Sudden Issue with PPPoE & DHCP6
-
I look after a number of pfSense installations. My ISP hands out /48, /56 or /64 depending on what we've told them. The pfSense uses PPPoE to authenticate and get a static IPv4. For LAN, I use "IPv6 Conf Type: Track Interface" and set the WAN side interface to track.
The settings I use are in a screenshot at the bottom of this post. This as worked flawlessly for about a year. But now suddenly I am having issues where if the PPPoE session drops or if the router is rebooted, the connection will FLAP (i.e. go up and down) for over 20 minutes. During this time if I view the log (Diagnostics > System Log > PPP) the connection is going up and down, up and down like crazy. Eventually (anywhere between 5-20 minutes), the PPPoE will establishes, but NO IPv6.
During these 20 minutes, if I run a ping to this router's WAN IPv4, I see this:
Reply from 1.2.3.4: Destination host unreachable. Reply from 5.6.7.8: bytes=32 time=4ms TTL=60 Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Request timed out. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 5.6.7.8: bytes=32 time=5ms TTL=60 Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Request timed out. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 5.6.7.8: bytes=32 time=5ms TTL=60 Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 5.6.7.8: bytes=32 time=5ms TTL=60 Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Request timed out. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 5.6.7.8: bytes=32 time=4ms TTL=60 Request timed out. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable. Reply from 1.2.3.4: Destination host unreachable.So there's two problems here.
1. If the router is ever rebooted or the PPP session drops, we're looking at a 5-20 minute outage!
2. IPv6 isn't working at all.I have ruled this being a hardware problem out by trying multiple boxes running pfSense and even tried running a pfSense in a VM which was built from scratch (I have tried both 2.3.2 and 2.3.3) - nothing works.
ISP doesn't want to play ball. They are saying "You're not using a CPE that is on our supported list so we can't help you". I am positive this is an issue at their end since all the connections that manifested this irritating bug started at around the same time. The only common factor is the ISP.
What do I do to figure this out?
-
What happens if you run an approved CPE device, do you still see the same PPoE issue?
-
Have you tried disabling the setting to request the prefix using ipv4? If you can use wireshark to capture the packets on the wan interface, it might help you figure out what's happening.
-
I have tried every setting from reducing the MTU to un-ticking that box. Nothing makes any difference.
If I fired up wireshark, what am I looking for? I'm afraid my PPPoE session establishment is somewhat rusty!
-
I'm not a wireshark expert, but I got it working by using the ip6 capture filter and I manually entered a display filter to remove everything else that I didn't want to see.
Screen captures of the display filter and captured packets are attached.
-
You could have filtered on ICMP6.
-
You could have filtered on ICMP6.
But then you don't get the dhcpv6 messages. Maybe I need to learn more about how wireshark capture filters work, but they seem to be very inflexible.
-
I think the OP's problem is the same as reported here:
https://forum.pfsense.org/index.php?topic=126828.0
If so and it is 2.4 the OP is using, then it's fixed and a snapshot update will solve his issues.
