Need help enabling IPv6 w/Android Devices on 2.3.2



  • Hello,

    Recently my entire family upgraded our phones from Galaxy S5s to Galaxy S7s, in hopes that we'd be out-of-the-woods when it comes to the buggy S5 WiFi chipset that had a broken V6 stack that was unfixable…  well, lo and behold, after attempting to enable V6 on my LAN again I ran into basically the same exact problems :(

    Symptoms are that the Android (Galaxy S7) devices cannot seem to communicate on V6.  They only show link-local addresses, and all public DNS lookups take forever because there are additional timeouts when V6 lookups are attempted.  The IPv6 test sites report failures and no IPv6 connectivity.

    V6 connectivity, however, works great on my Windows 7 and Windows 10 PCs on my LAN, all tests pass, no DNS timeouts, etc.

    I've tried switching from unbound back to DNSMasq, same problem.  I've tried literally every possible setting for DHCPv6 Server enabled, all possible dropdown options for RA modes, etc. -- the Android devices never show a V6 address and perpetually time-out on DNS look-ups.

    I do have somewhat of a unique setup; my WAN connection is static IPv4 & IPv6, in which I am getting routed a /48 statically.  I use a cable modem on WAN2 and do Multi-WAN w/Gateway Groups for redundancy should my primary connection go down.  I really do not know why my Android devices will not get IPs; any further help in diagnosing this would be greatly appreciated.  It's almost as if there is partial V6 capability, but it's just unable to communicate w/the DNS servers for some reason.  I've tried changing the order of DNS servers listed under General Setup, selecting different gateways for them, etc... no change in symptoms.

    I'm aware of the DHCPv6 Android debacle, but there are numerous posts on this forum where people claim "Assisted" RA mode works, or SLAAC will still function fine... in my case, it is not and I have no clue why.  Keep in mind all the Windows machines function perfectly, so this is confusing.



  • Perhaps there's an issue with Samsung devices, rather than Android in general.  I have a Google Nexus 7 tablet, Nexus 5 phone and iPhone 6.  All work fine, as do my computers.  Perhaps you can have someone with another Android device, other than Samsung, try your network.



  • If you Google on Samsung phone IPv6, you'll find hits about problems with Samsung phones.  Here are a couple:
    http://forums.androidcentral.com/samsung-galaxy-s7-edge/658317-shouldn-t-just-work-ipv6.html
    http://www.gossamer-threads.com/lists/nsp/ipv6/54641

    So, it appears it may be a Samsung issue.



  • I am having issues with IPv6 and Android as well.  On my network, we have a Nexus 5, a Nexus 5X and a Nexus 7.  All of them work except for my Nexus 5.  For some reason, my Nexus 5 cannot connect to my pfSense box using the global address.  It can connect using the local-link just fine.  Unfortunately, the phone puts the global address as the primary DNS on the phone.  So I have to wait for a timeout before the phone will try the dns query on the router's IPv4 address.

    I figured that this was an Android issue (perhaps even phone model specific), but it looks like JKnott has a Nexus 5 working.  My pfSense box is set to assisted and the phone is getting a IPv6 address and putting the router IPv6 address in the DNS list.  Any advice on debugging this would be helpful.

    Chris.



  • What is that "assisted" you're referring to?  I don't have any special configuration.  It just worked.

    BTW, this is one example of why it would be nice to be able to run Wireshark on pfSense.  It's hard to fix a problem, if you can't see what's happening.



  • Under the router mode set to "Assisted" under Services > DHCPv6 Server & RA > LAN > Router Advertisements

    You can run "Packet Capture" under Diagnostics and then download the file for under analysis in wireshark.  Unfortunately, I don't know enough to know what I am looking for in the packet capture.

    Chris.



  • ^^^^
    Do you have DHCPv6 enabled?  With SLAAC, it's normally used just for handing out servers addresses for DNS etc.  What happens if you set "router only"?  DNS will still work through IPv4.

    I know there is packet capture available.  However, with Wireshark, you can watch in real time and then click on a frame to see all the details.



  • I do have dhcpdv6 enabled.

    If I set the router advertisement daemon to "router only", will my local network even be using IPv6 if I don't give all of my systems static IPv6 addresses?



  • Unlike IPv4, DHCPv6 is not needed to hand out IP addresses.  That's normally done with SLAAC and Router Advertisements (RA).  A host can also request an prefix with Router Solicitations (RS).  In this situation, DHCPv6 is only used to point to servers, such as DNS, WINS, NTP etc.  Since your devices already have DNS via IPv4, they will work fine, as it can deliver both A & AAAA records for IPv4 and IPv6 addresses.



  • As I understand it, if you only want SLAAC, the router advertisement needs to be set to "unmanaged" and not "router only".

    https://doc.pfsense.org/index.php/Router_Advertisements

    Chris.



  • Give unmanaged a try and see what happens.



  • Unamanged made no difference to me, the Android phone would always report a link-local address only (maybe that's what happens if you're only using SLAAC, not sure?), but I was still getting the DNS timeouts.  Maybe it's possible to get the DNS server to listen on the link-local address?  Not sure that's ideal though.

    The thing I struggle with is… this can't be a "me only" thing and this almost has to be something related to my setup/configuration, or else a LOT more people would be complaining.  Like I said, there are people posting that Unamanged or Assisted resolves the issue for them but it seems to make no difference to me.  I have the capability of running a Wireshark capture using port mirroring on the switch my LAN port is connected to, if it would be helpful.

    I did have a couple questions about the General Setup DNS server screen, however...

    Should I always populate that with two IPv4 and two IPv6 DNS servers?  Should I put IPv4 before IPv6?  What gateways should I select?  The webGUI mentions selecting a unique gateway per server, but I am using gateway groups / multi-wan, so I wasn't sure.  I even tried specifying "none" for all four but it had no real impact either way.



  • The phone should have both a link local and global unicast address.  If it has only a link local address, then you won't be able to go beyond your local network.  Your phone should be responding to the router advertisements by creating an address from the advertised prefix and the MAC address or a random number.  For whatever reason, it's not doing that.  One work around for those Samsung phones is to get a WiFi router, with the WAN side connected to the local LAN and use it's WiFi only for those phones.  That way you'll only get an IPv4 connection.  It's not ideal, but it may be a way to get the phones working.



  • I am having the same problem with my Samsung Note 4 (developer edition).

    I had to download a program to disable ipv6 support on my device - now I no longer have the DNS issues with ipv6 and I can keep my RA Announcement configuration to Assisted. I realize that disabling IPv6 on my device is just a patch and not a fix to this problem. Good luck!



  • @Paint:

    I had to download a program to disable ipv6 support on my device - now I no longer have the DNS issues with ipv6 and I can keep my RA Announcement configuration to Assisted. I realize that disabling IPv6 on my device is just a patch and not a fix to this problem. Good luck!

    I have thought about that as well, but I haven't wanted to go through rooting my phone.

    Chris.



  • Is there any reason that I cannot change my RDNSS entry so that it uses the router's local IPv6 address instead of the global one?  The RFC says that using the local-link is ok, but I wasn't sure if there are any unintended consequences.

    Thanks,
    Chris.



  • For what it's worth, my GS7 is getting ipv4 and ipv6 addresses (two global and one link-local) from my pfsense router. I ran test-ipv6.com and ipv6-test.com and both were fine. The only issues were that former noted a tunnel is being used for ipv6 and the latter noted there is no ipv6 hostname. Speedtest and ping test both work fine.

    I'm using assisted mode.



  • @cmbroth:

    Is there any reason that I cannot change my RDNSS entry so that it uses the router's local IPv6 address instead of the global one?  The RFC says that using the local-link is ok, but I wasn't sure if there are any unintended consequences.

    Thanks,
    Chris.

    I'm guessing that the global address is used because a downstream IPv6 router could pick the RDNSS entry up and re-use it for its own LAN, this won't work if the address is a link-local address because the address wouldn't be reachable outside the original LAN.



  • I'm guessing that the global address is used because a downstream IPv6 router could pick the RDNSS entry up and re-use it for its own LAN, this won't work if the address is a link-local address because the address wouldn't be reachable outside the original LAN.

    In my case, I don't have any routers downstream.

    Thanks,
    Chris.


Log in to reply