IPv6 No Gateway after 2.5 upgrade

provels

This worked for me. Now passes on all IPv6 test sites I tried.

https://forum.netgate.com/topic/161047/updated-to-2-5-everything-went-smooth-except-for-wan-ipv6-status-being-stuck-on-unknown-and-pending-have-comcast-despite-multiple-cable-modem-restarts-and-pfsense-restarts/3

amessinamessinet.com

As suggested, manually adding the Monitor address seems to solve part of the issue, though with Gateway hardcoded as "dynamic", it seems to affect the ability to use it in firewall rules -- CoDel Limiters, for example below.

21:00:51 There were error(s) loading the rules: /tmp/rules.debug:223: no routing address with matching address family found. - The line in question reads [223]: pass  out  quick  on {  igb1  }  $GWWAN_DHCP6 inet6 from any to any tracker 1610764779 keep state  dnqueue( 2,1)  label "USER_RULE: CoDel Limiters"

heyj

@amessinamessinet-com I am having the same issue.

Segfault 0

@amessinamessinet-com This is the problem I'm having as well. I set the monitor address to the link-local address but now my CoDel Limiter for IPv6 is giving that error.

MikeV7896

@amessinamessinet-com said in IPv6 No Gateway after 2.5 upgrade:

As suggested, manually adding the Monitor address seems to solve part of the issue, though with Gateway hardcoded as "dynamic", it seems to affect the ability to use it in firewall rules -- CoDel Limiters, for example below.

Yep... See this bug: https://redmine.pfsense.org/issues/11454

As you mentioned, only part of the issue has a workaround (the monitoring, which affects IPv6 connectivity as a whole). The gateway selection part will likely require an update to pfSense once fixed.

pete

This post is deleted!

mrsunfire

Still no ETA for a fix? IPv6 is unusable after WAN fails one time.

SteveITS

@anzenketh said in IPv6 No Gateway after 2.5 upgrade:

I can ping ipv6.google.com with IP protocol IPV6 from Diagnostics -> Ping

That's where I am on an SG-2100 with 21.02, I can ping that from my PC behind it. Status/Interfaces has a default route for IPv6. The router has a default route for IPv6 in Diagnostics/Routes, just no gateway for IPv6 shown in Status/Interfaces.

It sounds like some people have IPv6 connectivity and some don't? Essentially for me it's just a cosmetic issue with the GUI. After upgrade I (re)installed pfBlockerNG-devel and Snort but didn't reboot again.

g.shaffer

I noticed that both /tmp/em0_routerv6 and /tmp/em0_defaultgwv6 were empty while the ipv4 versions had the valid router addresses in them. Both of these are set in the script /var/etc/rtsold_em0_script.sh which is built by the script /etc/inc/interfaces.inc. It looks like the parameter is not being passed to the script. I modified the routine in interfaces.inc that builds the resold_em0_script (search for "rtsoldscript") to set a hard coded value for both these files and my IPv6 gateway started working! Routing, firewall rules, Policy Based Routing, etc, all work!

My mods:

#echo $2 > /tmp/em0_routerv6
echo "fe80::X:X:X:X" > /tmp/em0_routerv6
#echo $2 > /tmp/em0_defaultgwv6
echo "fe80::X:X:X:X" > /tmp/em0_defaultgwv6

After I made the mods, I "saved" the WAN interface again without making any changes. Hope this helps someone until a real fix is pushed out.

g.shaffer

@g-shaffer

UPDATE:

Here is a diff of my changes to /etc/inc/interfaces.inc

interfaces.inc.diff

mrsunfire

@g-shaffer Worked for me, thank you!

pete

@mrsunfire - thank you. It is working for me here.

randyshoopman

I'm also seeing this issue.

@g-shaffer What are you setting as the "hard coded value"? The Link Local IPv6 address of the WAN?

g.shaffer

@randyshoopman I got it by looking for the "receive advertise from ..." in the dhcpd.log, but you should be able to use the default IPv6 route address (minus the %interface) listed in the default route table (Diagnostics -> Routes).

randyshoopman

@g-shaffer I don't seem to have any log entries in my dhcp.log with that exact text. In any case the default route has an fe80 link local address. I will try that -- thanks

MarcO42

@g-shaffer Hi, I did this change with the result that I got a static IPv6 address to monitor.
Btw. This can slo be done here -> System - Routing - Gateways - Edit WAN_DHCP6 -> Monitor IP

But now come the strange part: After I realised that I can do this also in the configuration I revert the change to

        $rtsoldscript .= "# This shell script launches dhcp6c and configured gateways for this interface.\n";
        $rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_routerV6\n";
        $rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_defaultgwv6\n";
        $rtsoldscript .= "/usr/bin/logger -t rtsold \"Received RA specifying route \$2 for interface {$interface}({$wanif})\"\n";

It works. I can not explin why but it works :)
Cheers
Marco

pete

@marco42

Putting the local link address as an IP6 monitoring address is the first thing I did to originally "fix" the issue.

This time around went back to putting in the google IP6 address as a monitoring address for IP6:

1 - 2001:4860:4860::8888
2 - 2001:4860:4860::8844

This Google DNS monitoring address is what I was using for PFSense 2.4.x

That and went to diagnostics / routes / IP6 routes and took the local interface FE80 address minus the %em1 and used it in the diff file.

I wanted to just leave it alone for time bean as it is working and everytime I play with this I lose my IP6 connectivity.

On the second WAN failover interface which is using a CPE to T-Mobile I tested it with my Laptop and do get an IP6 address just fine. When I connect it to PFSense and set it to IP6 dhcp I do not get an address. I am not sure how to figure this out so went back to connecting to the LAN interface and using that as a WAN interface for my failover.

That and not relating to OP I noticed I lost my IPSec and OpenVPN stuff. Fixed the OpenVPN stuff yesterday and confirmed that it is working. Haven't fixed IPSec VPN yet though.

MarcO42

@pete
To be clear: I reverted my changes in the /etc/inc/interfaces.inc to the code above and didn't use the monitoring funktion from System/Routing/Gateways and after a reconect I can see the the Gateway have now the correct entry. :)

pete

@marco42

Ahhh....thank you Marco.

So where did you get the IP6 gateway address and where did you install it?

Do you have the temp files /tmp/em0_routerv6 and /tmp/em0_defaultgwv6 with the IP6 gateway address before you removed the diff changes?

Today did a new 2.5 build on my PFSense hot spare box. IP6 worked out of the box. Have to test OpenVPN and IPSec VPN on it first.

Will drop this box in to place after configuring add ons the rebuild the updated machine from scratch.

Using monitoring function here because primary WAN is cable and secondary WAN is a T-Mobile LTE CPE.

MarcO42

@pete
Hi,
the IP6 is set like the IP4. After a reconnect its there. (Like magic ;) )
And yes, I had these files (named on my side with pppoe) before.
I double checked it right now and I think I found somthing strange.
I have the old file already in place but please take a look:

[2.5.0-RELEASE]/root: ls -al /tmp/pppoe_r*
-rw-r--r--  1 root  wheel  14 Mar  3 03:50 /tmp/pppoe0_router
-rw-r--r--  1 root  wheel   1 Mar  3 03:50 /tmp/pppoe0_routerV6
-rw-r--r--  1 root  wheel  26 Mar  3 03:50 /tmp/pppoe0_routerv6

Then I checked my script and I saw that I made a mistake that fixed my issue:

        $rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_routerV6\n";

I think that in the original script create this file (**_routerv6*) with emptiy content.
Maybe the function file_put_contents() is afterwards not able to recreate or fill the file with content?

After I chnaged it to a file named _routerV6 with an upper V another prozess created the correct file.

So my solution for me is now this:

        $rtsoldscript .= "# echo $2 > {$g['tmp_path']}/{$wanif}_routerv6\n";

Cheers