WAN_DHCP6 Stuck Pending / Unknown

bimmerdriver

@w0w said in WAN_DHCP6 Stuck Pending / Unknown:

I see no difference.

Can you answer those questions that @jimp asked in another topic:

We need to know more about what you're experiencing.
Is it failing on WAN? On LAN?
Do you use DHCP for WAN? On LAN? Static?
Does pfSense get an IPv6 address? Do clients?
What does the IPv6 routing table look like?
That sort of stuff, plus an idea of how your setup is configured in general for IPv6 (Interface IPv6 settings, DHCPv6 settings you are using, and so on).

I think route tables you can get by netstat -r and you have already answered last question about settings.

I think the original post answers most of the questions. Aside from the gateway being stuck pending / unknown, the only other thing that may be notable is the gateway status for 2.5.0 shows the address as ~, whereas it shows the link-local address for 2.4.5. This seems strange, since pfsense has the gateway address, otherwise I'm not sure how IPv6 would not be working. (It's used in the default route.)

Also, there is a slight difference in the routing tables for 2.4.5 and 2.5.0.

2.4.5

Shell Output - netstat -W -r
Routing tables

Internet:
Destination        Gateway            Flags       Use    Mtu      Netif Expire
default            d162-156-4-1.bchsia.telus.net UGS     3206   1500        hn0
localhost          link#2             UH           55  16384        lo0
162.156.4.0/22     link#5             U           311   1500        hn0
d162-156-6-212.bchsia.telus.net link#5 UHS          0  16384        lo0
192.168.1.0/24     link#6             U          1592   1500        hn1
pfSense            link#6             UHS           0  16384        lo0

Internet6:
Destination        Gateway            Flags       Use    Mtu    Netif Expire
default            fe80::ea4:2ff:fe29:5001%hn0 UG     1351   1500      hn0
localhost          link#2             UH            0  16384      lo0
node-1w7jr9qla9jg28ewy6wmg3aio.ipv6.telus.net link#6 U           625   1500      hn1
pfSense            link#6             UHS           0  16384      lo0
fe80::ea4:2ff:fe29:5001 fe80::ea4:2ff:fe29:5001%hn0 UGHS        0   1500      hn0
fe80::%lo0/64      link#2             U             0  16384      lo0
fe80::1%lo0        link#2             UHS           0  16384      lo0
fe80::%hn0/64      link#5             U           301   1500      hn0
fe80::215:5dff:fe67:5b09%hn0 link#5   UHS           0  16384      lo0
fe80::%hn1/64      link#6             U            16   1500      hn1
fe80::1:1%hn1      link#6             UHS           0  16384      lo0

2.5.0

Shell Output - netstat -W -r
Routing tables

Internet:
Destination        Gateway            Flags       Use    Mtu      Netif Expire
default            d154-20-116-1.bchsia.telus.net UGS    69943   1500        hn0
localhost          link#1             UH          176  16384        lo0
154.20.116.0/22    link#5             U        293292   1500        hn0
d154-20-118-82.bchsia.telus.net link#5 UHS          0  16384        lo0
192.168.1.0/24     link#6             U        193774   1500        hn1
pfSense            link#6             UHS           0  16384        lo0

Internet6:
Destination        Gateway            Flags       Use    Mtu    Netif Expire
default            fe80::ea4:2ff:fe29:5001%hn0 UG    16094   1500      hn0
localhost          link#1             UH            0  16384      lo0
node-1w7jr9ql9x8i509sb93jlqy2o.ipv6.telus.net link#6 U         88728   1500      hn1
pfSense            link#6             UHS           0  16384      lo0
fe80::%lo0/64      link#1             U             0  16384      lo0
fe80::1%lo0        link#1             UHS           0  16384      lo0
fe80::%hn0/64      link#5             U          2440   1500      hn0
fe80::215:5dff:fe67:5b1b%hn0 link#5   UHS           0  16384      lo0
fe80::%hn1/64      link#6             U           176   1500      hn1
fe80::1:1%hn1      link#6             UHS           0  16384      lo0
fe80::215:5dff:fe67:5b1c%hn1 link#6   UHS           0  16384      lo0

w0w

@bimmerdriver
Do you remember what 2.5 build you have used before you found this problem?
I am not sure, but there are several dhcpv6 related changes in the end of Aprill, before system moved to stable branch...

bimmerdriver

@w0w said in WAN_DHCP6 Stuck Pending / Unknown:

@bimmerdriver
Do you remember what 2.5 build you have used before you found this problem?
I am not sure, but there are several dhcpv6 related changes in the end of Aprill, before system moved to stable branch...

Unfortunately, no, and I forgot to checkpoint the VM before I upgraded. If older versions were available, I would go through them until I found which one introduced the problem. It seems very likely that the problem I'm having is the same problem that was identified in the thread Ipv6 not working build 2.5.0.a.20200428.1204, so it's a good bet the change is in build 2.5.0.a.20200428.1204 or possibly earlier, depending on how long between updates the other person was.

w0w

https://github.com/pfsense/pfsense/commit/c01fa17a2748d2803d025fa727e484ed205b9537
https://redmine.pfsense.org/issues/9634
Not sure is it related, but you can try to revert those changes...

bimmerdriver

@w0w said in WAN_DHCP6 Stuck Pending / Unknown:

https://github.com/pfsense/pfsense/commit/c01fa17a2748d2803d025fa727e484ed205b9537
https://redmine.pfsense.org/issues/9634
Not sure is it related, but you can try to revert those changes...

Reverting the patch appears to have fixed the problem. The gateway is online. I'll kick it around a bit for a bit and report back.

bimmerdriver

I used wireshark to capture icmpv6 and dhcpv6 packets on the wan interface.

With the patch uninstalled, the sequence is the following:

send dhcpv6 solicit
receive dhcpv6 advertise
send dhcpv6 request
receive dhcpv6 reply
send icmpv6 router solicitation
receive icmpv6 router advertisement

With the patch installed, the sequence is the following:

send dhcpv6 solicit
receive dhcpv6 advertise
send dhcpv6 request
receive dhcpv6 reply

The router never sends the icmpv6 router solicitation, so it never receives the router advertisement.

I hope that helps.

w0w

I suggest to write about all the finds on the redmine
I hope somebody will fix this bug soon.

bimmerdriver

@w0w said in WAN_DHCP6 Stuck Pending / Unknown:

I suggest to write about all the finds on the redmine
I hope somebody will fix this bug soon.

I already did. Thanks for the help.

bimmerdriver

@bimmerdriver said in WAN_DHCP6 Stuck Pending / Unknown:

@w0w said in WAN_DHCP6 Stuck Pending / Unknown:

I suggest to write about all the finds on the redmine
I hope somebody will fix this bug soon.

I already did. Thanks for the help.

@jimp Should I open a new issue in Redmine for this problem?

bimmerdriver

A fix for this issue is in the latest snapshot and I confirm it works.

Thanks @jimp .

tbclark3

I just upgraded to 2.4.5-release-p1 and I have exactly the same problem. The ipv6 gateway is stuck on status unknown. I made no other configuration changes, nor any other changes.

fragged

My WAN interface is still showing:
WAN_DHCP6
~ Pending Pending Pending Unknown

On:
2.5.0-DEVELOPMENT (amd64)
built on Thu Jul 16 01:02:54 EDT 2020
FreeBSD 12.1-STABLE

Previous posts indicate that the issue was fixed, but mine's still not working since whichever update broke dhcpv6. Any ideas how to solve this? System Logs / DHCP shows nothing for v6 just v4.

monroe

I'm seeing the same issue since updating to 2.4.5p1. My ISP is Comcast/Xfinity, and I'm using their native dual-stack IPv4/IPv6 service. The v4 status shows correctly, but v6 just shows Pending/Unknown.

If I go into System > Routing > Gateways, edit the IPv6 gateway, and disable/re-enable gateway monitoring for that interface, it seems to fix the problem temporarily, but at some point it recurs (I haven't determined exactly what causes it to recur yet.)

w0w

You can revert those patches one by one with help of "System patches" package.

Install package "System patches"
Create two patches, using the commit ID's provided in https://redmine.pfsense.org/issues/9634
the first one should be
19fe32b0fe32faf290ea2b74c005c165579277bf
and the second
8788b0613a66e48ff4da45f4228bda481c37f7a9
When creating fill commit ID and enter any description for the patch and press "SAVE" button.

When patches are created you will see fetch button in the patch list, press fetch and then after patch is downloaded,

you will see that Revert button is appeared on one of them,

press it and you will get Revert button on the second patch also, press it also and you should have original 2.4.5 non p1 version of file.
Check it and if you have some new information report it back

fragged

@w0w Thanks for the reply. In my case it seems like with changes done to pfSense I now need to check the "Do not wait for a RA" setting on DHCP6 Client Configuration. After enabling that option I get IPv6 on the interface again status is shown correctly without reverting the patches.

tbclark3

@w0w, I backed up the configuration, reverted both patches, and rebooted. The WAN_DHCP6 status was slow to update but eventually correctly showed "Online"; however, and radvd was correctly advertising the route. However, I had no ipv6 connectivity from clients. I reverted to the saved configuration, rebooted, and this time the WAN_DHCP6 status immediately said "Online" and I have ipv6 connectivity from clients. The "System patches" package got uninstalled by the restoration of the configuration, and as best I can tell, the patch reversions did too. Nevertheless, it has been working correctly for several hours now.

w0w

@tbclark3
I do not think it is reverting the patches, when you uninstall package or restore configuration that does not use this package, you can just test it by installing package again, see what happens and report back.
May be it just needed reboot to complete reload of those un-patched files.

You can also test this "Do not wait for a RA" setting, that was found by @fragged as working solution.

bimmerdriver

@w0w said in WAN_DHCP6 Stuck Pending / Unknown:

@tbclark3
I do not think it is reverting the patches, when you uninstall package or restore configuration that does not use this package, you can just test it by installing package again, see what happens and report back.
May be it just needed reboot to complete reload of those un-patched files.

You can also test this "Do not wait for a RA" setting, that was found by @fragged as working solution.

The "Do not wait for a RA" setting causes pfsense to send the DHCP solicit before the RS. If your ISP gateway requires this, it will not delegate a prefix you use the setting. If your ISP gateway doesn't require this, pfsense may or may get a prefix. Some gateways don't care about the order. The best way to determine if this setting is required is to use wireshark to watch sequence of messages.

tbclark3

@bimmerdriver I tried the "Do not wait for a RA" setting prior to reverting the patches. It caused a several minute delay after applying the setting, then IPv6 stopped working altogether.

As best I can tell, the two patches are still reverted--meaning that I am still running 2.4.5-RELEASE even though the system identifies the version as 2.4.5-RELEASE-p1 and even though "System patches" displays no history.

IPv6 has worked perfectly since those two patches were reverted.

bimmerdriver

@tbclark3 said in WAN_DHCP6 Stuck Pending / Unknown:

@bimmerdriver I tried the "Do not wait for a RA" setting prior to reverting the patches. It caused a several minute delay after applying the setting, then IPv6 stopped working altogether.

As best I can tell, the two patches are still reverted--meaning that I am still running 2.4.5-RELEASE even though the system identifies the version as 2.4.5-RELEASE-p1 and even though "System patches" displays no history.

IPv6 has worked perfectly since those two patches were reverted.

When 2.4.5-RELEASE-p1 was released, I tested it and found that it solved the problem. When I get a chance, I'll start it up again and confirm it still works. If so, it may be that your system is borked. Have you tried a clean reinstallation?

UPDATE: I started up my other system and it worked fine. I suggest trying a clean reinstallation if you haven't tried that already.