[Solved] Issues with IPv6 after upgrade to 2.3.4

paddy76

Hello,

I upgraded to pfSense 2.3.4 today from 2.3.3(i think).
For some reason the IPv6 part is now fubar.
I use interface tracking with DHCP6 on the wan interfrace. I can have up to a 56 but I use a 63 today.

Now the issue is that pfSense seem to set prefix 64 on both the wan interface and the lan interface(where the tracking of wan is and using index 0).

I used to have a secondary interface that tracked with index 1 but I removed that to see if the issue would resolve itself.. it didn't.

From ifconfig
"

em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        inet6 2axx:2b0:3099:200::1 prefixlen 128 
        inet6 2axx:2b0:3099:200:250:56ff:feae:0 prefixlen 64 
        inet6 fe80::1:1%em0 prefixlen 64 scopeid 0x1 
        nd6 options=21 <performnud,auto_linklocal>em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        inet6 fe80::250:56ff:feae:1%em1 prefixlen 64 scopeid 0x2 
        inet6 2axx:2b0:3098:4::1 prefixlen 128 
        nd6 options=23 <performnud,accept_rtadv,auto_linklocal></performnud,accept_rtadv,auto_linklocal></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></up,broadcast,running,simplex,multicast> 

"

em0 = lan
em1 = wan
(I've replace part of the address with x's)

The PC connected to the pfSense FW is using DHCP6 from pfsense DHCP6 server and is receiving a prefix length of 64
ipconfig:

   IPv6 Address. . . . . . . . . . . : 2axx:2b0:3099:200:4188:1f48:b2ab:b632(Preferred)
   Temporary IPv6 Address. . . . . . : 2axx:2b0:3099:200:71ea:f955:80dd:ecb(Preferred)
   Link-local IPv6 Address . . . . . : fe80::4188:1f48:b2ab:b632%11(Preferred)

route:

11    301 2a01:2b0:3099:200::/64   On-link

I've tried rebooting and so forth but no luck..

HG

Have you set/checked these options (that's how it worked for me with 2.3.3 and still with 2.3.4)?

• Interfaces / WAN / DHCP6 Client Configuration / DHCPv6 Prefix Delegation size = 56
• Interfaces / WAN / DHCP6 Client Configuration / Send IPv6 prefix hint = Checked
• Interfaces / LAN / General Configuration / IPv6 Configuration Type = Track Interface (I'm pretty sure you already have that)
• Interfaces / LAN / Track IPv6 Interface / IPv6 Interface = WAN

Interfaces / LAN / Track IPv6 Interface / IPv6 Interface / IPv6 Prefix ID should now show you "(hexadecimal from 0 to ff)" below the input field. From my experience this (only) works if Interfaces / WAN / DHCP6 Client Configuration / DHCPv6 Prefix Delegation size is set correctly.

With my ISP, I have to set Interfaces / WAN / DHCP6 Client Configuration / Use IPv4 connectivity as parent interface = Checked, but I would be very surprised if you had to change that.

paddy76

@HG:

Have you set/checked these options (that's how it worked for me with 2.3.3 and still with 2.3.4)?

• Interfaces / WAN / DHCP6 Client Configuration / DHCPv6 Prefix Delegation size = 56
• Interfaces / WAN / DHCP6 Client Configuration / Send IPv6 prefix hint = Checked
• Interfaces / LAN / General Configuration / IPv6 Configuration Type = Track Interface (I'm pretty sure you already have that)
• Interfaces / LAN / Track IPv6 Interface / IPv6 Interface = WAN

Interfaces / LAN / Track IPv6 Interface / IPv6 Interface / IPv6 Prefix ID should now show you "(hexadecimal from 0 to ff)" below the input field. From my experience this (only) works if Interfaces / WAN / DHCP6 Client Configuration / DHCPv6 Prefix Delegation size is set correctly.

With my ISP, I have to set Interfaces / WAN / DHCP6 Client Configuration / Use IPv4 connectivity as parent interface = Checked, but I would be very surprised if you had to change that.

I changed nothing between 2.3.3 and 2.3.4 and yes they are more or less the same as you've specified - I do not have "use ipv4 connectivity as parent interface" .. it has always worked without that previously.

I checked my dhcpdv6.conf file now and that also specifies a /128 for some reason .. even after removing it and re-applying settings.

HG

Well, that's strange then… My next steps would be to manually check the config.xml from where everything is generated, if there is something strange in it. Maybe you have a backup of the working configuration you can compare it with (e.g. using WinMerge)?

(I already had the situation that there is something in the config.xml that has an effect that is not visible in the UI: My inner firewall (not the Internet gateway) sent out RAs on the LAN interface although the DHCP server (UI) is not available because the LAN interface has no static IP. I then set a static IP, changed the settings in the UI and removed the static IP again.)

paddy76

Thanks for all help.

I think I finally found the last problem.
I had a IP alias for ::1 so I could have a easy to remember static gateway.. it had a /128 per how I'm used to setup ip aliases. Apparently the dhcp server were using this as base for it's range6 statement and it also messed things up somehow so it didn't reply to that anymore.

After removing the ip alias and also disabling ipv6 completely on the lan interface and re-enabling everything including the ip alias but now as a /64.. everything seems fine again.

Not sure if some check was changed between the releases.. because this issue started after the upgrade.