IPv6 with two WAN interfaces…only one 1 interface assigned ipv6 address



  • I have ipv6 working, but there's a slight quirk, only 1 of my 2 WAN interfaces gets an IPv6 address. It isn't the same interface either, if I reboot, there's a chance the interface that gets an IPv6 address is flipped. If I manually release both devices, I can get the IPv6 assigned on the opposite wan interface.

    If I set track interface on the 1st WAN, my LAN devices get an IPv6 address. However, as the 1st interface is not always getting an IPv6 address, it breaks my LAN IPv6 assignment.

    I've had this issue since setting up my dual WAN nearly 2 years ago, updating pfsense whenever a public update is released.



  • I've seen the same issue as well with only one interface.  It's pretty random and with later releases of 2.3.x seems to occur less frequently (for a while it was occurring EVERY reboot).

    Basically the WAN interface doesn't get an ipv6 address, and so none of the internal interfaces tracking it get an ipv6 network as well.

    With the current 2.3.whatever release we're at now, just last couple of days, i rebooted the router maybe half a dozen times to try to diagnose a different ipv6 issue (2nd lan interface not routing ipv6 traffic unless the router is ping'ed) and it only occurred once.


  • Rebel Alliance Global Moderator

    Confused to why you would have 2 interfaces in same network anyway?



  • @johnpoz:

    Confused to why you would have 2 interfaces in same network anyway?

    That actually might be part of it. The DHCPv6 client is likely sending the same DUID for both interfaces (same box, same DUID, regardless of the interface used), and if the DHCPv6 server is the same (same ISP?), then it's probably ignoring the second request.



  • @johnpoz:

    Confused to why you would have 2 interfaces in same network anyway?

    I didn't read that as if the poster had 2 interfaces on the same network but actually 2 distinct WAN interfaces.



  • @dopey:

    @johnpoz:

    Confused to why you would have 2 interfaces in same network anyway?

    I didn't read that as if the poster had 2 interfaces on the same network but actually 2 distinct WAN interfaces.

    I never considered the same DUID going up; that's a good point. I'll stick another router between pfsense and the 2nd WAN interface.

    To clarify, I do not have 2 interfaces going to the "same" network, technically; I have 2 Comcast modems on separate accounts for redundancy purposes - Comcast never gives me great uptime with one modem crapping out randomly (updates?), but with 2 modems, I can get pretty decent uptime (nearly 100%) and fallback to 4G when Comcast truly craps out (usually a downed line).



  • Alright, using a bridge, things seem to work. Is there a configuration I can use that will solve my issue (Without the additional hardware), either with a unique DUID per interface or some other DHCPv6client config-foo?


  • Banned

    DUID is per machine, not per interface. The IAID (Interface Association Identifier) is per interface.


  • Rebel Alliance Global Moderator

    To clarify, I do not have 2 interfaces going to the "same" network, technically; I have 2 Comcast modems on separate accounts for redundancy purposes

    Technically to be honest your on the same network..  Comcast/Cable for example houses next to each would almost always be on the same network.. So you having 2 modems in the same house, even if different accounts would be on the same network.  Sure there are lines somewhere, and house A next to house B could be on different networks..  But normally picking 2 random sample houses in the same area next to each other they are going to be on the same network from the ISP.

    When you stated the IP flipped, that points to being on the same network.. If you had 2 different ISPs - how would the IP flip from 1 isp to different ISP..  This is what stood out to me that you were on the same network.

    I fail to see how 2 connections from the same ISP on the same network is any sort of failover plan??  If you have a modem going down, that really points to the modem or the line from the isp to that modem (ie from their box in the area).. Your saying 1 goes down and the other stays up??  So they have 2 lines from the box to your house - or do these modems share an input line? Either way that is not a good failover/redundancy solution..  I am on comcast and uptime to be honest is pretty freaking good in my area.. For a home connection, its sure not 5 9's good - but then again not paying for that..

    I would suggest if you need failover, get a different ISP as your backup..



  • @johnpoz:

    To clarify, I do not have 2 interfaces going to the "same" network, technically; I have 2 Comcast modems on separate accounts for redundancy purposes

    Technically to be honest your on the same network..  Comcast/Cable for example houses next to each would almost always be on the same network.. So you having 2 modems in the same house, even if different accounts would be on the same network.  Sure there are lines somewhere, and house A next to house B could be on different networks..  But normally picking 2 random sample houses in the same area next to each other they are going to be on the same network from the ISP.

    When you stated the IP flipped, that points to being on the same network.. If you had 2 different ISPs - how would the IP flip from 1 isp to different ISP..  This is what stood out to me that you were on the same network.

    I fail to see how 2 connections from the same ISP on the same network is any sort of failover plan??  If you have a modem going down, that really points to the modem or the line from the isp to that modem (ie from their box in the area).. Your saying 1 goes down and the other stays up??  So they have 2 lines from the box to your house - or do these modems share an input line? Either way that is not a good failover/redundancy solution..  I am on comcast and uptime to be honest is pretty freaking good in my area.. For a home connection, its sure not 5 9's good - but then again not paying for that..

    I would suggest if you need failover, get a different ISP as your backup..

    Thanks for the feedback, really appreciate it. I do have failover with other ISPs (proper failover), but Comcast is generally my preferred "primary" connection and load balancing is very useful (reliability is really one of my issues) - my other connections have significantly higher latencies and a lower data cap. Using the bridge, I am introducing 4ms of latency :(

    I avoided explaining my entire setup as it is quite complex, 2 pfsense boxes, 4 WANs (Comcast, T-Mobile and AT&T) and actual static IPv4 addresses (officially 5, but Comcast actually gives a /28 even after I questioned 240 vs 248…). The secondary pfsense box is a "cloned" backup machine so I can manually switch during updates/upgrades/failures. This setup works quite smoothly on ipv4, obviously, but as I transition into ipv6, I'm finding fun quirks. I will eventually setup a proper hardware failover setup (and an additional NIC).


  • Rebel Alliance Global Moderator

    "load balancing is very useful "

    Yes, multiple connections from the same IP could be leveraged for load balancing.. Comcast is now supporting gig, atleast in some area's and 100+ in all of them I do believe.  So you need to load balance 2 100 mbps pipes?  What say 20mbps up?  How many users?

    "I avoided explaining my entire setup as it is quite complex"

    Ok - sure ;)  I run and support a tier-1 telco's North American network.. Before that a fortune 500 company global enterprise network.. I think I could pick it up fairly quickly ;) hehehe  I am fairly sure there are many people here that support large complex networks..

    Are you hosting anything? So you have paying customers that want IPv6?  Or are you playing with ipv6 on a production network?  Or is this just your home network?  If so 4 isp's seems a bit over the top for a home connection ;)



  • @johnpoz:

    "load balancing is very useful "

    Yes, multiple connections from the same IP could be leveraged for load balancing.. Comcast is now supporting gig, atleast in some area's and 100+ in all of them I do believe.  So you need to load balance 2 100 mbps pipes?  What say 20mbps up?  How many users?

    "I avoided explaining my entire setup as it is quite complex"

    Ok - sure ;)  I run and support a tier-1 telco's North American network.. Before that a fortune 500 company global enterprise network.. I think I could pick it up fairly quickly ;) hehehe  I am fairly sure there are many people here that support large complex networks..

    Are you hosting anything? So you have paying customers that want IPv6?  Or are you playing with ipv6 on a production network?  Or is this just your home network?  If so 4 isp's seems a bit over the top for a home connection ;)

    Thanks again for getting back, really appreciated :)  The reason I didn't bring the entire setup was to avoid distraction from my original issue. My normal home usage is on the high side, with work related stuff (such as remote desktop connections for both me and wife), family streaming all the time (Netflix, hulu and a ton of youtube). I do host some services, but they are very low bandwidth (less than 500mb a month) but require high uptime.

    I have been IPv4 without issue, but experimenting with IPv6 to be prepared for the eventual change.

    Is there a good starting place where I can work around my issue? I can code, so having a starting point would be helpful of where to start hacking the dhcp6 client.


  • Rebel Alliance Global Moderator

    "but experimenting with IPv6 to be prepared for the eventual change."

    And I commend that fully.. I dabble with ipv6 myself to keep my hands in it for when might actually use it at work..  Which is truly lagging, I will most likely be retired before ipv6 is fully mainstream to be honest..  I would suggest go take certs tests from HE, you can get a free tshirt when you pass sage level.

    I by no means am a dhcpv6 expert, but what dok mentions is going to be where you get started.. The DUID is going to be per machine, and this is normally how a dhcpv6 would give you your IP.. Its not going to give you multiple because you have multiple interfaces in the same network.. Now this could be tied with the IAID I assume to allow you to have each interface get an IP in the same prefix.

    You would have to read the rfc's to be sure.. And then again would depend on if pfsense supports that, and if your isp support that..

    I don't really see when this would be useful though.  Such a setup shouldn't really exist.. Why would you put 2 interfaces from the same machine into the same network?  Especially on a ROUTER!! You might do it on some host I guess serving up websites or something on different IPs.. But on a router - no.

    Simple solutions to your problem.. Use different isps ;)  So each interface would get its own IP in its own prefix..  Use HE for ipv6, you could for sure setup tunnels on each interface.

    Even if pfsense supports having each interface get an ipv6 in the prefix, doesn't mean your ISP does.. You could contact them - good luck with that ;)