An odd ipv6 tracking problem

moscato359

I have 2 pfsense boxes in ha

1 supermicro box
1 netgate sg-8860

They're synced to be essentially identical via pfsync + xmlsync

My supermicro box uses an intel i211 for primary wan and an intel i350 for primary lan

My sg-8860 box uses i211 for both, and has some i354 ports I'm using for other stuff

If I set wan to dhcpv6, and lan to tracking wan on supermicro, wan gets an ipv6 address, while lan never gets ipv6 address
If I set wan to dhcpv6 and lan to tracking wan on netgate, both wan and lan gets ipv6 addresses perfectly fine

Wan is configured identically on both, with the only difference being the ipv4 address.

Could this be a driver issue with the i350? Netgate sells i350 cards in their store.

bimmerdriver

What version of pfsense are you using? Do you have dhcp debug enabled in wan settings? Is there anything different in the dhcp logs?

If tracking isn't working, it's possible, maybe likely, that the wan isn't getting a prefix. (If the settings are identical and they are both getting prefixes, there is no obvious reason why dhcp6 on the lan would work differently.

I have i350 ethernet on my hyper-v server and there are no issues.

Please post wan and interface status.

Is this a new configuration? Are you certain your isp supports delegation of multiple prefixes?

The reason I ask is because even if the duid is the same on both systems, it's possible the isp dhcp6 server is rejecting one of the dhcp solicitations because of the mac and duid on the respective systems. For example, my ISP uses nokia edge routers. Even if the duid is the same on two systems, if there is an active lease associated with one mac, it will reject subsequent solicitations until the existing lease expires.

moscato359

What version of pfsense are you using?
2.3.3p1

Do you have dhcp debug enabled in wan settings?
No

Is there anything different in the dhcp logs?

The logs look about the same to me.

ISP: Comcast
We're delegated on ipv6 a /56. On ipv4, I have a /29.

I had my netgate box having it disabled, while testing it on my supermicro box.

I just turned it off on my supermicro, turned it on on my netgate, then turned it back on, on my supermicro, and the entire supermicro box locked up.

I used ipmi to remote into it, and saw a hard frozen console. I was able to ipmi in, but the OS was stuck. This is pfsense on a samsung ssd with ecc memory, so corruption issues are unlikely. It doesn't normally just freeze. I've had it freeze in the past when I've tried modifying traffic shapers. If I do nothing, it chugs along forever.

Strangely enough, when it came back up, I had an ipv6 address on lan.

I have RA on, but haven't gotten an address on my box yet. That might be a windows issue.

Why would a reboot fix the tracking…


bimmerdriver

It's not clear to me based on your response exactly what is working / not working and how your systems are configured. I would ask you to post screen captures of status /gateways, status interfaces, interfaces / wan, interfaces / lan, services dhcp and dhcpv6, but if your system is locking up, you've got other problems.

moscato359

After a reboot of everything involved (computers, pfsense boxes, etc) everything is now working