Can't get IPv6 address on WAN (Comcast)



  • Hi,

    I found a number of similar posts, but none that seemed to experience my problems. I have a Comcast internet connectivity, and while IPv4 works just fine, I can not seem to get IPv6 running. I enabled IPv6 with DHCP6 on the WAN interface. But, I only get the link local IPv6 address, not the one I'd expect from upstream. I see a number of errors in dhcpd.log, neither of which I could find any solution for:

    Jul 2 11:39:25 yggdrasil dhcp6c[79024]: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Jul 2 11:39:25 yggdrasil dhcp6c[79024]: failed initialize control message authentication
    Jul 2 11:39:25 yggdrasil dhcp6c[79024]: skip opening control port
    Jul 2 11:39:25 yggdrasil dhcp6c[79024]: /var/etc/dhcp6c_wan.conf:3 IA_PD (0) is not defined
    Jul 2 11:39:25 yggdrasil dhcp6c[79024]: failed to parse configuration file
    Jul 2 12:50:58 yggdrasil dhclient[39455]: connection closed
    Jul 2 12:50:58 yggdrasil dhclient[39455]: exiting.

    My /var/etc/dhcp6c_wan.conf is as follows (I did not manually edit this at all):

    interface igb0 {
    send ia-na 0; # request stateful address
    send ia-pd 0; # request prefix delegation
    request domain-name-servers;
    request domain-name;
    script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
    };
    id-assoc na 0 { };

    Question: is there something missing in the id-assoc na 0 line ?

    The file /usr/local/etc/dhcp6cctlkey does not exist, and I have no idea what I should put in there :). ifconfig shows (slightly edited, removing private information):

    [2.4.3-RELEASE][admin@yggdrasil.ogre.com]/var/log: ifconfig -a
    igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
    ether xx:xx:xx:xx:xx:xx
    hwaddr xx:xx:xx:xx:xx:xx
    inet6 fe80::208:xxxx:xxxx:xxxx%igb0 prefixlen 64 scopeid 0x1
    inet x.x.x.x netmask 0xfffffe00 broadcast 255.255.255.255
    nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active

    I've tried with "Use IPv4 connectivity as parent interface" both enabled and disabled, but seems to make no difference. Enabling dhcp6 debug, I get

    Jul 2 13:09:12 yggdrasil dhcp6c[799]: extracted an existing DUID from /var/db/dhcp6c_duid: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: failed initialize control message authentication
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: skip opening control port
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>[interface] (9)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <5>[igb0] (4)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>begin of closure [{] (1)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>[send] (4)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>[ia-na] (5)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>[0] (1)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>end of sentence [;] (1)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>comment [# request stateful address] (26)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>[send] (4)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>[ia-pd] (5)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>[0] (1)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>end of sentence [;] (1)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>comment [# request prefix delegation] (27)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>[request] (7)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>[domain-name-servers] (19)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>end of sentence [;] (1)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>[request] (7)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>[domain-name] (11)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>end of sentence [;] (1)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>[script] (6)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>end of sentence [;] (1)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>comment [# we'd like some nameservers please] (35)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>end of closure [}] (1)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>end of sentence [;] (1)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>[id-assoc] (8)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <13>[na] (2)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <13>[0] (1)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <13>begin of closure [{] (1)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>end of closure [}] (1)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: <3>end of sentence [;] (1)
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: called
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: /var/etc/dhcp6c_wan.conf:3 IA_PD (0) is not defined
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: called
    Jul 2 13:09:12 yggdrasil dhcp6c[799]: failed to parse configuration file

    Second question: Am I supposed to create an IPv6 WAN Gateway in the Routing setup? I tried that as well, with and without an IPv6 WAN gateway, but seemed to make no difference (and, now I can't delete it, but I can disable it).

    Any help / tips much appreciated!

    Thanks,

    -- Leif



  • Small update, while fiddling with all these things, I noticed that if I put the modem in router mode (so it NATs etc.), then pfSense can successfully get a correct IPv6. But back in bridge mode, where pfSense talks directly to the Comcast DHCP6 servers, it fails.



  • I've run into some similar difficulty. Make sure that your LAN is set to track your WAN IPV6. If I understand correctly, that's needed for the dhcp6 config to parse correctly.
    I'd also recommend setting a manual request for a prefix delegation of /60 (it works for me on comcast). You might need to delete the file /var/db/dhcp6c_duid before making the change to get it to work. See this thread.
    https://forum.netgate.com/topic/87190/how-to-release-renew-dhcp6-ipv6-to-move-from-64-60/7



  • I would think you'd still get a /128 global address for the WAN interface itself, but maybe I'm wrong... regardless, if you're using DHCPv6 to get a prefix, you need to have a LAN or other interface that is tracking WAN in order for the prefix to actually be obtained. Maybe that also applies to the WAN global address.

    BTW, you don't need to delete the DUID file anymore. You can actually adjust the DUID setting in System > Advanced > Networking, assuming you're running a newer version of pfSense. Just increase the time value a few seconds to create a different DUID and Comcast's servers will respond accordingly. The old DUID will eventually expire out of their systems after a week. In fact, pfSense might just re-create the DUID file with the same DUID if you don't change the setting.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy