IPv6 with track interface on LAN stopped working



  • I built a new pfsense vm in vmware, got it working with WAN set to /56 and LAN set to track interface.  Everything worked great for a few weeks, until I decided to play around with more features like ramdisk.  After restarting pfsense for the 2nd time (after unchecking ramdisk again when I realized it was pointless) my LAN IPv6 address has disappeared.  I can ping out via ipv6 from the WAN, but of course none of the clients.  WAN connection only works when set to /56 so I think that’s correct.  I tried restarting multiple times, disabling ipv6 completely for a day and letting it sit, then enabling again.

    Per my ISP I have the following information, which seems to indicate and issue with pfsense:

    "Your WAN address would be a /64 address.  The range for the delegated prefixes are:
    2604:5500:c078:8100:: /56 and 2604:5500:c078:bf00:: /56  - For LAN addresses.

    Here are the advertisements that are being sent out from the DHCPv6 server to you.  Note the Dynamic User ID that contains your MAC address.

    Advertise NA: address 2604:5500:c078:8000::140 to client with duid 00:01:00:01:21:df:35:00:00:0c:29:4e:f2:c2 iaid = 0 valid for 31536000 seconds

    Advertise PD: address 2604:5500:c078:bd00::/56 to client with duid 00:01:00:01:21:df:35:00:00:0c:29:4e:f2:c2 iaid = 0 valid for 31536000 seconds

    SSH@core.410townsend#sho ipv6 neigh | i 294e.f2cc

    285  2604:5500:c078:8000:20c:29ff:xxx:xxx  723  000c.294e.f2cc REACH  7    2/2                      1

    387  fe80::20c:29ff:fe4e:f2cc                723  000c.294e.f2cc STALE  10    2/2                      1

    Getting this in DHCP log on bootup:

    Jan 24 10:00:48 dhcp6c 28299 Sending Solicit
    Jan 24 10:00:44 dhcp6c 28299 Sending Solicit
    Jan 24 10:00:42 dhcp6c 28299 Sending Solicit
    Jan 24 10:00:41 dhcp6c 28299 Sending Solicit
    Jan 24 10:00:40 dhcp6c 27988 skip opening control port
    Jan 24 10:00:40 dhcp6c 27988 failed initialize control message authentication
    Jan 24 10:00:40 dhcp6c 27988 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory

    Also, contents of /var/etc/dhcp6c_wan.conf are:

    interface vmx1 {
    send ia-na 0; # request stateful address
    send ia-pd 0; # request prefix delegation
    request domain-name-servers;
    request domain-name;
    script “/var/etc/dhcp6c_wan_script.sh”; # we’d like some nameservers please
    };
    id-assoc na 0 { };

    Per this thread:  https://www.reddit.com/r/PFSENSE/comments/68bj9e/most_dhcpv6_options_ignored/

    Is that conf file supposed to be getting updated when I set LAN to track interface?



  • Noticed in the logs when I boot up, I’m getting the following every two minutes but then it stops after a while:

    dhcp6c 27601 Sending Solicit

    I assume this is pfsense asking for a prefix delegation from dhcp6?

    If anyone has any thoughts would love to hear it.  ISP has been trying to work with me - they even rebuilt the ipv6 settings for my local switch which seemed to get me an address for a couple minutes, but then disappeared.



  • Just in case it helps someone who might be able to help me, I’ll include more info from my ISP since they’ve been nice enough to look pretty deeply into this for me:

    Below I found a reference to a Release message from the Requesting Router.  I do not have specifics on what the Requesting Router returns when it uses the delegation (binding state active).

    In referencing the RFC 3633 - IPv6 Prefix Options for DHCPv6 -  https://tools.ietf.org/html/rfc3633#section-10    Page 12;  3rd paragraph states:

    “The requesting router uses a Release message to return a delegated prefix to a delegating router. The prefixes to be released MUST be included in the IA_PDs.”

    ===========================================

    I guess I had the LAN MAC already.  It is part of the DUID.  I have also included other information from the DHCPv6 server.  The advertisements and the binding state.  Currently the only binding state your PD has is RELEASED

    Sho ipv6 neighbor
    3    2604:5500:c078:8000:20c:29ff:fe4e:f2cc  723  000c.294e.f2cc STALE  2    2/2                      1
    4    fe80::20c:29ff:fe4e:f2cc                            723  000c.294e.f2cc REACH  20    2/2                      1

    From the DHCPv6 Server Logs:  (Same advertisements as previously are still being advertised.)
    NA - Neighborhood Advertisement
    PD - Prefix Delegation

    Jan 31 18:51:46 dhcpv6-sf dhcpd[489]: Advertise NA: address 2604:5500:c078:8000::107 to client with duid 00:01:00:01:21:fa:d7:dc:00:0c:29:4e:f2:c2 iaid = 0 valid for 31536000 seconds

    Jan 31 18:51:46 dhcpv6-sf dhcpd[489]: Advertise PD: address 2604:5500:c078:bd00::/56 to client with duid 00:01:00:01:21:fa:d7:dc:00:0c:29:4e:f2:c2 iaid = 0 valid for 31536000 seconds

    Here is the Prefix Delegation Lease

    ia-pd “\000\000\000\000\000\001\000\001!\372\327\334\000\014)N\362\302” {
      cltt 1 2018/01/29 04:16:58;
      iaprefix 2604:5500:c078:bd00::/56 {
        binding state released;
        preferred-life 19710000;
        max-life 31536000;
        ends 2 2019/01/29 04:13:38;
      }
    }

    The binding state is either active or released

    SO I also found this in the dhcpd6.leases file

    If I search for the Network portion (What I placed in BOLD) of the Neighborhood Advertisement (NA) 2604:5500:c078:8000::107  The results are below:

    ia-na “\245K\006@\000\003\000\001\220r@\006K\245” {
      cltt 1 2018/01/15 02:03:51;
      iaaddr 2604:5500:c078:8000::200 {
        binding state active;
        preferred-life 7200;
        max-life 31536000;
        ends 2 2019/01/15 02:03:51;
      }
    }

    ia-na “\000\000\000\000\000\001\000\001!\372\327\334\000\014)N\362\302” {
      cltt 1 2018/01/29 04:16:56;
      iaaddr 2604:5500:c078:8000::107 {
        binding state released;
        preferred-life 19710000;
        max-life 31536000;
        ends 2 2019/01/29 04:13:38;
      }
    }

    Notice that there are two listings.  The first is the announcment ending in ::200 and the second ending in ::107 which is advertised to your DUID 00:01:00:01:21:fa:d7:dc:00:0c:29:4e:f2:c2

    According to all these findings.  The DHCPv6 server is announcing the delegations properly.  But it seems your router is not acknowledging (making the binding state active).  Notice the other delegation is active.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy