IPv6 stops working after about 30 mins
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
Prefix delegation size: /56 (dynamic)
Yet you show 48 for prefix delegation size. I don't know if that will cause the problem, but the two should match. Since your ISP provides a /56. you can use that or longer. So, you could use 56 or 60 or even 64 etc., but not 48. Also, do the devices still have valid IPv6 addresses after it fails?
BTW, that /56 means you can have up to 256 networks, each with it's own /64. I see you selected 1 for your prefix ID. That's your 2nd /64. If you wanted to use the first, it would be 0. Your choices are 0 - ff and must be different for each interface.
-
Thanks for taking the time to look at my problem. I clearly misunderstood 'Prefix Delegation Size' in the DHCPv6 Server Options. I thought this was only relevant if other routers were behind the pfSense box.
So I changed 'Prefix Delegation Size' to /64 because I want LAN, 178_COMP, etc each to have a /64 subnet. Do I need to enter something for 'Prefix Delegation Range'?
@JKnott said in IPv6 stops working after about 30 mins:
I see you selected 1 for your prefix ID. That's your 2nd /64. If you wanted to use the first, it would be 0. Your choices are 0 - ff and must be different for each interface.
I gave 0 to the LAN interface and 1 to the 178_COMP interface.
-
Take the whole /56. That's what I did, even though I've only used 4 /64s. With 64, you're only asking for a single /64. With 128 bit IPv6 addresses, the least significant 64 bits are for the host address within a /64 and the most significant bits, specify your network.
Incidentally, some ISPs hand out /48s, which provide 65536 /64s.
Also, with IPv6 we no longer have to worry about an address shortage. With only 1/8th of the IPv6 address space allocated for Global Unique Addresses, there are enough /48s for every single person on earth to have over 4000 of them.
One other thing you might notice is that routeable addresses are not needed for routing. You'll often see link local (start with fe80) addresses used.
-
OK, I've set 'Prefix Delegation Size' in the DHCPv6 Options to /56.
Unfortunately, the problem came back, as before
@JKnott said in IPv6 stops working after about 30 mins:
Also, do the devices still have valid IPv6 addresses after it fails?
The IPv6 addresses don't change after it fails.
-
I found this topic which points to OpenVPN as the culprit.
I have only configured OpenVPN for IPv4, but notice that in 'Advanced configuration' under VPN>OpenVPN>Servers, the option 'Gateway creation' is set by default to 'both' IPv4 and IPv6. Could this be the problem?
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
Could this be the problem?
I wouldn't think so. OpenVPN has nothing to do with connecting to your ISP. Can you ping6 from pfSense to, for example. ipv6.google.com?
-
and what version of pfsense is it ? the symptom is very similar to the problem we have with radvd on 2.5.0
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
I have only configured OpenVPN for IPv4
I have OpenVPN configured to use only IPv4, but to carry both IPv4 and IPv6.
-
@JKnott said in IPv6 stops working after about 30 mins:
Can you ping6 from pfSense to, for example. ipv6.google.com?
Yes (until it stops working after about 30 mins):
-
It's the latest stable version: 2.4.4-RELEASE-p3 (amd64)
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
Yes (until it stops working after about 30 mins):
It's beginning to sound like an ISP problem. Can you connect a computer directly to the modem, with the modem in bridge mode? If you're worried about putting a computer directly on the Internet, you can use a Linux live USB stick or disc.
-
One other thing. Does the problem happen with the modem in gateway mode? If it fails there too, it's an ISP problem.
-
I saw this in another recent thread also - a with 2.5.0 as the version :
If the "defined range" is defined - it should be defined, why doesn't it show it ?
It should mention your 'base' IPv6 /56 .....
I don't know if this is actually an issue. Or just a visual issue.
I'm using a ISP that gives me a fixed /48 so I actually hard code my LAN IPv6 first /64 - ending with xxxx.xxxx.xxxx.xxx0::1
The second LAN has xxxx.xxxx.xxxx.xxx1::1 /64 etc.Your ISP might change the IPv6 base address - (but why ??? seems only useful for people that also have to change their phone number x times a day) so : what about changing for some time - to expeient - your IP6 as static ?
Your DHCPv6 pool should look alright now - and DHCPv6 starts to work - it does so for me.Btw : your IPv6 gateway is a fe80::..... mine is a 'real'" 2001:470:1f12:5c0::1 ".
Also :Mar 15 00:11:09 dpinger WAN_DHCP6 fe80::YYYY:YYYY:YYYY:3100%pppoe0: sendto error: 65this tells me that me that fe80::YYYY:YYYY:YYYY:3100%pppoe0 is out of business.
Note : These are just my observations. By no means I'm an IPv6 expert - just using it, since 2010, using pfSense.
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@Gertjan said in IPv6 stops working after about 30 mins:
If the "defined range" is defined - it should be defined, why doesn't it show it ?
That for the dhcpv6 server. Is he using DHCPv6 on the LAN side?
Btw : your IPv6 gateway is a fe80::..... mine is a 'real'" 2001:470:1f12:5c0::1 ".
Link local addresses are "real". They're just not routeable. You don't need routeable addresses to route. You just need to know how to get to the next hop. In fact, on point to point links, you don't even need an address, just the interface that connects to the next hop. This also works in IPv4.
Note : These are just my observations. By no means I'm an IPv6 expert - just using it, since 2010, using pfSense.
IPv6 Essentials is an excellent reference.
-
@JKnott said in IPv6 stops working after about 30 mins:
One other thing. Does the problem happen with the modem in gateway mode? If it fails there too, it's an ISP problem.
There is no modem upstream of the pfSense box. pfSense makes a direct connection via PPPoE/DHCPv6.
-
@Gertjan said in IPv6 stops working after about 30 mins:
Also :
Mar 15 00:11:09 dpinger WAN_DHCP6 fe80::YYYY:YYYY:YYYY:3100%pppoe0: sendto error: 65this tells me that me that fe80::YYYY:YYYY:YYYY:3100%pppoe0 is out of business.
That's indeed the address of my IPv6 gateway but I get that error message at the time of reconnection of the WAN interface, i.e. when IPv6 is still working.
As JKnott already mentioned, a link local address for the IPv6 gateway should not be a problem.
I will ask my ISP whether they can have a look in their logs to see what's going on.
Could it be related to the DUID setting in System>Advanced>Networking? I didn't touch that, so it's on RAW DUID and there is a greyed DUID number in the box below. And yes, the checkbox to allow IPv6 is checked in that section
. -
Do you see any problems in
Status System Logs System Routing? -
Not that I can remember, but I'll check again tonight and report back.
-
For testing purposes you could use just /64 to be on the safe side, which also means that only one of your LAN-Interfaces will have IPv6. Again, just for testing. And don't use Wifi.
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
There is no modem upstream of the pfSense box. pfSense makes a direct connection via PPPoE/DHCPv6.
PfSense has to connect to something. PPPoE is usually carried over ADSL and there's no way pfSense can deal with that on it's own. There should be a box somewhere, that converts the ADSL line to Ethernet, which pfSense then connects to.
