space allocated for Global Unique Addresses, there are enough /48s for every single person on earth to have over 4000 of them.
One other thing you might notice is that routeable addresses are not needed for routing. You'll often see link local (start with fe80) addresses used.
-
OK, I've set 'Prefix Delegation Size' in the DHCPv6 Options to /56.
Unfortunately, the problem came back, as before
@JKnott said in IPv6 stops working after about 30 mins:
Also, do the devices still have valid IPv6 addresses after it fails?
The IPv6 addresses don't change after it fails.
-
I found this topic which points to OpenVPN as the culprit.
I have only configured OpenVPN for IPv4, but notice that in 'Advanced configuration' under VPN>OpenVPN>Servers, the option 'Gateway creation' is set by default to 'both' IPv4 and IPv6. Could this be the problem?
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
Could this be the problem?
I wouldn't think so. OpenVPN has nothing to do with connecting to your ISP. Can you ping6 from pfSense to, for example. ipv6.google.com?
-
and what version of pfsense is it ? the symptom is very similar to the problem we have with radvd on 2.5.0
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
I have only configured OpenVPN for IPv4
I have OpenVPN configured to use only IPv4, but to carry both IPv4 and IPv6.
-
@JKnott said in IPv6 stops working after about 30 mins:
Can you ping6 from pfSense to, for example. ipv6.google.com?
Yes (until it stops working after about 30 mins):
-
It's the latest stable version: 2.4.4-RELEASE-p3 (amd64)
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
Yes (until it stops working after about 30 mins):
It's beginning to sound like an ISP problem. Can you connect a computer directly to the modem, with the modem in bridge mode? If you're worried about putting a computer directly on the Internet, you can use a Linux live USB stick or disc.
-
One other thing. Does the problem happen with the modem in gateway mode? If it fails there too, it's an ISP problem.
-
I saw this in another recent thread also - a with 2.5.0 as the version :
If the "defined range" is defined - it should be defined, why doesn't it show it ?
It should mention your 'base' IPv6 /56 .....
I don't know if this is actually an issue. Or just a visual issue.
I'm using a ISP that gives me a fixed /48 so I actually hard code my LAN IPv6 first /64 - ending with xxxx.xxxx.xxxx.xxx0::1
The second LAN has xxxx.xxxx.xxxx.xxx1::1 /64 etc.Your ISP might change the IPv6 base address - (but why ??? seems only useful for people that also have to change their phone number x times a day) so : what about changing for some time - to expeient - your IP6 as static ?
Your DHCPv6 pool should look alright now - and DHCPv6 starts to work - it does so for me.Btw : your IPv6 gateway is a fe80::..... mine is a 'real'" 2001:470:1f12:5c0::1 ".
Also :Mar 15 00:11:09 dpinger WAN_DHCP6 fe80::YYYY:YYYY:YYYY:3100%pppoe0: sendto error: 65
this tells me that me that fe80::YYYY:YYYY:YYYY:3100%pppoe0 is out of business.
Note : These are just my observations. By no means I'm an IPv6 expert - just using it, since 2010, using pfSense.
-
@Gertjan said in IPv6 stops working after about 30 mins:
If the "defined range" is defined - it should be defined, why doesn't it show it ?
That for the dhcpv6 server. Is he using DHCPv6 on the LAN side?
Btw : your IPv6 gateway is a fe80::..... mine is a 'real'" 2001:470:1f12:5c0::1 ".
Link local addresses are "real". They're just not routeable. You don't need routeable addresses to route. You just need to know how to get to the next hop. In fact, on point to point links, you don't even need an address, just the interface that connects to the next hop. This also works in IPv4.
Note : These are just my observations. By no means I'm an IPv6 expert - just using it, since 2010, using pfSense.
IPv6 Essentials is an excellent reference.
-
@JKnott said in IPv6 stops working after about 30 mins:
One other thing. Does the problem happen with the modem in gateway mode? If it fails there too, it's an ISP problem.
There is no modem upstream of the pfSense box. pfSense makes a direct connection via PPPoE/DHCPv6.
-
@Gertjan said in IPv6 stops working after about 30 mins:
Also :
Mar 15 00:11:09 dpinger WAN_DHCP6 fe80::YYYY:YYYY:YYYY:3100%pppoe0: sendto error: 65
this tells me that me that fe80::YYYY:YYYY:YYYY:3100%pppoe0 is out of business.
That's indeed the address of my IPv6 gateway but I get that error message at the time of reconnection of the WAN interface, i.e. when IPv6 is still working.
As JKnott already mentioned, a link local address for the IPv6 gateway should not be a problem.
I will ask my ISP whether they can have a look in their logs to see what's going on.
Could it be related to the DUID setting in System>Advanced>Networking? I didn't touch that, so it's on RAW DUID and there is a greyed DUID number in the box below. And yes, the checkbox to allow IPv6 is checked in that section .
-
Do you see any problems in
Status System Logs System Routing? -
Not that I can remember, but I'll check again tonight and report back.
-
For testing purposes you could use just /64 to be on the safe side, which also means that only one of your LAN-Interfaces will have IPv6. Again, just for testing. And don't use Wifi.
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
There is no modem upstream of the pfSense box. pfSense makes a direct connection via PPPoE/DHCPv6.
PfSense has to connect to something. PPPoE is usually carried over ADSL and there's no way pfSense can deal with that on it's own. There should be a box somewhere, that converts the ADSL line to Ethernet, which pfSense then connects to.
-
@JKnott said in IPv6 stops working after about 30 mins:
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
There is no modem upstream of the pfSense box. pfSense makes a direct connection via PPPoE/DHCPv6.
PfSense has to connect to something. PPPoE is usually carried over ADSL and there's no way pfSense can deal with that on it's own. There should be a box somewhere, that converts the ADSL line to Ethernet, which pfSense then connects to.
I have a fiber connection (FTTH, fiber to the home). Between the pfSense box and the fiber connection, there's a TP-LINK MC220L converter which, AFAIK, only converts the fiber signal to ethernet.
-
@Wholelottapfsense Have you tried DHCP instead of PPPoE?
-
@Bob-Dig
No, but at least for IPv4, my ISP required a PPPoE connection (on VLAN 35) with username and password. I'll re-check with my ISP regarding DHCP. -
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
I have a fiber connection (FTTH, fiber to the home). Between the pfSense box and the fiber connection, there's a TP-LINK MC220L converter which, AFAIK, only converts the fiber signal to ethernet.
There's a bit more to it than that, but that is what I was referring to. Can it be put in gateway mode? ISPs love to blame customer gear for their problems, so you have to do what you can to determine where the problem is. So, if there is a gateway mode and it fails as well, then it's an ISP problem. As I mentioned, you can also try a computer connected directly to your Internet connection. If that fails too, it's not a pfSense problem. A big part of resolving problems is determining what works or not.
BTW, last year I went through a similar problem with my own ISP. I have a cable modem and even though I was able to show tier 2 support the problem was within their network, the people responsible for resolving the issue refused to do anything, as I had my own router. It took a lot of effort to get them to budge, even though I had a Wireshark capture that actually named the failing system. It took a senior tech to prove it to them. He brought his own modem to my home and it failed too. He then took his modem to the head end and tried with 4 different CMTS there. It only failed on the one I was connected to. Only then did the network guys fix their problem. I also found I had to teach the tier 2 support and senior tech a bit about IPv6, as I knew more about it than they did.
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
@Bob-Dig
No, but at least for IPv4, my ISP required a PPPoE connection (on VLAN 35) with username and password. I'll re-check with my ISP regarding DHCP.I suspect PPPoE is used to establish the initial PPP connection to your ISP. Once that's set up, the PPP connection is then used to carry IPv6. You then use DHCPv6-PD to set up your local prefixes, etc..
-
@JKnott said in IPv6 stops working after about 30 mins:
I suspect PPPoE is used to establish the initial PPP connection to your ISP. Once that's set up, the PPP connection is then used to carry IPv6. You then use DHCPv6-PD to set up your local prefixes, etc..
Indeed. When I uncheck 'Use IPv4 Connectivity as Parent Interface', I don't get IPv6 addresses on my interfaces.
-
@JKnott said in IPv6 stops working after about 30 mins:
Can it be put in gateway mode?
From what I read here it seems to be a simple media converter without a user interface to change settings.
You're absolutely right about ISPs not being motivated to help you at all if you don't use their equipment (Fritzbox 5490 in the case of my ISP), unless you're a corporate customer with an expensive support plan.
At the time with the IPv4 connection, it also took numerous calls until someone told me about the VLAN 35 setting. I guess I'm in for the same fun with IPv6 ... -
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
From what I read here it seems to be a simple media converter without a user interface to change settings.
I'd be surprised if it was just a converter with nothing else. I have set up media converters at business customers, but those boxes did much more than convert. It was also a place where the circuit could be managed and tested. For example, they were capable of QonQ VLAN, so that not only could the customer use VLANs through it, the carrier could also use VLANs to separate traffic. They also like to have a place to test to. A dumb converter won't do that.
BTW, even company owned equipment can be a problem. I have a rental water heater. On Saturday I found water on the floor and traced it back to a pinhole leak in a pipe elbow. I called their service number, described the problem and where it was. When the tech came out the next day, all he knew was water leak. He hadn't been told it was on a pipe, etc. and so was completely unprepared to do the work. He then told me he had to order a special(?) part. Since when are pipe elbows "special"? They're about $2 at the local hardware store. If the tank didn't have to be drained for the repair, I could have done it myself. Hopefully the person who's coming today knows what he's supposed to do.
-
Have you tried to traceroute the IPv6 address of one of your devices on your internal network?
You should do this when IPv6 is working and when it doesn't work so you can see if there are any differences.If you don't have access to an external host you can use a website like this: https://www.ultratools.com/tools/traceRoute6
Don't forget to set the firewall rules respectively.You can also try to check the following boxes on the interface configuration page:
Only request an IPv6 prefix, do not request an IPv6 address
Send an IPv6 prefix hint to indicate the desired prefix size for delegation -
Just wanted to give an update on the issue.
I wrote to my ISP explaining the problem. I didn't get an answer, but the following day, my IPv6 connection got miraculously rock solid (since 5 days now), whereas I hadn't touched the system.
A big thanks to all the people on this forum who helped trying to find a solution