• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPv6 broken beyond pfSense after 2.5 upgrade

IPv6
13
42
11.4k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    stepheng @JKnott
    last edited by stepheng Feb 18, 2021, 9:30 PM Feb 18, 2021, 9:28 PM

    @jknott I am seeing Neighbour Solicitation messages from computers but not seeing any responses to these ICMP messages. It looks to me as if the radvd daemon or the dhcpv6 daemon isn't responding (actually I'm at the limits of my IPv6 knowledge - I'm fairly good on IPv4 having been using computers since before networking but IPv6 is still a little more magical to me!). I have checked that radvd is apparently running (shows up in a ps aux output).

    login-to-view

    1 Reply Last reply Reply Quote 0
    • S
      stepheng @JKnott
      last edited by Feb 19, 2021, 9:31 AM

      @jknott Just another follow up to the above. It is definitely the whole NDP/RA exchanges that are just not happening to allocate IPV6 addresses. I've confirmed this by manually configuring IPV6 on a couple of my machines (adding in the IPV6 address of the pfSense router, an IPV6 address in my address range and prefix for the machine) and then the individual machines passes the appropriate tests on sites like test-ipv6 and ipv6-test just as before my update from 2.4.5p1. I can route IPV6 between the machines and on the internet correctly. Something is just not happening to enable the "chatter" to make the address/router negotiation work, but which happened perfectly previously.

      J 1 Reply Last reply Feb 19, 2021, 11:38 AM Reply Quote 0
      • J
        JKnott @stepheng
        last edited by Feb 19, 2021, 11:38 AM

        @stepheng

        I don't know what would be causing that. IPv6 works fine for me with 2.5.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        S 1 Reply Last reply Feb 19, 2021, 11:56 AM Reply Quote 0
        • S
          stepheng @JKnott
          last edited by Feb 19, 2021, 11:56 AM

          @jknott I'm at a loss at this point. Doing a packet capture of ICMP v6 packets on my LAN I can see a steady chatter of Neighbour Solicitation/Neighbour Advertisement packets being used to determine link layer addresses, but absolutely no router solicitation or router advertisement messages.

          I've also tried changing the RA settings to Unmanaged and to SLAAC with no change.

          As I said pfSense is operating with IPv6 and commands on clients such as "host google.com" will return IPv6 addresses as well as IPv4.

          All a mystery!

          J 1 Reply Last reply Feb 19, 2021, 1:49 PM Reply Quote 0
          • J
            JKnott @stepheng
            last edited by Feb 19, 2021, 1:49 PM

            @stepheng

            Try reinstalling pfsense. Backup your config first, then see what happens after the reinstall, but before restoring the config.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            S 1 Reply Last reply Feb 20, 2021, 11:21 AM Reply Quote 0
            • T
              tadao
              last edited by Feb 20, 2021, 3:42 AM

              @stepheng To me, after upgrading to 2.5.0, it doesn't let me use LAN with IPv6 with SLACC, if RADVD is activated. It only permits SLACC on LAN if RADVD is set to Disabled.

              S 1 Reply Last reply Feb 20, 2021, 11:25 AM Reply Quote 0
              • S
                stepheng @JKnott
                last edited by Feb 20, 2021, 11:21 AM

                @jknott I will do that, but it will have to wait for a couple of days until I'm on my own in the house and don't have any pressing deadlines.

                I know that in theory it only takes 15 minutes to do a reinstall, but you never know what may not quite work. I'll get my old Ubiquity Edgerouter out as well in case I need to use it (I think it still has a working configuration).

                1 Reply Last reply Reply Quote 0
                • S
                  stepheng @tadao
                  last edited by Feb 20, 2021, 11:25 AM

                  @tadao That is very interesting, but also to my limited understanding, somewhat puzzling. As I said, I'm not really as expert on IPv6 as I would like, but I'd be surprised that turning RADVD off would work (except with manually assigned clients - and that works for me in any case, but is a bit impractical for phones and mobile devices and besides the whole point of RA/DHCPv6 is to do all this stuff automagically). However, I did try it and got no joy. I have tried all of the setting in the RA tab. As @JKnott says, I think a re-install is needed in my case which I will try in a day or two when I have some quiet time on my own.

                  S 1 Reply Last reply Feb 21, 2021, 11:31 AM Reply Quote 0
                  • S
                    stepheng @stepheng
                    last edited by Feb 21, 2021, 11:31 AM

                    @stepheng SOLVED!

                    I didn't need to re-install pfSense.

                    I noticed that poking around in the command line with "ps" that although I was seeing the radvd process, the only dhcp6 process that I was seeing was the dhcp6c which was being used on my pppoe0 connection to obtain my WAN IPv6 address.

                    I went back to the LAN / DHCPv6 Server page and made a trivial alteration (added an NTP server) and resaved the page. This obviously caused the DHCPv6 server to kick into action again. I can now see a "/usr/local/sbin/dhcpd -6 " process running (as well as the normal dhcpd process for IPv4), and also a "/usr/local/sbin/dhcpleases6" process.

                    All the expected ICMPvs messages for RA, RS, NS, NA are now being seen on the LAN and all devices that previously had IPv6 addresses are getting them. "test-ipv6.com" gives me my score of 10/10 again.

                    I was able to return the LAN / DHCPv6 Server page back to exactly the same configuration as before without any strange behaviour happening (i.e. removed the NTP server again).

                    I assume that for some reason during the upgrade process the dhcpv6 process didn't get started or failed. It might be interesting to see if with my configuration it starts properly when the system is rebooted - and I might try that tomorrow as that is something that can be done in a couple of minutes without risk.

                    Thanks for the help from @JKnott and @tadao. I must confess that I think I need to understand more about IPv6. Now that it is working I've captured some packets in Wireshark so I can study them and hopefully further my knowledge.

                    Y 1 Reply Last reply Feb 21, 2021, 3:29 PM Reply Quote 0
                    • E
                      ebcdic
                      last edited by Feb 25, 2021, 3:02 PM

                      I have a similar problem. My ISP is also Zen, and it was working perfectly in 2.4.5p1. I'm using an SG-1100.

                      It appears that IPv6 comes up normally, but after a few seconds the LAN interfaces lose their IPv6 addresses. This can be reproduced by disconnecting and reconnecting the WAN in Status / Interfaces.

                      The DHCP logs shows that dhcp6c receives a prefix, adds addresses to the LAN interfaces, then removes them:

                      log.txt

                      Y E 2 Replies Last reply Feb 25, 2021, 5:43 PM Reply Quote 0
                      • Y
                        yon 0 @ebcdic
                        last edited by Feb 25, 2021, 5:43 PM

                        @ebcdic

                        https://redmine.pfsense.org/issues/11365

                        1 Reply Last reply Reply Quote 0
                        • E
                          ebcdic @ebcdic
                          last edited by ebcdic Feb 25, 2021, 8:48 PM Feb 25, 2021, 8:48 PM

                          The "restarting" in the log indicates that dhcp6c is getting a sighup, but from where?

                          1 Reply Last reply Reply Quote 0
                          • E
                            ebcdic @yon 0
                            last edited by Feb 26, 2021, 10:58 AM

                            @yon-0 You seem to be talking about a completely different problem. Our ISP delegates a /48 to us, as is normal, and the LAN interfaces use a /64 subnet.

                            J 1 Reply Last reply Feb 26, 2021, 1:47 PM Reply Quote 0
                            • J
                              JKnott @ebcdic
                              last edited by Feb 26, 2021, 1:47 PM

                              @ebcdic

                              Are you trying to configure the WAN interface for a /48? Or allowing DHCPv6-PD to do it? What happens if you select a smaller prefix. For example, I get a /56 from my ISP, but can select a smaller one.

                              PfSense running on Qotom mini PC
                              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                              UniFi AC-Lite access point

                              I haven't lost my mind. It's around here...somewhere...

                              E 1 Reply Last reply Feb 26, 2021, 1:55 PM Reply Quote 0
                              • E
                                ebcdic @JKnott
                                last edited by Feb 26, 2021, 1:55 PM

                                @jknott I'm not sure I understand you. There is no problem with the WAN interface; the router has an IPv6 connection to the outside world and can connect happily to external sites. The problem is that the LAN interfaces lose their addresses after a few seconds, apparently because dhcp6c does a restart, so clients cannot make (non-local) IPv6 connections.

                                J 1 Reply Last reply Feb 26, 2021, 2:05 PM Reply Quote 0
                                • J
                                  JKnott @ebcdic
                                  last edited by Feb 26, 2021, 2:05 PM

                                  @ebcdic

                                  Sorry, I wasn't quite sure what you were saying. However, what happens if you select a smaller prefix? On the WAN page, you can choose in the DHCPv6 Prefix Delegation size box. Do you have the same problem if you select a /49? /56? etc.

                                  PfSense running on Qotom mini PC
                                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                  UniFi AC-Lite access point

                                  I haven't lost my mind. It's around here...somewhere...

                                  E 1 Reply Last reply Feb 26, 2021, 2:21 PM Reply Quote 0
                                  • E
                                    ebcdic @JKnott
                                    last edited by Feb 26, 2021, 2:21 PM

                                    @jknott Changing it to /49 didn't seem to change anything. After changing it to /56 it didn't work at all - dhcp6c seemed to exit. Change back to /48 and it's the same as before: LANs get addresses then lose them a few seconds later.

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      mrsunfire @lnguyen
                                      last edited by Feb 28, 2021, 6:54 AM

                                      After my WAN was down for some minutes IPv6 doesn't come up anymore. I'm getting my prefix and every device gets an IPv6 address but the gateway keeps pending. Of course I use a monitor IP but it's not working. Only solution is to reboot the whole pfSense. This is unacceptable and I can't believe that this major fault wasn't discovered in the BETA builds.

                                      Any ETA for a fix? How do I downgrade back to 2.4.5_p1?

                                      Netgate 6100 MAX

                                      Y 1 Reply Last reply Feb 28, 2021, 1:31 PM Reply Quote 0
                                      • M
                                        mrsunfire @johnpoz
                                        last edited by Mar 1, 2021, 7:42 PM

                                        @johnpoz With 2.5.0 I see with Multi WAN setup that sometimes I don't get a prefix after interface down/up. DHCP log is showing "unexpected interface"

                                        Mar 1 16:50:09	dhcp6c	22055	unexpected interface (15)
                                        Mar 1 16:50:09	dhcp6c	18058	reset a timer on pppoe0, state=SOLICIT, timeo=151, retrans=109128
                                        Mar 1 16:50:09	dhcp6c	18058	send solicit to ff02::1:2%pppoe0
                                        Mar 1 16:50:09	dhcp6c	18058	set IA_PD
                                        Mar 1 16:50:09	dhcp6c	18058	set IA_PD prefix
                                        Mar 1 16:50:09	dhcp6c	18058	set option request (len 4)
                                        Mar 1 16:50:09	dhcp6c	18058	set elapsed time (len 2)
                                        Mar 1 16:50:09	dhcp6c	18058	set identity association
                                        Mar 1 16:50:09	dhcp6c	18058	set client ID (len 10)
                                        Mar 1 16:50:09	dhcp6c	18058	Sending Solicit
                                        

                                        I do have to kill the dhcpd6 with "killall -9 dhcp6c" and apply interface to get it back working.

                                        Netgate 6100 MAX

                                        Y M 2 Replies Last reply Mar 8, 2021, 12:19 PM Reply Quote 0
                                        • M
                                          mrsunfire @Derelict
                                          last edited by Mar 17, 2021, 6:40 AM

                                          Still no ETA for fixing this major bug that makes IPv6 unusable?

                                          Netgate 6100 MAX

                                          DerelictD 1 Reply Last reply Mar 17, 2021, 1:17 PM Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.