Updated to 2.5 everything went smooth except for WAN IPv6 status being stuck on "Unknown" and "Pending" - Have Comcast, despite multiple Cable Modem restarts, and PFSense restarts
-
There's a bug in 2.5.0 that has been found that requires a monitoring address to be manually added in the System > Routing settings for the IPv6 gateway. The gateway will show as "Pending" until a monitoring address is manually set. For whatever reason, 2.5.0 is not automatically getting the gateway address and monitoring it. Try adding a monitoring address (you can make it anything valid/reachable for the purpose of testing) and see if that fixes things for you.
If you want to add the exact gateway address as the monitor address, go to Diagnostics > Routes and copy the default gateway from the IPv6 table. Just know that this could change if your ISP does maintenance before the bug is fixed.
Hopefully that helps...
The S in IOT stands for Security
-
@virgiliomi
Worked for me. Now passes on all IPv6 test sites I tried. -
@spacey said in Updated to 2.5 everything went smooth except for WAN IPv6 status being stuck on "Unknown" and "Pending" - Have Comcast, despite multiple Cable Modem restarts, and PFSense restarts:
I do have a side question regarding the IPv6 DUID and the differences between Raw / DUID-LLT, DUID-EN, DUID-LL (Link Layer which I think maybe easier to set static IPv6 addresses with this setting by strictly it's IPv6 address (not sure), I've always had a problem with this (PiHole) again this is totally a side question-
I too have Comcast and selected DUID-UUID which I then generated using this site.
In this way it gets saved to the configuration file and, no matter the version or the hardware, Comcast is always giving me the same IPv6 60 bit prefix delegation. It's almost like having a static IPv6 address (it hasn't changed in almost 2 years I've enabled IPv6).
BTW, after updating to 2.5.0 I've had the exact same problem:
https://forum.netgate.com/topic/161153
As @virgiliomi suggested, forcing a monitoring address seems to fix the issue.
-
@virgiliomi is there a link to a bug report?
-
FWIW, I understand as much about IPv6 as I do about knitting Bernie Sanders' mittens,,,, but when I shell to my FW I see a /128 on my Comcast WAN. This is after adding a monitor address.
Peder
MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic) -
@segfault-0 https://redmine.pfsense.org/issues/11454
-
@provels For Comcast, that would be correct. They provide a single (/128) address for WAN, as well as a prefix that can be used for one or more LANs, depending on what prefix size is being requested in your WAN settings.
-
@provels said in Updated to 2.5 everything went smooth except for WAN IPv6 status being stuck on "Unknown" and "Pending" - Have Comcast, despite multiple Cable Modem restarts, and PFSense restarts:
but when I shell to my FW I see a /128 on my Comcast WAN. This is after adding a monitor address.
A /128 on the WAN address is entirely normal, as it's not used for routing. It's just an address that can be used as a target for VPNs etc.. Often the link local address is used for routing.
-
@jknott
Thanks. And whatever you do, never ask me to tell you how many hosts are in a sub/supernet in IPv4, either!
20 years in the business and I could never catch on... -
It's easy on both IPv4 and IPv6. It's 2^n - x, where n is how many host bits on the subnet. With a /24 (32 -24), n = 8. On IPv4, x = 2 and on IPv6, 1. The reason for the difference is there's no such thing as a broadcast address on IPv6.
So, on an IPv6 network, with the usual /64 prefix, you could have 18.4 billion, billion - 1 hosts!
-
@virgiliomi said in Updated to 2.5 everything went smooth except for WAN IPv6 status being stuck on "Unknown" and "Pending" - Have Comcast, despite multiple Cable Modem restarts, and PFSense restarts:
There's a bug in 2.5.0 that has been found that requires a monitoring address to be manually added in the System > Routing settings for the IPv6 gateway. The gateway will show as "Pending" until a monitoring address is manually set. For whatever reason, 2.5.0 is not automatically getting the gateway address and monitoring it. Try adding a monitoring address (you can make it anything valid/reachable for the purpose of testing) and see if that fixes things for you.
If you want to add the exact gateway address as the monitor address, go to Diagnostics > Routes and copy the default gateway from the IPv6 table. Just know that this could change if your ISP does maintenance before the bug is fixed.
Hopefully that helps...
This worked for me, thanks!
