4. IPv6 stops working moments after booting after upgrade to 2.4.0

IPv6 stops working moments after booting after upgrade to 2.4.0

  • J

    Ever since upgrading to 2.4 I can no longer get pfSense to maintain an IPv6 address for anyting except the WAN_DHCP6 Gateway. My WAN interface has no address, my LAN interface has no address. When pfSense first boots if I restart the device, everything works for just long enough for me to log into the UI and see that there is an IPv6 address and subnet assigned tot he correct interfaces.

    ISP: Comcast Residential
    Hardware Model: SG-4860

    I for the life of me can't figure out why ipv6 no longer works.

    Here is my WAN DHCP6 config: https://i.imgur.com/xzLd8bm.png

    EDIT - I rebooted the router again, this time I immediately refreshed my IPv6 address on a client machine and was indeed able to ping out for a good 20 to 30 seconds before connectivity was lost.

    0
  • ?

    Can you post the dhcp & system logs from boot to when you lose the IPv6 link. Hide any IP's if you wish to.

    Also, how are you providing IPv6 on the LAN side, managed, assisted etc, and can the client ping the gateway on IPv6?

    Is your firewall default or are you using anything like pfBlocker etc.

    0
  • J

    dhcp log: https://gist.github.com/jassmith/a266bb2c8453526c17e18bfd15bdf737
    syslog: https://gist.github.com/jassmith/9564881c273ad9709a1485a74f7aefca

    Both logs start at system boot and go to just after ipv6 stops working.

    LAN is set up to Track Interface for IPv6. DHCPv6 Server and RA are default settings. I do not run pfBlocker and while my firewall is not default, it is not overly complex.

    WAN rules: https://i.imgur.com/kZULWEc.png

    LAN rules: https://i.imgur.com/tSc1mRS.png (note the pia_redirect_group is empty, I should probably delete those rules as I use a VLAN for that purpose now)

    0
  • ?

    Can you uninstall suricata and try it then.

    Something is really screwed up. Is this a fresh install?

    0
  • J

    And boom goes the dynamite. Thanks man!

    It turns out Suricata was blocking some part of the communication. Basically the UDPv6 Checksum rule started hitting for whatever reason. I've disabled the rule entirely and all is good.

    Again, thank you for your time and effort.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy