IPv6 with track interface on LAN stopped working



  • I built a new pfsense vm in vmware, got it working with WAN set to /56 and LAN set to track interface.  Everything worked great for a few weeks, until I decided to play around with more features like ramdisk.  After restarting pfsense for the 2nd time (after unchecking ramdisk again when I realized it was pointless) my LAN IPv6 address has disappeared.  I can ping out via ipv6 from the WAN, but of course none of the clients.  WAN connection only works when set to /56 so I think that's correct.  I tried restarting multiple times, disabling ipv6 completely for a day and letting it sit, then enabling again.

    Per my ISP I have the following information, which seems to indicate and issue with pfsense:

    "Your WAN address would be a /64 address.  The range for the delegated prefixes are:
    2604:5500:c078:8100:: /56 and 2604:5500:c078:bf00:: /56  - For LAN addresses.

    Here are the advertisements that are being sent out from the DHCPv6 server to you.  Note the Dynamic User ID that contains your MAC address.

    Advertise NA: address 2604:5500:c078:8000::140 to client with duid 00:01:00:01:21:df:35:00:00:0c:29:4e:f2:c2 iaid = 0 valid for 31536000 seconds

    Advertise PD: address 2604:5500:c078:bd00::/56 to client with duid 00:01:00:01:21:df:35:00:00:0c:29:4e:f2:c2 iaid = 0 valid for 31536000 seconds

    SSH@core.410townsend#sho ipv6 neigh | i 294e.f2cc

    285  2604:5500:c078:8000:20c:29ff:xxx:xxx  723  000c.294e.f2cc REACH  7    2/2                      1

    387  fe80::20c:29ff:fe4e:f2cc                723  000c.294e.f2cc STALE  10    2/2                      1

    Getting this in DHCP log on bootup:

    Jan 24 10:00:48 dhcp6c 28299 Sending Solicit
    Jan 24 10:00:44 dhcp6c 28299 Sending Solicit
    Jan 24 10:00:42 dhcp6c 28299 Sending Solicit
    Jan 24 10:00:41 dhcp6c 28299 Sending Solicit
    Jan 24 10:00:40 dhcp6c 27988 skip opening control port
    Jan 24 10:00:40 dhcp6c 27988 failed initialize control message authentication
    Jan 24 10:00:40 dhcp6c 27988 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory

    Also, contents of /var/etc/dhcp6c_wan.conf are:

    interface vmx1 {
    send ia-na 0; # request stateful address
    send ia-pd 0; # request prefix delegation
    request domain-name-servers;
    request domain-name;
    script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
    };
    id-assoc na 0 { };

    Per this thread:  https://www.reddit.com/r/PFSENSE/comments/68bj9e/most_dhcpv6_options_ignored/

    Is that conf file supposed to be getting updated when I set LAN to track interface?



  • Noticed in the logs when I boot up, I'm getting the following every two minutes but then it stops after a while:

    dhcp6c 27601 Sending Solicit

    I assume this is pfsense asking for a prefix delegation from dhcp6?

    If anyone has any thoughts would love to hear it.  ISP has been trying to work with me - they even rebuilt the ipv6 settings for my local switch which seemed to get me an address for a couple minutes, but then disappeared.



  • Just in case it helps someone who might be able to help me, I'll include more info from my ISP since they've been nice enough to look pretty deeply into this for me:

    Below I found a reference to a Release message from the Requesting Router.  I do not have specifics on what the Requesting Router returns when it uses the delegation (binding state active).

    In referencing the RFC 3633 - IPv6 Prefix Options for DHCPv6 -  https://tools.ietf.org/html/rfc3633#section-10    Page 12;  3rd paragraph states:

    "The requesting router uses a Release message to return a delegated prefix to a delegating router. The prefixes to be released MUST be included in the IA_PDs."

    ===========================================

    I guess I had the LAN MAC already.  It is part of the DUID.  I have also included other information from the DHCPv6 server.  The advertisements and the binding state.  Currently the only binding state your PD has is RELEASED

    Sho ipv6 neighbor
    3    2604:5500:c078:8000:20c:29ff:fe4e:f2cc  723  000c.294e.f2cc STALE  2    2/2                      1
    4    fe80::20c:29ff:fe4e:f2cc                            723  000c.294e.f2cc REACH  20    2/2                      1

    From the DHCPv6 Server Logs:  (Same advertisements as previously are still being advertised.)
    NA - Neighborhood Advertisement
    PD - Prefix Delegation

    Jan 31 18:51:46 dhcpv6-sf dhcpd[489]: Advertise NA: address 2604:5500:c078:8000::107 to client with duid 00:01:00:01:21:fa:d7:dc:00:0c:29:4e:f2:c2 iaid = 0 valid for 31536000 seconds

    Jan 31 18:51:46 dhcpv6-sf dhcpd[489]: Advertise PD: address 2604:5500:c078:bd00::/56 to client with duid 00:01:00:01:21:fa:d7:dc:00:0c:29:4e:f2:c2 iaid = 0 valid for 31536000 seconds

    Here is the Prefix Delegation Lease

    ia-pd "\000\000\000\000\000\001\000\001!\372\327\334\000\014)N\362\302" {
      cltt 1 2018/01/29 04:16:58;
      iaprefix 2604:5500:c078:bd00::/56 {
        binding state released;
        preferred-life 19710000;
        max-life 31536000;
        ends 2 2019/01/29 04:13:38;
      }
    }

    The binding state is either active or released

    SO I also found this in the dhcpd6.leases file

    If I search for the Network portion (What I placed in BOLD) of the Neighborhood Advertisement (NA) 2604:5500:c078:8000::107  The results are below:

    ia-na "\245K\006@\000\003\000\001\220r@\006K\245" {
      cltt 1 2018/01/15 02:03:51;
      iaaddr 2604:5500:c078:8000::200 {
        binding state active;
        preferred-life 7200;
        max-life 31536000;
        ends 2 2019/01/15 02:03:51;
      }
    }

    ia-na "\000\000\000\000\000\001\000\001!\372\327\334\000\014)N\362\302" {
      cltt 1 2018/01/29 04:16:56;
      iaaddr 2604:5500:c078:8000::107 {
        binding state released;
        preferred-life 19710000;
        max-life 31536000;
        ends 2 2019/01/29 04:13:38;
      }
    }

    Notice that there are two listings.  The first is the announcment ending in ::200 and the second ending in ::107 which is advertised to your DUID 00:01:00:01:21:fa:d7:dc:00:0c:29:4e:f2:c2

    According to all these findings.  The DHCPv6 server is announcing the delegations properly.  But it seems your router is not acknowledging (making the binding state active).  Notice the other delegation is active.



  • @mgittelman This is 7 Months Old, and I fell in to same boat. NO configuration changes I just had to reboot one day due to a vmware issue. Now ipv6 does not work any more. If I connect a laptop directly to the modem I get ipv6 as expected. Just Pfsense no longer works. Ended up setting up a HE tunnel to get by. Wonder if there is a solution to this problem?


  • Netgate

    Going to need much more information than "no longer works."



  • @derelict Yes its strange, I have DHCP6 setup on WAN, I was not asking for an IP just PD, which has been working. I have 2 LAN nic's on 2 separate Vlan,s so one PD is 0 the other was dd.
    One morning My gig network was down, switch was hosed so I rebooted the switch. Now I can no longer get any ipv6 info. to the Interfaces.
    But if I look in the DHCP logs I see a PD being assigned I can see a WAN IP assigned. but they never make it to my Interfaces.
    Snippet from the Logs:
    Sep 2 15:45:24 dhcp6c 48184 IA_NA address: 2603:9000:ff00:b5:1da7:7fff:a000:b95a pltime=604706 vltime=604706
    Sep 2 15:45:24 dhcp6c 48184 get DHCP option IA_PD, len 41
    Sep 2 15:45:24 dhcp6c 48184 IA_PD: ID=0, T1=302353, T2=483764
    Sep 2 15:45:24 dhcp6c 48184 get DHCP option IA_PD prefix, len 25
    Sep 2 15:45:24 dhcp6c 48184 IA_PD prefix: 2603:9000:b591:7800::/56 pltime=604706 vltime=604706
    so my Request for PD is being answered but Track interface never gets an assigned Prefix.
    also FYI I wiped my config back to Factory, just as a test, setup WAN and LAN and it still does not work.
    If I hook laptop directly to the Modem I get WAN ipv6 address.
    so something is hosed with Tracking on the interfaces. or my DUID is banned, (but I changed it) I also changed my wan MAC address and get a new ipv4 address now.
    but no Ipv6 makes it to the interface.
    What would you need to see my issue more clearly.


  • Netgate

    What is in /var/etc/dhcp6c_wan.conf ??



  • more dhcp6c_wan.conf
    interface vmx0 {
    send ia-na 0; # request stateful address
    send ia-pd 0; # request prefix delegation
    request domain-name-servers;
    request domain-name;
    script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
    };
    id-assoc na 0 { };
    id-assoc pd 0 {
    prefix ::/56 infinity;
    prefix-interface vmx1 {
    sla-id 0;
    sla-len 8;
    };
    prefix-interface vmx2 {
    sla-id 187;
    sla-len 8;
    };
    };


  • Netgate

    Looks like what should be there.

    What is after that in the DHCP logs? There should be information about creating and updating prefixes below the part where it gets the IA_PD response. The create a prefix and add an address in this log is this node's track interface LAN with an id of 1. Just post a whole sequence if you can.

    Sep/04/2018 00:52:24: Sending Solicit
    Sep/04/2018 00:52:24: set client ID (len 14)
    Sep/04/2018 00:52:24: set identity association
    Sep/04/2018 00:52:24: set elapsed time (len 2)
    Sep/04/2018 00:52:24: set option request (len 4)
    Sep/04/2018 00:52:24: set IA_PD prefix
    Sep/04/2018 00:52:24: set IA_PD
    Sep/04/2018 00:52:24: send solicit to ff02::1:2%re1
    Sep/04/2018 00:52:24: reset a timer on re1, state=SOLICIT, timeo=4, retrans=16326
    Sep/04/2018 00:52:24: receive advertise from fe80::208:a2ff:fe0a:593f%re1 on re1
    Sep/04/2018 00:52:24: get DHCP option identity association, len 40
    Sep/04/2018 00:52:24:   IA_NA: ID=0, T1=0, T2=0
    Sep/04/2018 00:52:24: get DHCP option IA address, len 24
    Sep/04/2018 00:52:24:   IA_NA address: 2001:dabb:ad00:7fff::ed96:eec5 pltime=4500 vltime=7200
    Sep/04/2018 00:52:24: get DHCP option IA_PD, len 41
    Sep/04/2018 00:52:24:   IA_PD: ID=0, T1=0, T2=0
    Sep/04/2018 00:52:24: get DHCP option IA_PD prefix, len 25
    Sep/04/2018 00:52:24:   IA_PD prefix: 2001:dabb:ad00:fc00::/56 pltime=4500 vltime=7200
    Sep/04/2018 00:52:24: get DHCP option client ID, len 14
    Sep/04/2018 00:52:24:   DUID: 00:01:00:xx:xx:xx:xx:xx:fe:e0:54:6e:79:49
    Sep/04/2018 00:52:24: get DHCP option server ID, len 14
    Sep/04/2018 00:52:24:   DUID: 00:01:00:01:21:6c:b6:e4:00:08:a2:0a:59:3f
    Sep/04/2018 00:52:24: get DHCP option DNS, len 16
    Sep/04/2018 00:52:24: server ID: 00:01:00:01:21:6c:b6:e4:00:08:a2:0a:59:3f, pref=-1
    Sep/04/2018 00:52:24: reset timer for re1 to 0.997431
    Sep/04/2018 00:52:25: picked a server (ID: 00:01:00:01:21:6c:b6:e4:00:08:a2:0a:59:3f)
    Sep/04/2018 00:52:25: Sending Request
    Sep/04/2018 00:52:25: a new XID (777d7b) is generated
    Sep/04/2018 00:52:25: set client ID (len 14)
    Sep/04/2018 00:52:25: set server ID (len 14)
    Sep/04/2018 00:52:25: set IA address
    Sep/04/2018 00:52:25: set identity association
    Sep/04/2018 00:52:25: set elapsed time (len 2)
    Sep/04/2018 00:52:25: set option request (len 4)
    Sep/04/2018 00:52:25: set IA_PD prefix
    Sep/04/2018 00:52:25: set IA_PD
    Sep/04/2018 00:52:25: send request to ff02::1:2%re1
    Sep/04/2018 00:52:25: reset a timer on re1, state=REQUEST, timeo=0, retrans=955
    Sep/04/2018 00:52:25: receive reply from fe80::208:a2ff:fe0a:593f%re1 on re1
    Sep/04/2018 00:52:25: get DHCP option identity association, len 40
    Sep/04/2018 00:52:25:   IA_NA: ID=0, T1=0, T2=0
    Sep/04/2018 00:52:25: get DHCP option IA address, len 24
    Sep/04/2018 00:52:25:   IA_NA address: 2001:dabb:ad00:7fff::ed96:eec5 pltime=4500 vltime=7200
    Sep/04/2018 00:52:25: get DHCP option IA_PD, len 41
    Sep/04/2018 00:52:25:   IA_PD: ID=0, T1=0, T2=0
    Sep/04/2018 00:52:25: get DHCP option IA_PD prefix, len 25
    Sep/04/2018 00:52:25:   IA_PD prefix: 2001:dabb:ad00:fc00::/56 pltime=4500 vltime=7200
    Sep/04/2018 00:52:25: get DHCP option client ID, len 14
    Sep/04/2018 00:52:25:   DUID: 00:01:00:xx:xx:xx:xx:xx:fe:e0:54:6e:79:49
    Sep/04/2018 00:52:25: get DHCP option server ID, len 14
    Sep/04/2018 00:52:25:   DUID: 00:01:00:01:21:6c:b6:e4:00:08:a2:0a:59:3f
    Sep/04/2018 00:52:25: get DHCP option DNS, len 16
    Sep/04/2018 00:52:25: dhcp6c Received REQUEST
    Sep/04/2018 00:52:25: nameserver[0] 2001:dabb:ad00:7fff::1
    Sep/04/2018 00:52:25: make an IA: PD-0
    Sep/04/2018 00:52:25: create a prefix 2001:dabb:ad00:fc00::/56 pltime=4500, vltime=7200
    Sep/04/2018 00:52:25: add an address 2001:dabb:ad00:fc01:fce0:54ff:fe6e:7949/64 on re0
    Sep/04/2018 00:52:25: T1(2250) and/or T2(3600) is locally determined
    Sep/04/2018 00:52:25: make an IA: NA-0
    Sep/04/2018 00:52:25: create an address 2001:dabb:ad00:7fff::ed96:eec5 pltime=4500, vltime=14320663271269473312
    Sep/04/2018 00:52:25: add an address 2001:dabb:ad00:7fff::ed96:eec5/128 on re1
    Sep/04/2018 00:52:25: T1(2250) and/or T2(3600) is locally determined
    Sep/04/2018 00:52:25: executes /var/etc/dhcp6c_wan_dhcp6withoutra_script.sh
    Sep/04/2018 00:52:27: script "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh" terminated
    Sep/04/2018 00:52:27: removing an event on re1, state=REQUEST
    Sep/04/2018 00:52:27: removing server (ID: 00:01:00:01:21:6c:b6:e4:00:08:a2:0a:59:3f)
    Sep/04/2018 00:52:27: got an expected reply, sleeping.
    


  • This was working perfectly, then all the sudden it stopped working. I can see in Logs where a PD is coming down the pipe but the LAN Track interface never populates with the PD.
    for Testing purposes I built a new Pfsense box, No config just blank, setup WAN LAN, enabled Ipv6 and same result.
    Sorry if my Logs are upside down, box was checked to have recent at top. This is what confuses it looks like I am getting correct responses.

    Sep 3 21:09:46 dhcp6c 49426 reset a timer on vmx0, state=REQUEST, timeo=1, retrans=1845
    Sep 3 21:09:46 dhcp6c 49426 send request to ff02::1:2%vmx0
    Sep 3 21:09:46 dhcp6c 49426 set IA_PD
    Sep 3 21:09:46 dhcp6c 49426 set IA_PD prefix
    Sep 3 21:09:46 dhcp6c 49426 set option request (len 4)
    Sep 3 21:09:46 dhcp6c 49426 set elapsed time (len 2)
    Sep 3 21:09:46 dhcp6c 49426 set identity association
    Sep 3 21:09:46 dhcp6c 49426 set IA address
    Sep 3 21:09:46 dhcp6c 49426 set server ID (len 14)
    Sep 3 21:09:46 dhcp6c 49426 set client ID (len 14)
    Sep 3 21:09:46 dhcp6c 49426 Sending Request
    Sep 3 21:09:45 dhcp6c 49426 reset a timer on vmx0, state=REQUEST, timeo=0, retrans=911
    Sep 3 21:09:45 dhcp6c 49426 send request to ff02::1:2%vmx0
    Sep 3 21:09:45 dhcp6c 49426 set IA_PD
    Sep 3 21:09:45 dhcp6c 49426 set IA_PD prefix
    Sep 3 21:09:45 dhcp6c 49426 set option request (len 4)
    Sep 3 21:09:45 dhcp6c 49426 set elapsed time (len 2)
    Sep 3 21:09:45 dhcp6c 49426 set identity association
    Sep 3 21:09:45 dhcp6c 49426 set IA address
    Sep 3 21:09:45 dhcp6c 49426 set server ID (len 14)
    Sep 3 21:09:45 dhcp6c 49426 set client ID (len 14)
    Sep 3 21:09:45 dhcp6c 49426 a new XID (cd1ea5) is generated
    Sep 3 21:09:45 dhcp6c 49426 Sending Request
    Sep 3 21:09:45 dhcp6c 49426 server ID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd, pref=255
    Sep 3 21:09:45 dhcp6c 49426 preference: 255
    Sep 3 21:09:45 dhcp6c 49426 get DHCP option preference, len 1
    Sep 3 21:09:45 dhcp6c 49426 IA_PD prefix: 2603:9000:b505:bb00::/56 pltime=567719 vltime=567719
    Sep 3 21:09:45 dhcp6c 49426 get DHCP option IA_PD prefix, len 25
    Sep 3 21:09:45 dhcp6c 49426 IA_PD: ID=0, T1=283859, T2=454175
    Sep 3 21:09:45 dhcp6c 49426 get DHCP option IA_PD, len 41
    Sep 3 21:09:45 dhcp6c 49426 IA_NA address: 2603:9000:ff00:b5:5cc7:f677:e6e4:6a7e pltime=566005 vltime=566005
    Sep 3 21:09:45 dhcp6c 49426 get DHCP option IA address, len 24
    Sep 3 21:09:45 dhcp6c 49426 IA_NA: ID=0, T1=283002, T2=452804
    Sep 3 21:09:45 dhcp6c 49426 get DHCP option identity association, len 40
    Sep 3 21:09:45 dhcp6c 49426 DUID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd
    Sep 3 21:09:45 dhcp6c 49426 get DHCP option server ID, len 14
    Sep 3 21:09:45 dhcp6c 49426 DUID: 00:01:00:01:22:e4:18:42:00:50:56:b7:ee:fb
    Sep 3 21:09:45 dhcp6c 49426 get DHCP option client ID, len 14
    Sep 3 21:09:45 dhcp6c 49426 receive advertise from fe80::2bc:60ff:fe93:1419%vmx0 on vmx0
    Sep 3 21:09:45 dhcp6c 49426 reset a timer on vmx0, state=SOLICIT, timeo=1, retrans=2083
    Sep 3 21:09:45 dhcp6c 49426 send solicit to ff02::1:2%vmx0
    Sep 3 21:09:45 dhcp6c 49426 set IA_PD
    Sep 3 21:09:45 dhcp6c 49426 set IA_PD prefix
    Sep 3 21:09:45 dhcp6c 49426 set option request (len 4)
    Sep 3 21:09:45 dhcp6c 49426 set elapsed time (len 2)
    Sep 3 21:09:45 dhcp6c 49426 set identity association
    Sep 3 21:09:45 dhcp6c 49426 set client ID (len 14)
    Sep 3 21:09:45 dhcp6c 49426 Sending Solicit
    Sep 3 21:09:44 dhcp6c 49426 reset a timer on vmx0, state=SOLICIT, timeo=0, retrans=1091
    Sep 3 21:09:44 dhcp6c 49426 send solicit to ff02::1:2%vmx0
    Sep 3 21:09:44 dhcp6c 49426 set IA_PD
    Sep 3 21:09:44 dhcp6c 49426 set IA_PD prefix
    Sep 3 21:09:44 dhcp6c 49426 set option request (len 4)
    Sep 3 21:09:44 dhcp6c 49426 set elapsed time (len 2)
    Sep 3 21:09:44 dhcp6c 49426 set identity association
    Sep 3 21:09:44 dhcp6c 49426 set client ID (len 14)
    Sep 3 21:09:44 dhcp6c 49426 a new XID (f6776d) is generated
    Sep 3 21:09:44 dhcp6c 49426 Sending Solicit



  • Also like to mention that during boot I see WAN Syslodg: Bind : Can't assign requested address.
    sorry typed that from Memory, but it hangs the box for a few minutes, have read its FE80 Addresses that are stuck on the interface.


  • Netgate

    That is not representative of actually getting a response. All I see there is Send Solicit. Look at the log I posted. See the send request and receive reply.



  • so I am not receiving a reply or is their anyway possible I'm Blocking it? When I hook laptop to Modem reboot everything I get WAN ipv6 address, so I am not blaming the ISP I have to be missing something.

    Also I do have a Tunnel to HE.net and I do not forward all traffic out the HE gateway, I have a Rule on specific Vlan to route that traffic.



  • Log finally posted this Says No responses were received?

    Sep 3 21:18:35 dhcp6c 86742 removing server (ID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd)
    Sep 3 21:18:35 dhcp6c 86742 removing an event on vmx0, state=REQUEST
    Sep 3 21:18:35 dhcp6c 86742 no responses were received
    Sep 3 21:18:07 dhcp6c 86742 reset a timer on vmx0, state=REQUEST, timeo=9, retrans=27750
    Sep 3 21:18:07 dhcp6c 86742 send request to ff02::1:2%vmx0
    Sep 3 21:18:07 dhcp6c 86742 set IA_PD
    Sep 3 21:18:07 dhcp6c 86742 set IA_PD prefix
    Sep 3 21:18:07 dhcp6c 86742 set option request (len 4)
    Sep 3 21:18:07 dhcp6c 86742 set elapsed time (len 2)
    Sep 3 21:18:07 dhcp6c 86742 set identity association

    Found this also in the Log, is this .Key thing a problem?

    Sep 3 21:15:15 dhcp6c 5912 <5>[vmx0] (4)
    Sep 3 21:15:15 dhcp6c 5912 <3>[interface] (9)
    Sep 3 21:15:15 dhcp6c 5912 skip opening control port
    Sep 3 21:15:15 dhcp6c 5912 failed initialize control message authentication
    Sep 3 21:15:15 dhcp6c 5912 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Sep 3 21:15:15 dhcp6c 5912 extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:22:e4:18:42:00:50:56:b7:ee:fb


  • Netgate

    Packet capture for IPv6 ICMPv6 on WAN and see what's actually going on out there. Maybe they don't like the DUID since they already think they have a lease out to the laptop. Are you requesting a PD on the laptop? I doubt it so that isn't a comparable test.

    Have you called them? Maybe they need to clear something in their DHCP server.

    No, that control port is not an issue.

    | Sep 3 21:18:35 dhcp6c 86742 no responses were received

    Exactly.



  • Correct on the laptop did not request a PD not really a valid test, other than It does get a WAN ipv6 address, so the least I should get one on the Wan IP on the pfsense box.
    I will generate a custom unique UUID and force that out, you have a good point as pfsense spoofs the MAC and UUID


  • Netgate

    I would get rid of any spoofed MAC addresses unless you know you need them. That's really hacky. It's almost always better to just have the ISP do what they need to do (if anything) so you can use the new MAC address.

    DHCPv6 doesn't use MAC as an identifier. It uses the DUID. Thought part of the DUID generation input might be a link-layer (MAC) address.



  • I did that early today took out all the MAC fields, made sure they were Actually the MAC of that Interface card. SO im all clean there. the DUID or UUID is generated using the WAN's mac address.

    Running packet capture now but its not finding the conversation just some icmp stuff.



  • I setup Syslog and can filter for dhcpd6, so I caught this in the Log when saving WAN/LAN forcing dhcpd6 to update:

    0_1536243738300_ae793fc9-2b5c-490a-bcb5-23f9795f6de6-image.png reset a timer on vmx0
    transmit failed: Can't assign requested address
    set IA_PD
    set IA_PD prefix
    set option request (len 4)
    set elapsed time (len 2)
    set identity association
    set client ID (len 18)
    Sending Solicit
    reset a timer on vmx0
    transmit failed: Can't assign requested address
    set IA_PD
    set IA_PD prefix
    set option request (len 4)
    set elapsed time (len 2)
    set identity association
    set client ID (len 18)
    Sending Solicit
    reset a timer on vmx0
    transmit failed: Can't assign requested address



  • @Derelict you live in Vegas so I’m guessing you have Cox as well. Any tips to get ipv6 working? I just redid my install from scratch, set lan to track, nothing checked on WAN. Still only getting link-local ipv6 address. It’s driving me crazy!


  • Netgate

    This is what I use with Cox and a Netgear CM600:

    0_1536248745484_Screen Shot 2018-09-06 at 8.44.46 AM.png



  • so these are the logs from dhcp, any hints from them as to what is going on? I even tried swapping interfaces just now and still no good.

    0_1536252050313_Capture.PNG


  • Netgate

    Anything else ever happen? It's not uncommon to take a few solicits before getting a response. Not sure why they delay.

    With Cable it is strange because you are often actually talking to your modem, which is obtaining the address information from upstream via whatever method (I have never seen a Cable ISP any further up than the modem itself so it's a "black box" to me). Have you verified with Cox that your modem will work with IPv6 and that they don't have to enable something?



  • @derelict Yeah, if I go direct into my laptop from the modem I get an IPv6 address right away. I just switched back over to my edgerouter and boom, just like that it has an IPv6 address.



  • Ok, so if I plug the edgerouter into the modem then feed pfsense from the edgerouter it gets an ipv6 address but not direct to the modem. What the heck?!


  • Netgate

    All I can say is those settings work. if pfSense is sending the solicit and getting no reply, not sure where to have you go except upstream to them. Maybe try the unplug WAN, reboot modem, let it sync, reconnect WAN dance.

    Maybe edit/save a new DUID in System > Advanced, Networking. Resetting the DUID might kick the DHCP server into gear but just a guess.

    The DUID should be saved in the config anyway. I use DUID-LLT. You can manually get a new time in seconds with date "+%s"



  • How can I view the actual DUID to confirm that its changing?


  • Netgate

    Should be in the dhcp6c logs


  • Netgate

    @dudleydogg That looks like the client cannot transmit on that interface at all.

    Can't assign requested address likely means that the WAN interface addressing is pretty grossly misconfigured. Or maybe the default gateway is not something on the WAN subnet, or something else wrong with sending traffic out WAN. Hard to say based on that.


  • Netgate

    The DHCPv6 server should probably be enabled and RA on the tracked interface should probably be set to "Assisted" but that will not prevent the DHCPv6 on WAN and the prefix delegation from occurring. Though I seem to remember that there was a bug preventing it from attempting to get a PD if there were no interfaces set to track. I believe that has been fixed though.



  • @derelict I have though as much and wonder if their is a way to reset WAN back to default like their is some request for an address that is stuck. Only ipv6 I can make work is HE tunnel. Previously native from Spectrum (TWC) was working perfectly.


  • Netgate

    I'd call Cox. Or tweet (DM) them. They seem to respond there with some knowledge.

    You might just have to let stuff expire (stop testing with laptops and routers) until they give you another lease.


  • Netgate

    @dxmaster said in IPv6 with track interface on LAN stopped working:

    I just redid my install from scratch, set lan to track, nothing checked on WAN.

    Just looking back. What do you mean nothing checked? WAN needs to be set to DHCPv6.



  • Ok, so it has been a few hours and USPS dropped off a shiny new 4 port intel nic that I threw in a spare computer and tossed a 64GB SSD in and all is well in the world. I have a feeling its something related to my unRaid servers NIC cards or something with the virtualization of pfSense within unRaid. I might toss this nic in my unRaid box and see if I can get it working with the new nic but either way, im up and running just fine on a different computer.



  • no responses were received
    reset a timer on vmx0
    send request to ff02::1:2%vmx0
    set IA_PD
    set IA_PD prefix
    set option request (len 4)
    set elapsed time (len 2)
    set identity association
    set IA address
    set server ID (len 14)
    set client ID (len 14)
    Sending Request
    So my router is requesting and I see a PD and ipv6 ip in the Logs but the last part of the log file does state no responses were received. Is their anything that could be preventing this request to go out my WAN to the ISP?

    and the send request does not seem to be a routable address is local link ff02


  • Netgate

    That is not link-local. It is multicast to ff02::1:2 (All_DHCP_Relay_Agents_and_Servers).

    https://en.wikipedia.org/wiki/DHCPv6

    Your problem is there is no response.

    In order to verify the packet is actually going out on the wire, you will have to capture on the wire itself.

    Been doing this a while and I have never seen a transmission out a port in a pcap that was not actually sent out on the wire.



  • @derelict Misconfigured on my Part or the ISP? I have installed pfsense from scratch and configured only WAN And LAN to test or verify its nothing in my configuration So clean install I still hang on WAN at boot, and no ipv6 is assigned. Only hardware is TWC modem, but its bridged. are their settings even in Bridge mode I need to be aware of?
    How else can I configure or Wipe the WAN settings back to Default?


  • Netgate

    You can't. They can either provide the information you need to configure the WAN interface or I guess it doesn't work.

    Not possible for me to try it for you because I don't have one of those connections available to test on.

    Not really sure what to recommend that hasn't already been said. You have never posted any logs that actually showed any kind of response to the DHCPv6 solicits.



  • @derelict I do appreciate you helping me sorry if I neglected to upload a log. If I debug the logfile for just DHCP this is what I capture from Solicit too Failure:
    0_1536608957165_3bf08d17-dfcb-4a94-ae53-751097ceeeaa-image.png Debug 10.0.1.254 removing server (ID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd)
    Debug 10.0.1.254 removing an event on vmx0 state=REQUEST
    Info 10.0.1.254 no responses were received
    Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=9 retrans=30729
    Debug 10.0.1.254 send request to ff02::1:2%vmx0
    Debug 10.0.1.254 set IA_PD
    Debug 10.0.1.254 set IA_PD prefix
    Debug 10.0.1.254 set option request (len 4)
    Debug 10.0.1.254 set elapsed time (len 2)
    Debug 10.0.1.254 set identity association
    Debug 10.0.1.254 set IA address
    Debug 10.0.1.254 set server ID (len 14)
    Debug 10.0.1.254 set client ID (len 18)
    Info 10.0.1.254 Sending Request
    Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=8 retrans=32136
    Debug 10.0.1.254 send request to ff02::1:2%vmx0
    Debug 10.0.1.254 set IA_PD
    Debug 10.0.1.254 set IA_PD prefix
    Debug 10.0.1.254 set option request (len 4)
    Debug 10.0.1.254 set elapsed time (len 2)
    Debug 10.0.1.254 set identity association
    Debug 10.0.1.254 set IA address
    Debug 10.0.1.254 set server ID (len 14)
    Debug 10.0.1.254 set client ID (len 18)
    Info 10.0.1.254 Sending Request
    Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=7 retrans=32529
    Debug 10.0.1.254 send request to ff02::1:2%vmx0
    Debug 10.0.1.254 set IA_PD
    Debug 10.0.1.254 set IA_PD prefix
    Debug 10.0.1.254 set option request (len 4)
    Debug 10.0.1.254 set elapsed time (len 2)
    Debug 10.0.1.254 set identity association
    Debug 10.0.1.254 set IA address
    Debug 10.0.1.254 set server ID (len 14)
    Debug 10.0.1.254 set client ID (len 18)
    Info 10.0.1.254 Sending Request
    Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=6 retrans=27864
    Debug 10.0.1.254 send request to ff02::1:2%vmx0
    Debug 10.0.1.254 set IA_PD
    Debug 10.0.1.254 set IA_PD prefix
    Debug 10.0.1.254 set option request (len 4)
    Debug 10.0.1.254 set elapsed time (len 2)
    Debug 10.0.1.254 set identity association
    Debug 10.0.1.254 set IA address
    Debug 10.0.1.254 set server ID (len 14)
    Debug 10.0.1.254 set client ID (len 18)
    Info 10.0.1.254 Sending Request
    Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=5 retrans=29423
    Debug 10.0.1.254 send request to ff02::1:2%vmx0
    Debug 10.0.1.254 set IA_PD
    Debug 10.0.1.254 set IA_PD prefix
    Debug 10.0.1.254 set option request (len 4)
    Debug 10.0.1.254 set elapsed time (len 2)
    Debug 10.0.1.254 set identity association
    Debug 10.0.1.254 set IA address
    Debug 10.0.1.254 set server ID (len 14)
    Debug 10.0.1.254 set client ID (len 18)
    Info 10.0.1.254 Sending Request
    Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=4 retrans=14139
    Debug 10.0.1.254 send request to ff02::1:2%vmx0
    Debug 10.0.1.254 set IA_PD
    Debug 10.0.1.254 set IA_PD prefix
    Debug 10.0.1.254 set option request (len 4)
    Debug 10.0.1.254 set elapsed time (len 2)
    Debug 10.0.1.254 set identity association
    Debug 10.0.1.254 set IA address
    Debug 10.0.1.254 set server ID (len 14)
    Debug 10.0.1.254 set client ID (len 18)
    Info 10.0.1.254 Sending Request
    Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=3 retrans=7426
    Debug 10.0.1.254 send request to ff02::1:2%vmx0
    Debug 10.0.1.254 set IA_PD
    Debug 10.0.1.254 set IA_PD prefix
    Debug 10.0.1.254 set option request (len 4)
    Debug 10.0.1.254 set elapsed time (len 2)
    Debug 10.0.1.254 set identity association
    Debug 10.0.1.254 set IA address
    Debug 10.0.1.254 set server ID (len 14)
    Debug 10.0.1.254 set client ID (len 18)
    Info 10.0.1.254 Sending Request
    Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=2 retrans=3731
    Debug 10.0.1.254 send request to ff02::1:2%vmx0
    Debug 10.0.1.254 set IA_PD
    Debug 10.0.1.254 set IA_PD prefix
    Debug 10.0.1.254 set option request (len 4)
    Debug 10.0.1.254 set elapsed time (len 2)
    Debug 10.0.1.254 set identity association
    Debug 10.0.1.254 set IA address
    Debug 10.0.1.254 set server ID (len 14)
    Debug 10.0.1.254 set client ID (len 18)
    Info 10.0.1.254 Sending Request
    Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=1 retrans=1873
    Debug 10.0.1.254 send request to ff02::1:2%vmx0
    Debug 10.0.1.254 set IA_PD
    Debug 10.0.1.254 set IA_PD prefix
    Debug 10.0.1.254 set option request (len 4)
    Debug 10.0.1.254 set elapsed time (len 2)
    Debug 10.0.1.254 set identity association
    Debug 10.0.1.254 set IA address
    Debug 10.0.1.254 set server ID (len 14)
    Debug 10.0.1.254 set client ID (len 18)
    Info 10.0.1.254 Sending Request
    Debug 10.0.1.254 reset a timer on vmx0 state=REQUEST timeo=0 retrans=983
    Debug 10.0.1.254 send request to ff02::1:2%vmx0
    Debug 10.0.1.254 set IA_PD
    Debug 10.0.1.254 set IA_PD prefix
    Debug 10.0.1.254 set option request (len 4)
    Debug 10.0.1.254 set elapsed time (len 2)
    Debug 10.0.1.254 set identity association
    Debug 10.0.1.254 set IA address
    Debug 10.0.1.254 set server ID (len 14)
    Debug 10.0.1.254 set client ID (len 18)
    Debug 10.0.1.254 a new XID (ddf60e) is generated
    Info 10.0.1.254 Sending Request
    Debug 10.0.1.254 server ID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd pref=255
    Debug 10.0.1.254 preference: 255
    Debug 10.0.1.254 get DHCP option preference len 1
    Debug 10.0.1.254 IA_PD prefix: 2603:9000:b501:cb00::/56 pltime=500360 vltime=500360
    Debug 10.0.1.254 get DHCP option IA_PD prefix len 25
    Debug 10.0.1.254 IA_PD: ID=0 T1=250180 T2=400288
    Debug 10.0.1.254 get DHCP option IA_PD len 41
    Debug 10.0.1.254 IA_NA address: 2603:9000:ff00:b5:420:f8c9:65a7:82d pltime=500360 vltime=500360
    Debug 10.0.1.254 get DHCP option IA address len 24
    Debug 10.0.1.254 IA_NA: ID=0 T1=250180 T2=400288
    Debug 10.0.1.254 get DHCP option identity association len 40
    Debug 10.0.1.254 DUID: 00:01:00:01:21:c2:86:9d:00:50:56:97:d7:cd
    Debug 10.0.1.254 get DHCP option server ID len 14
    Debug 10.0.1.254 DUID: 00:04:87:ae:49:01:54:64:11:cb:bb:2c:9d:4b:6c:e6:b1:0e
    Debug 10.0.1.254 get DHCP option client ID len 18
    Debug 10.0.1.254 receive advertise from fe80::2bc:60ff:fe93:1419%vmx0 on vmx0
    Debug 10.0.1.254 reset a timer on vmx0 state=SOLICIT timeo=8 retrans=117984
    Debug 10.0.1.254 send solicit to ff02::1:2%vmx0
    Debug 10.0.1.254 set IA_PD
    Debug 10.0.1.254 set IA_PD prefix
    Debug 10.0.1.254 set option request (len 4)
    Debug 10.0.1.254 set elapsed time (len 2)
    Debug 10.0.1.254 set identity association
    Debug 10.0.1.254 set client ID (len 18)
    Info 10.0.1.254 Sending Solicit



  • @derelict Finally after all this time I see this in the Logs Now:
    got an expected reply, sleeping
    so Magically all the sudden ipv6 for the moment is working.