IPv6 stops working after about 30 mins
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
I have only configured OpenVPN for IPv4
I have OpenVPN configured to use only IPv4, but to carry both IPv4 and IPv6.
-
@JKnott said in IPv6 stops working after about 30 mins:
Can you ping6 from pfSense to, for example. ipv6.google.com?
Yes (until it stops working after about 30 mins):
-
It's the latest stable version: 2.4.4-RELEASE-p3 (amd64)
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
Yes (until it stops working after about 30 mins):
It's beginning to sound like an ISP problem. Can you connect a computer directly to the modem, with the modem in bridge mode? If you're worried about putting a computer directly on the Internet, you can use a Linux live USB stick or disc.
-
One other thing. Does the problem happen with the modem in gateway mode? If it fails there too, it's an ISP problem.
-
I saw this in another recent thread also - a with 2.5.0 as the version :
If the "defined range" is defined - it should be defined, why doesn't it show it ?
It should mention your 'base' IPv6 /56 .....
I don't know if this is actually an issue. Or just a visual issue.
I'm using a ISP that gives me a fixed /48 so I actually hard code my LAN IPv6 first /64 - ending with xxxx.xxxx.xxxx.xxx0::1
The second LAN has xxxx.xxxx.xxxx.xxx1::1 /64 etc.Your ISP might change the IPv6 base address - (but why ??? seems only useful for people that also have to change their phone number x times a day) so : what about changing for some time - to expeient - your IP6 as static ?
Your DHCPv6 pool should look alright now - and DHCPv6 starts to work - it does so for me.Btw : your IPv6 gateway is a fe80::..... mine is a 'real'" 2001:470:1f12:5c0::1 ".
Also :Mar 15 00:11:09 dpinger WAN_DHCP6 fe80::YYYY:YYYY:YYYY:3100%pppoe0: sendto error: 65
this tells me that me that fe80::YYYY:YYYY:YYYY:3100%pppoe0 is out of business.
Note : These are just my observations. By no means I'm an IPv6 expert - just using it, since 2010, using pfSense.
-
@Gertjan said in IPv6 stops working after about 30 mins:
If the "defined range" is defined - it should be defined, why doesn't it show it ?
That for the dhcpv6 server. Is he using DHCPv6 on the LAN side?
Btw : your IPv6 gateway is a fe80::..... mine is a 'real'" 2001:470:1f12:5c0::1 ".
Link local addresses are "real". They're just not routeable. You don't need routeable addresses to route. You just need to know how to get to the next hop. In fact, on point to point links, you don't even need an address, just the interface that connects to the next hop. This also works in IPv4.
Note : These are just my observations. By no means I'm an IPv6 expert - just using it, since 2010, using pfSense.
IPv6 Essentials is an excellent reference.
-
@JKnott said in IPv6 stops working after about 30 mins:
One other thing. Does the problem happen with the modem in gateway mode? If it fails there too, it's an ISP problem.
There is no modem upstream of the pfSense box. pfSense makes a direct connection via PPPoE/DHCPv6.
-
@Gertjan said in IPv6 stops working after about 30 mins:
Also :
Mar 15 00:11:09 dpinger WAN_DHCP6 fe80::YYYY:YYYY:YYYY:3100%pppoe0: sendto error: 65
this tells me that me that fe80::YYYY:YYYY:YYYY:3100%pppoe0 is out of business.
That's indeed the address of my IPv6 gateway but I get that error message at the time of reconnection of the WAN interface, i.e. when IPv6 is still working.
As JKnott already mentioned, a link local address for the IPv6 gateway should not be a problem.
I will ask my ISP whether they can have a look in their logs to see what's going on.
Could it be related to the DUID setting in System>Advanced>Networking? I didn't touch that, so it's on RAW DUID and there is a greyed DUID number in the box below. And yes, the checkbox to allow IPv6 is checked in that section .
-
Do you see any problems in
Status System Logs System Routing? -
Not that I can remember, but I'll check again tonight and report back.
-
For testing purposes you could use just /64 to be on the safe side, which also means that only one of your LAN-Interfaces will have IPv6. Again, just for testing. And don't use Wifi.
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
There is no modem upstream of the pfSense box. pfSense makes a direct connection via PPPoE/DHCPv6.
PfSense has to connect to something. PPPoE is usually carried over ADSL and there's no way pfSense can deal with that on it's own. There should be a box somewhere, that converts the ADSL line to Ethernet, which pfSense then connects to.
-
@JKnott said in IPv6 stops working after about 30 mins:
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
There is no modem upstream of the pfSense box. pfSense makes a direct connection via PPPoE/DHCPv6.
PfSense has to connect to something. PPPoE is usually carried over ADSL and there's no way pfSense can deal with that on it's own. There should be a box somewhere, that converts the ADSL line to Ethernet, which pfSense then connects to.
I have a fiber connection (FTTH, fiber to the home). Between the pfSense box and the fiber connection, there's a TP-LINK MC220L converter which, AFAIK, only converts the fiber signal to ethernet.
-
@Wholelottapfsense Have you tried DHCP instead of PPPoE?
-
@Bob-Dig
No, but at least for IPv4, my ISP required a PPPoE connection (on VLAN 35) with username and password. I'll re-check with my ISP regarding DHCP. -
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
I have a fiber connection (FTTH, fiber to the home). Between the pfSense box and the fiber connection, there's a TP-LINK MC220L converter which, AFAIK, only converts the fiber signal to ethernet.
There's a bit more to it than that, but that is what I was referring to. Can it be put in gateway mode? ISPs love to blame customer gear for their problems, so you have to do what you can to determine where the problem is. So, if there is a gateway mode and it fails as well, then it's an ISP problem. As I mentioned, you can also try a computer connected directly to your Internet connection. If that fails too, it's not a pfSense problem. A big part of resolving problems is determining what works or not.
BTW, last year I went through a similar problem with my own ISP. I have a cable modem and even though I was able to show tier 2 support the problem was within their network, the people responsible for resolving the issue refused to do anything, as I had my own router. It took a lot of effort to get them to budge, even though I had a Wireshark capture that actually named the failing system. It took a senior tech to prove it to them. He brought his own modem to my home and it failed too. He then took his modem to the head end and tried with 4 different CMTS there. It only failed on the one I was connected to. Only then did the network guys fix their problem. I also found I had to teach the tier 2 support and senior tech a bit about IPv6, as I knew more about it than they did.
-
@Wholelottapfsense said in IPv6 stops working after about 30 mins:
@Bob-Dig
No, but at least for IPv4, my ISP required a PPPoE connection (on VLAN 35) with username and password. I'll re-check with my ISP regarding DHCP.I suspect PPPoE is used to establish the initial PPP connection to your ISP. Once that's set up, the PPP connection is then used to carry IPv6. You then use DHCPv6-PD to set up your local prefixes, etc..
-
@JKnott said in IPv6 stops working after about 30 mins:
I suspect PPPoE is used to establish the initial PPP connection to your ISP. Once that's set up, the PPP connection is then used to carry IPv6. You then use DHCPv6-PD to set up your local prefixes, etc..
Indeed. When I uncheck 'Use IPv4 Connectivity as Parent Interface', I don't get IPv6 addresses on my interfaces.
-
@JKnott said in IPv6 stops working after about 30 mins:
Can it be put in gateway mode?
From what I read here it seems to be a simple media converter without a user interface to change settings.
You're absolutely right about ISPs not being motivated to help you at all if you don't use their equipment (Fritzbox 5490 in the case of my ISP), unless you're a corporate customer with an expensive support plan.
At the time with the IPv4 connection, it also took numerous calls until someone told me about the VLAN 35 setting. I guess I'm in for the same fun with IPv6 ...