A little help setting up a connection
-
Hi everyone,
I am new here and with pfsense. I'm trying to set up an ipv6 connection but things are a little bit confusing to me.
My ISP provides a dual stack connection. Ipv4+ipv6 dhcp with prefix delegation /64 with an Arris tg1692 cable modem. I have followed these steps:
- System > Advanced > Allow ipv6 is checked.
System > General Setup
DNS Server Settings : i have included dns6 from google.
- Interfaces > WAN > DHCP6 Client Configuration:
DHCPv6 Prefix Delegation size : 64
Do not wait for a RA: checked (this is the only way ipv6 address appears on dashboard).
Block private networks and loopback addresses and Block bogon networks are checked.
After that i can see ISP ipv6 address in Status > Interfaces, but my wan ipv6 shows "pending" in Status > Gateways tab.
- Interfaces > LAN
IPv6 Configuration Type : track interface
IPv6 Prefix ID: 0
-
Services> DHCPv6 Server & RA > LAN > Router Advertisements
Router mode: unmanaged
Router priority: highSubnets: 00:ff /64
-
Firewall > Rules > LAN
It already exists rules to pass ipv4 and ipv6 traffic.
After that my computer gets ipv6 link local address and global address with my isp prefix but i can not ping ipv6.google.com and http://ipv6-test.com/ says that my ipv6 connection is unreachable.
With my old cisco router i could pass ipv6-test with a score of 17/20.
Just need a little help to find what I am doing wrong with pfsense. Thank you!
-
@trendkill99 said in A little help setting up a connection:
Router mode: unmanaged
I have Assisted - RA flags Prefix flags.
-
Thanks for your suggestion.
The Assisted option gets me global address but no ipv6 on ipv6-test. Also I have tried Stateless but it gets the same result.
Checking Router only and Managed options doesn't get global address.
Also my gateway show "pending" in Status > Gateways
-
Are you actually getting a prefix delegation?
What is in the DHCP log if you search for IA_PD?
There is a checkbox on WAN to Start DHCP6 client in debug mode. You should check that.
-
Thanks for your suggestion.
Yes, i think and getting a prefix from my isp. My devices receives two address that starts with 2804: and one link local that starts with fe80.
I have cheked this box to start debug mode and log show this:
Last 50 DHCP Log Entries. (Maximum 50)
Aug 27 13:43:15 dhcp6c 14102 IA_NA: ID=0, T1=36000, T2=57600
Aug 27 13:43:15 dhcp6c 14102 get DHCP option status code, len 2
Aug 27 13:43:15 dhcp6c 14102 status code: success
Aug 27 13:43:15 dhcp6c 14102 get DHCP option IA address, len 24
Aug 27 13:43:15 dhcp6c 14102 IA_NA address: 2804:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx pltime=72000 vltime=86400
Aug 27 13:43:15 dhcp6c 14102 get DHCP option IA_PD, len 47
Aug 27 13:43:15 dhcp6c 14102 IA_PD: ID=0, T1=36000, T2=57600
Aug 27 13:43:15 dhcp6c 14102 get DHCP option status code, len 2
Aug 27 13:43:15 dhcp6c 14102 status code: success
Aug 27 13:43:15 dhcp6c 14102 get DHCP option IA_PD prefix, len 25
Aug 27 13:43:15 dhcp6c 14102 IA_PD prefix: 2804:xxxx:xxxx:xxxx::/64 pltime=72000 vltime=86400
Aug 27 13:43:15 dhcp6c 14102 dhcp6c Received REQUEST
Aug 27 13:43:15 dhcp6c 14102 nameserver[0] 2804:xxxx:xxxx:xxxx:xxxx:xxx:x
xxx
Aug 27 13:43:15 dhcp6c 14102 nameserver[1] 2804:xxxx:xxxx:xxxx:xxxx:xxx:xxxx
Aug 27 13:43:15 dhcp6c 14102 make an IA: PD-0
Aug 27 13:43:15 dhcp6c 14102 status code for PD-0: success
Aug 27 13:43:15 dhcp6c 14102 create a prefix 2804:xxxx:xxxx:xxxx::/64 pltime=72000, vltime=86400
Aug 27 13:43:15 dhcp6c 14102 add an address 2804:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/64 on em0
Aug 27 13:43:15 dhcp6c 14102 make an IA: NA-0
Aug 27 13:43:15 dhcp6c 14102 status code for NA-0: success
Aug 27 13:43:15 dhcp6c 14102 create an address 2804:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx pltime=72000, vltime=11721080263202132352
Aug 27 13:43:15 dhcp6c 14102 add an address 2804:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/128 on igb0
Aug 27 13:43:15 dhcp6c 14102 executes /var/etc/dhcp6c_wan_dhcp6withoutra_script.sh
Aug 27 13:43:17 dhcp6c dhcp6c REQUEST on igb0 - running rc.newwanipv6
Aug 27 13:43:17 dhcp6c 14102 script "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh" terminated
Aug 27 13:43:17 dhcp6c 14102 removing an event on igb0, state=REQUEST
Aug 27 13:43:17 dhcp6c 14102 removing server (ID: xx:xx:xx:xx:xx:xx)
Aug 27 13:43:17 dhcp6c 14102 got an expected reply, sleeping.
Aug 27 13:44:05 dhcpd Internet Systems Consortium DHCP Server 4.3.6-P1
Aug 27 13:44:05 dhcpd Copyright 2004-2018 Internet Systems Consortium.
Aug 27 13:44:05 dhcpd All rights reserved.
Aug 27 13:44:05 dhcpd For info, please visit https://www.isc.org/software/dhcp/
Aug 27 13:44:05 dhcpd Config file: /etc/dhcpd.conf
Aug 27 13:44:05 dhcpd Database file: /var/db/dhcpd.leases
Aug 27 13:44:05 dhcpd PID file: /var/run/dhcpd.pid
Aug 27 13:44:05 dhcpd Internet Systems Consortium DHCP Server 4.3.6-P1
Aug 27 13:44:05 dhcpd Copyright 2004-2018 Internet Systems Consortium.
Aug 27 13:44:05 dhcpd All rights reserved.
Aug 27 13:44:05 dhcpd For info, please visit https://www.isc.org/software/dhcp/
Aug 27 13:44:05 dhcpd Wrote 0 deleted host decls to leases file.
Aug 27 13:44:05 dhcpd Wrote 0 new dynamic host decls to leases file.
Aug 27 13:44:05 dhcpd Wrote 3 leases to leases file.
Aug 27 13:44:05 dhcpd Listening on BPF/em0/xx:xx:xx:xx:xx:xx/192.168.1.0/24
Aug 27 13:44:05 dhcpd Sending on BPF/em0/xx:xx:xx:xx:xx:xx/192.168.1.0/24
Aug 27 13:44:05 dhcpd Sending on Socket/fallback/fallback-net
Aug 27 13:44:05 dhcpd Server starting service.
Aug 27 13:45:03 dhcpd DHCPDISCOVER from xx:xx:xx:xx:xx:xx via em0
Aug 27 13:45:03 dhcpd DHCPOFFER on 192.168.1.12 to xx:xx:xx:xx:xx:xx via em0
Aug 27 13:45:03 dhcpd DHCPREQUEST for 192.168.1.12 (192.168.1.1) from xx:xx:xx:xx:xx:xx via em0
Aug 27 13:45:03 dhcpd DHCPACK on 192.168.1.12 to xx:xx:xx:xx:xx:xx via em0 -
OK that looks fine. Looks like em0 is LAN and igb0 is WAN.
Do the IPv6 settings on the interfaces in Status > Interfaces match those logs?
What is your IPv6 default gateway? Note that the default gateway is obtained using a router solicitation/advertisement. It is not assigned via DHCP6 like IPv4 is. What is the whole entry in Status > Gateways for the IPv6 on that interface?
-
Yes. Em0 is my LAN and igb0 is my WAN.
Status > Interfaces shows me the address designed to these interfaces. I am new to this thing but it seems correct.
I don't know what is my default gateway. In Status > Gateways shows only that ipv6 gateway is "pending".
Do I have to check "Send IPv6 prefix hint" in dhcp6 client configuration?
-
What are the actual contents of the entire pending gateway line?
A pending gateway will work. My he.net tunnel shows a pending gateway and it works fine.
-
Name: WAN_DHCP6
Gateway: dynamic
Monitor:
RTT: Pending
LOSS: Pending
Status: Pending
Description: Interface WAN_DHCP6 Gateway -
Looks like you are not getting a Router Advertisement. Not sure. What is the output of
netstat -rnfinet6??Particularly interested in the
defaultline. -
@derelict said in A little help setting up a connection:
netstat -rnfinet6
This command show this table:
(/assets/uploads/files/1535461707419-print.jpg) -
@trendkill99 said in A little help setting up a connection:
No default line ....
It should look like this :
[2.x.y-RELEASE][admin@pfsense.b**-h***-f*****.net]/root: netstat -rnfinet6 Routing tables Internet6: Destination Gateway Flags Netif Expire default 2001:470:****:5c0::1 UGS gif0 ::1 link#4 UH lo0 2001:470:****:5c0::1 link#8 UH gif0 2001:470:****:5c0::2 link#8 UHS lo0 2001:470:****:5c0::/64 link#3 U fxp0 2001:470:****:5c0:2::1 link#3 UHS lo0 2001:470:****:2::/64 link#9 U ovpns1 2001:470:****:2::1 link#9 UHS lo0 fe80::%rl0/64 link#1 U rl0 fe80::2e0:4cff:fe80:4b18%rl0 link#1 UHS lo0 fe80::%sis0/64 link#2 U sis0 fe80::20f:b5ff:fefe:4ee7%sis0 link#2 UHS lo0 fe80::%fxp0/64 link#3 U fxp0 fe80::212:3fff:feb3:5875%fxp0 link#3 UHS lo0 fe80::%lo0/64 link#4 U lo0 fe80::1%lo0 link#4 UHS lo0 fe80::%gif0/64 link#8 U gif0 fe80::2e0:4cff:fe80:4b18%gif0 link#8 UHS lo0 fe80::%ovpns1/64 link#9 U ovpns1 fe80::2e0:4cff:fe80:4b18%ovpns1 link#9 UHS lo0 -
Thanks for your reply. In this case what should i do ?
-
My IPv6 is more a static setup - and rather special because of the usage of a GIF interface (whatever that my be ... but it works).
Yours is a more basic DHCP version IPv6 - so, IP's, DNS and gateway are assigned to you by your ISP, although every ISP does things "somewhat different".Something - I can't detail more - isn't functioning right .... the default route is assigned for some reason.
-
But my previous cisco router (rv340) worked with this cable modem (arris tg1692). At certain point the router loses ipv6 connection and needed a reboot to bring back ipv6 connectivity.
In my case, is there a way to pfsense send router solicitation to my cable modem ?
-
So the Cisco didn't really work either. That points upstream.
You will probably have to capture traffic on the WAN and become one with looking at IPv6 router solicitations and advertisements so you can go back to the ISP and tell them what's what.
They should be periodically advertising a default route that your WAN interface would pick up on and should respond to the solicitations that should be periodically going out WAN.
https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol
-
@gertjan said in A little help setting up a connection:
Yours is a more basic DHCP version IPv6 - so, IP's, DNS and gateway are assigned to you by your ISP
Gateways are never assigned by DHCPv6. They are found using NDP.
-
Cisco work for 2-3 days then go down. After a reboot the ipv6 comes back.
There is no chance to get support from my isp. Is there a way to do this using pfsense?
I have tried this solution https://forum.netgate.com/topic/40344/how-to-bring-interface-up-from-pfsense-commandline/7 but with no success.
-
Again, this works in pfSense if the ISP does what it is supposed to be doing, as is evidenced by at least my DHCP6 connection to Cox that pretty much never goes down and countless others.
I would packet capture on WAN for IPv6 for a while (set 100000 packets or something), pull it into Wireshark and see what's there.
-
I did the packet capture on my wan interface. I have opened the .cap file but there is no ipv6 packets.
When I capture any traffic it returns a lot of stuff.