IPv6 stops working moments after booting after upgrade to 2.4.0
Ever since upgrading to 2.4 I can no longer get pfSense to maintain an IPv6 address for anyting except the WAN_DHCP6 Gateway. My WAN interface has no address, my LAN interface has no address. When pfSense first boots if I restart the device, everything works for just long enough for me to log into the UI and see that there is an IPv6 address and subnet assigned tot he correct interfaces.
ISP: Comcast Residential
Hardware Model: SG-4860
I for the life of me can't figure out why ipv6 no longer works.
Here is my WAN DHCP6 config: https://i.imgur.com/xzLd8bm.png
EDIT - I rebooted the router again, this time I immediately refreshed my IPv6 address on a client machine and was indeed able to ping out for a good 20 to 30 seconds before connectivity was lost.
Can you post the dhcp & system logs from boot to when you lose the IPv6 link. Hide any IP's if you wish to.
Also, how are you providing IPv6 on the LAN side, managed, assisted etc, and can the client ping the gateway on IPv6?
Is your firewall default or are you using anything like pfBlocker etc.
dhcp log: https://gist.github.com/jassmith/a266bb2c8453526c17e18bfd15bdf737
Both logs start at system boot and go to just after ipv6 stops working.
LAN is set up to Track Interface for IPv6. DHCPv6 Server and RA are default settings. I do not run pfBlocker and while my firewall is not default, it is not overly complex.
WAN rules: https://i.imgur.com/kZULWEc.png
LAN rules: https://i.imgur.com/tSc1mRS.png (note the pia_redirect_group is empty, I should probably delete those rules as I use a VLAN for that purpose now)
Can you uninstall suricata and try it then.
Something is really screwed up. Is this a fresh install?
And boom goes the dynamite. Thanks man!
It turns out Suricata was blocking some part of the communication. Basically the UDPv6 Checksum rule started hitting for whatever reason. I've disabled the rule entirely and all is good.
Again, thank you for your time and effort.