IPv6 no longer working after updating to 2.4.4
-
Hi all,
As the title says, my IPv6 connectivity has stopped since updating to 2.4.4. What's strange is pfSense is able to obtain an address on both the WAN and LAN side, but it's not assigning an address to any clients.
If you take a look at this below, you can see what I mean:
I even went as far as disabling IPv6 from my ISP and using a Hurricane Electric tunnel, though I'm not really sure what I expected as it seems to be an issue with the DHCP server on pfSense.
Any way anyone can help troubleshoot this? I looked at the logs for DHCP but most of it seems to be for v4 and very little to do with v6.
Thanks for any help!
-
why would you look at dhcp? Did you mean to dhcpV6.. are you running that? It sure is not required for ipv6 to function..
-
By looking at DHCP I mean in System Logs, there is the DHCP section. Is that not where it shows information related to this?
I do have DHCPv6 Server running because I had previously been assigning static addresses for certain clients.
-
What type of hardware (real or virtual) setup is this?
Does IPv6 connectivity work from the firewall, but not client behind the firewall?
Do you have an IPv6 gateway configured as default for IPv6 (System > Routing), and is it showing under Diagnostics > Routes?
Do clients on the LAN obtain an IPv6 address?
-
@jimp said in IPv6 no longer working after updating to 2.4.4:
What type of hardware (real or virtual) setup is this?
This is a bare metal setup
Does IPv6 connectivity work from the firewall, but not client behind the firewall?
What's strange is when I was playing around with it the other day I was able to ping6 hosts from the firewall itself. Today that doesn't seem to be the case, despite having an address assigned to it.
Do you have an IPv6 gateway configured as default for IPv6 (System > Routing), and is it showing under Diagnostics > Routes?
Yes, and yes..
Do clients on the LAN obtain an IPv6 address?
No, which seems to be the main problem. What's strange is after my last post a few minutes ago under Interaces -> LAN, I turned IPv6 connectivity to none and then back to Track Interface and for about 30 seconds I was assigned an address on my computer, but it's now gone.
Thanks for your assistance!
-
If you are on Track Interface, you actually need to save and apply on WAN for it to reapply an address obtained from DHCPv6 on WAN.
That should also trigger the other parts to reconfigure.
You can set the DHCPv6 client to log more verbosely by putting it into debug mode, also on the WAN settings. Then check the DHCP log tab for errors.
-
Hmmmm, that didn't seem to do the trick. Tried saving and applying from the WAN page but still no ability to access any IPv6 from the firewall and no address assigned to clients.
I also enabled debug mode, but nothing really stands out in the DHCP log tab. Is there any way to get it to show more entries that the default? Can I filter out v6 entries only?
-
If you filter that log for anything from
dhcp6c
it should show you quite a bit in debug mode. You'll need to increase the amount of lines it shows quite a bit, I'd set it up to 250 at least to be sure. -
Ahh I got it now!
Does anything in this log look out of the ordinary?
Oct 1 14:10:40 dhcp6c 45170 got an expected reply, sleeping. Oct 1 14:10:40 dhcp6c 45170 removing server (ID: 00:01:00:01:16:72:7a:51:00:14:4f:f1:32:d1) Oct 1 14:10:40 dhcp6c 45170 removing an event on re1, state=REQUEST Oct 1 14:10:40 dhcp6c 45170 script "/var/etc/dhcp6c_wan_script.sh" terminated Oct 1 14:10:40 dhcp6c dhcp6c REQUEST on re1 - running rc.newwanipv6 Oct 1 14:10:33 dhcp6c 45170 executes /var/etc/dhcp6c_wan_script.sh Oct 1 14:10:33 dhcp6c 45170 add an address 2607:f798:xxxxxx on re1 Oct 1 14:10:33 dhcp6c 45170 create an address 2607:f798:xxxxx pltime=169472, vltime=7855461924157861248 Oct 1 14:10:33 dhcp6c 45170 make an IA: NA-0 Oct 1 14:10:33 dhcp6c 45170 add an address 2607:fea8:5b00:xxxx/64 on re0 Oct 1 14:10:33 dhcp6c 45170 create a prefix 2607:fea8:5b00:xxxx::/64 pltime=169472, vltime=601472 Oct 1 14:10:33 dhcp6c 45170 make an IA: PD-0 Oct 1 14:10:33 dhcp6c 45170 nameserver[1] 2607:f798:18:10:0:640:7125:5198 Oct 1 14:10:33 dhcp6c 45170 nameserver[0] 2607:f798:18:10:0:640:7125:5204 Oct 1 14:10:33 dhcp6c 45170 dhcp6c Received REQUEST Oct 1 14:10:33 dhcp6c 45170 get DHCP option DNS, len 32 Oct 1 14:10:33 dhcp6c 45170 IA_PD prefix: 2607:fea8:5b00:xxxx::/64 pltime=169472 vltime=601472 Oct 1 14:10:33 dhcp6c 45170 get DHCP option IA_PD prefix, len 25 Oct 1 14:10:33 dhcp6c 45170 IA_PD: ID=0, T1=84736, T2=135577 Oct 1 14:10:33 dhcp6c 45170 get DHCP option IA_PD, len 41 Oct 1 14:10:33 dhcp6c 45170 IA_NA address: 2607:f798:xxxxxxx pltime=169472 vltime=601472 Oct 1 14:10:33 dhcp6c 45170 get DHCP option IA address, len 24 Oct 1 14:10:33 dhcp6c 45170 IA_NA: ID=0, T1=84736, T2=135577 Oct 1 14:10:33 dhcp6c 45170 get DHCP option identity association, len 40 Oct 1 14:10:33 dhcp6c 45170 DUID: 00:01:00:01:16:72:7a:51:00:14:4f:f1:32:d1 Oct 1 14:10:33 dhcp6c 45170 get DHCP option server ID, len 14 Oct 1 14:10:33 dhcp6c 45170 DUID: 00:01:00:01:22:cf:8e:04:7c:8b:ca:00:ef:46 Oct 1 14:10:33 dhcp6c 45170 get DHCP option client ID, len 14 Oct 1 14:10:33 dhcp6c 45170 receive reply from fe80::217:10ff:fe90:e80b%re1 on re1 Oct 1 14:10:33 dhcp6c 45170 reset a timer on re1, state=REQUEST, timeo=0, retrans=909 Oct 1 14:10:33 dhcp6c 45170 send request to ff02::1:2%re1 Oct 1 14:10:33 dhcp6c 45170 set IA_PD Oct 1 14:10:33 dhcp6c 45170 set IA_PD prefix Oct 1 14:10:33 dhcp6c 45170 set option request (len 4) Oct 1 14:10:33 dhcp6c 45170 set elapsed time (len 2) Oct 1 14:10:33 dhcp6c 45170 set identity association Oct 1 14:10:33 dhcp6c 45170 set IA address Oct 1 14:10:33 dhcp6c 45170 set server ID (len 14) Oct 1 14:10:33 dhcp6c 45170 set client ID (len 14) Oct 1 14:10:33 dhcp6c 45170 a new XID (ec6766) is generated Oct 1 14:10:33 dhcp6c 45170 Sending Request Oct 1 14:10:33 dhcp6c 45170 picked a server (ID: 00:01:00:01:16:72:7a:51:00:14:4f:f1:32:d1) Oct 1 14:10:32 dhcp6c 45170 reset timer for re1 to 0.984332 Oct 1 14:10:32 dhcp6c 45170 server ID: 00:01:00:01:16:72:7a:51:00:14:4f:f1:32:d1, pref=-1 Oct 1 14:10:32 dhcp6c 45170 get DHCP option DNS, len 32 Oct 1 14:10:32 dhcp6c 45170 IA_PD prefix: 2607:fea8:5b00:xxxx::/64 pltime=169473 vltime=601473 Oct 1 14:10:32 dhcp6c 45170 get DHCP option IA_PD prefix, len 25 Oct 1 14:10:32 dhcp6c 45170 IA_PD: ID=0, T1=84736, T2=135578 Oct 1 14:10:32 dhcp6c 45170 get DHCP option IA_PD, len 41 Oct 1 14:10:32 dhcp6c 45170 IA_NA address: 2607:f798:xxxxx pltime=169473 vltime=601473 Oct 1 14:10:32 dhcp6c 45170 get DHCP option IA address, len 24 Oct 1 14:10:32 dhcp6c 45170 IA_NA: ID=0, T1=84736, T2=135578 Oct 1 14:10:32 dhcp6c 45170 get DHCP option identity association, len 40 Oct 1 14:10:32 dhcp6c 45170 DUID: 00:01:00:01:16:72:7a:51:00:14:4f:f1:32:d1 Oct 1 14:10:32 dhcp6c 45170 get DHCP option server ID, len 14 Oct 1 14:10:32 dhcp6c 45170 DUID: 00:01:00:01:22:cf:8e:04:7c:8b:ca:00:ef:46 Oct 1 14:10:32 dhcp6c 45170 get DHCP option client ID, len 14 Oct 1 14:10:32 dhcp6c 45170 receive advertise from fe80::217:10ff:fe90:e80b%re1 on re1 Oct 1 14:10:32 dhcp6c 45170 reset a timer on re1, state=SOLICIT, timeo=0, retrans=1091 Oct 1 14:10:32 dhcp6c 45170 send solicit to ff02::1:2%re1 Oct 1 14:10:32 dhcp6c 45170 set IA_PD Oct 1 14:10:32 dhcp6c 45170 set IA_PD prefix Oct 1 14:10:32 dhcp6c 45170 set option request (len 4) Oct 1 14:10:32 dhcp6c 45170 set elapsed time (len 2) Oct 1 14:10:32 dhcp6c 45170 set identity association Oct 1 14:10:32 dhcp6c 45170 set client ID (len 14) Oct 1 14:10:32 dhcp6c 45170 a new XID (e94bae) is generated Oct 1 14:10:32 dhcp6c 45170 Sending Solicit Oct 1 14:10:32 dhcp6c 45170 reset a timer on re1, state=INIT, timeo=0, retrans=891 Oct 1 14:10:32 dhcp6c 44680 called Oct 1 14:10:32 dhcp6c 44680 called Oct 1 14:10:32 dhcp6c 44680 <3>end of sentence [;] (1) Oct 1 14:10:32 dhcp6c 44680 <3>end of closure [}] (1) Oct 1 14:10:32 dhcp6c 44680 <3>end of sentence [;] (1) Oct 1 14:10:32 dhcp6c 44680 <3>end of closure [}] (1) Oct 1 14:10:32 dhcp6c 44680 <3>end of sentence [;] (1) Oct 1 14:10:32 dhcp6c 44680 <3>[0] (1) Oct 1 14:10:32 dhcp6c 44680 <3>[sla-len] (7) Oct 1 14:10:32 dhcp6c 44680 <3>end of sentence [;] (1) Oct 1 14:10:32 dhcp6c 44680 <3>[0] (1) Oct 1 14:10:32 dhcp6c 44680 <3>[sla-id] (6) Oct 1 14:10:32 dhcp6c 44680 <3>begin of closure [{] (1) Oct 1 14:10:32 dhcp6c 44680 <5>[re0] (3) Oct 1 14:10:32 dhcp6c 44680 <3>[prefix-interface] (16) Oct 1 14:10:32 dhcp6c 44680 <3>end of sentence [;] (1) Oct 1 14:10:32 dhcp6c 44680 <3>[infinity] (8) Oct 1 14:10:32 dhcp6c 44680 <3>[64] (2) Oct 1 14:10:32 dhcp6c 44680 <3>[/] (1) Oct 1 14:10:32 dhcp6c 44680 <3>[::] (2) Oct 1 14:10:32 dhcp6c 44680 <3>[prefix] (6) Oct 1 14:10:32 dhcp6c 44680 <13>begin of closure [{] (1) Oct 1 14:10:32 dhcp6c 44680 <13>[0] (1) Oct 1 14:10:32 dhcp6c 44680 <13>[pd] (2) Oct 1 14:10:32 dhcp6c 44680 <3>[id-assoc] (8) Oct 1 14:10:32 dhcp6c 44680 <3>end of sentence [;] (1) Oct 1 14:10:32 dhcp6c 44680 <3>end of closure [}] (1) Oct 1 14:10:32 dhcp6c 44680 <13>begin of closure [{] (1) Oct 1 14:10:32 dhcp6c 44680 <13>[0] (1) Oct 1 14:10:32 dhcp6c 44680 <13>[na] (2) Oct 1 14:10:32 dhcp6c 44680 <3>[id-assoc] (8) Oct 1 14:10:32 dhcp6c 44680 <3>end of sentence [;] (1) Oct 1 14:10:32 dhcp6c 44680 <3>end of closure [}] (1) Oct 1 14:10:32 dhcp6c 44680 <3>comment [# we'd like some nameservers please] (35) Oct 1 14:10:32 dhcp6c 44680 <3>end of sentence [;] (1) Oct 1 14:10:32 dhcp6c 44680 <3>["/var/etc/dhcp6c_wan_script.sh"] (31) Oct 1 14:10:32 dhcp6c 44680 <3>[script] (6) Oct 1 14:10:32 dhcp6c 44680 <3>end of sentence [;] (1) Oct 1 14:10:32 dhcp6c 44680 <3>[domain-name] (11) Oct 1 14:10:32 dhcp6c 44680 <3>[request] (7) Oct 1 14:10:32 dhcp6c 44680 <3>end of sentence [;] (1) Oct 1 14:10:32 dhcp6c 44680 <3>[domain-name-servers] (19) Oct 1 14:10:32 dhcp6c 44680 <3>[request] (7) Oct 1 14:10:32 dhcp6c 44680 <3>comment [# request prefix delegation] (27) Oct 1 14:10:32 dhcp6c 44680 <3>end of sentence [;] (1) Oct 1 14:10:32 dhcp6c 44680 <3>[0] (1) Oct 1 14:10:32 dhcp6c 44680 <3>[ia-pd] (5) Oct 1 14:10:32 dhcp6c 44680 <3>[send] (4) Oct 1 14:10:32 dhcp6c 44680 <3>comment [# request stateful address] (26) Oct 1 14:10:32 dhcp6c 44680 <3>end of sentence [;] (1) Oct 1 14:10:32 dhcp6c 44680 <3>[0] (1) Oct 1 14:10:32 dhcp6c 44680 <3>[ia-na] (5) Oct 1 14:10:32 dhcp6c 44680 <3>[send] (4) Oct 1 14:10:32 dhcp6c 44680 <3>begin of closure [{] (1) Oct 1 14:10:32 dhcp6c 44680 <5>[re1] (3) Oct 1 14:10:32 dhcp6c 44680 <3>[interface] (9) Oct 1 14:10:32 dhcp6c 44680 skip opening control port Oct 1 14:10:32 dhcp6c 44680 failed initialize control message authentication Oct 1 14:10:32 dhcp6c 44680 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory Oct 1 14:10:32 dhcp6c 44680 extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:22:cf:8e:04:7c:8b:ca:00:ef:46 Oct 1 14:08:50 dhcp6c 67928 failed to parse configuration file Oct 1 14:08:50 dhcp6c 67928 called Oct 1 14:08:50 dhcp6c 67928 /var/etc/dhcp6c_wan.conf:3 IA_PD (0) is not defined Oct 1 14:08:50 dhcp6c 67928 called Oct 1 14:08:50 dhcp6c 67928 <3>end of sentence [;] (1) Oct 1 14:08:50 dhcp6c 67928 <3>end of closure [}] (1) Oct 1 14:08:50 dhcp6c 67928 <13>begin of closure [{] (1) Oct 1 14:08:50 dhcp6c 67928 <13>[0] (1) Oct 1 14:08:50 dhcp6c 67928 <13>[na] (2) Oct 1 14:08:50 dhcp6c 67928 <3>[id-assoc] (8) Oct 1 14:08:50 dhcp6c 67928 <3>end of sentence [;] (1) Oct 1 14:08:50 dhcp6c 67928 <3>end of closure [}] (1) Oct 1 14:08:50 dhcp6c 67928 <3>comment [# we'd like some nameservers please] (35) Oct 1 14:08:50 dhcp6c 67928 <3>end of sentence [;] (1) Oct 1 14:08:50 dhcp6c 67928 <3>["/var/etc/dhcp6c_wan_script.sh"] (31) Oct 1 14:08:50 dhcp6c 67928 <3>[script] (6) Oct 1 14:08:50 dhcp6c 67928 <3>end of sentence [;] (1) Oct 1 14:08:50 dhcp6c 67928 <3>[domain-name] (11) Oct 1 14:08:50 dhcp6c 67928 <3>[request] (7) Oct 1 14:08:50 dhcp6c 67928 <3>end of sentence [;] (1) Oct 1 14:08:50 dhcp6c 67928 <3>[domain-name-servers] (19) Oct 1 14:08:50 dhcp6c 67928 <3>[request] (7) Oct 1 14:08:50 dhcp6c 67928 <3>comment [# request prefix delegation] (27) Oct 1 14:08:50 dhcp6c 67928 <3>end of sentence [;] (1) Oct 1 14:08:50 dhcp6c 67928 <3>[0] (1) Oct 1 14:08:50 dhcp6c 67928 <3>[ia-pd] (5) Oct 1 14:08:50 dhcp6c 67928 <3>[send] (4) Oct 1 14:08:50 dhcp6c 67928 <3>comment [# request stateful address] (26) Oct 1 14:08:50 dhcp6c 67928 <3>end of sentence [;] (1) Oct 1 14:08:50 dhcp6c 67928 <3>[0] (1) Oct 1 14:08:50 dhcp6c 67928 <3>[ia-na] (5) Oct 1 14:08:50 dhcp6c 67928 <3>[send] (4) Oct 1 14:08:50 dhcp6c 67928 <3>begin of closure [{] (1) Oct 1 14:08:50 dhcp6c 67928 <5>[re1] (3) Oct 1 14:08:50 dhcp6c 67928 <3>[interface] (9) Oct 1 14:08:50 dhcp6c 67928 skip opening control port Oct 1 14:08:50 dhcp6c 67928 failed initialize control message authentication Oct 1 14:08:50 dhcp6c 67928 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory Oct 1 14:08:50 dhcp6c 67928 extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:22:cf:8e:04:7c:8b:ca:00:ef:46
-
Tried once again to change LAN connection type from Track Interface -> None -> Track Interface and once again IPv6 was working for less than a minute.
Checked logs around that timestamp and nothing was going on except for Status -> System Logs -> 'Systems' tab -> 'Routing' tab shows a message:
prefix length should be 64 for re1
In Interfaces -> WAN it is set to request a /64.
-
So I decided to reinstall 2.4.4 from scratch. IPv6 worked as expected. I restored from a backup and it started misbehaving again.
Reset to factory defaults and it's working again.
Frustrating that I have to configure everything manually again, but at least IPv6 works now.
-
If that is the case then it stands to reason that it's a problem with your configuration and not 2.4.4 in general. It could still be a bug, but one triggered only by your specific combination of environment+settings.
Isolate your interface settings that are different vs a stock install and put them back one by one until it breaks.
-
What's frustrating is it did this when I originally did an upgrade to 2.4.3, so I ended up doing a fresh install of 2.4.3 and re-configuring everything.
Obviously something was wrong with the configuration, but not sure why after a fresh install and configuration, any updates to pfSense seems to break IPv6.
Thanks for your assistance earlier in any case.
-
@xero9 i had similar problems changing from 2.4.3_1 to 2.4.4. the way to migrate is the one i always use: backup the configuration, clean installation and then restore the configuration. i found different problems in three different installations in three different environments, one in bare metal and two in virtual environments based on xen.
i reported it as a bug and i was asked to report it in this forum. it was also mentioned that it was environment + settings, that is nothing.
i have reconstructed the configuration step by step manually, parameter by parameter until arriving at an exact configuration to those i had in 2.4.3_1 and everything works again.
my conclusion is that something is broken in the backup and restore mechanism by xml file. that method is breaking random configurations in different environments.
i have the configurations working for several years in different environments, it is the first time something like this happens when changing the version using the xml file.
and it is the first time that i have to reconstruct by hand all the configurations, a terrible job.
i repeat that there are no differences between the configurations, i have checked it.
i insist that it is an error in the backup - restore mechanism using the xml file.
-
@fabianburpf
Thanks for the response fabianburpf!Good to know I’m not going crazy and I’m not the only one.
I would test a theory but everything is working as it should now, so I don’t want to mess with it, but today I “broke” my IPv6 again, but it wasn’t really my fault. The DHCPv6 service wasn’t handing out ips to all of my systems and static addressing wasn’t working so I was looking deeper in to it and I think previously I had set RA to Managed and because I had an incorrect DUID (there was a space instead of a : in an entry) it was causing the DHCP server to not run.
I’m wondering now if I restore using the XML file if it would break entirely again or not but based on your experience I’ll just stick with things the way they are.
-
Confirmed. I also had issues with my firewall after upgrading to 2.4.4.
After the upgrade the firewall and restoring my config the firewall gui would freeze after a while, rendering internet connectivity unavailable. I also needed to start from scratch to overcome the problems. I was thinking that the problems could be related to the gateway monitoring feature but wasn't able to confirm that. -
I have just pressed the button to upgrade to 2.4.4 and also experienced problems with IPv6 stopping working.
- SLAAC on the LAN interface was still working - hosts were still getting IPv6 addresses
- My IPv6 tunnel was still displaying a link-local IPv6 address
- But IPv6 connectivity had stopped working. I was unable to ping an IPv6 internet host from the Diagnostics -> Ping page
I suspect the problem with was that the default IPv6 route stopping working but I had to get back up and running in a hurry, so my solution was to get hold of a copy of 2.3.5, re-install and restore a backup of the configuration.
-
Sorry for the late reply!
Hmmm that doesn't seem like the same problem I was having. I eventually figured it out and it seemed to be an issue with one of the DUIDs was invalid (too many colons in it I think) and it was causing DHCP6c to stop working when I put Router Mode set to Managed.
I just happened to stumble upon it in the system logs somewhere.
Sorry I can't be of more help!
-
@xero9 Thanks for replying. Maybe I should try upgrading again at some point.
-
I have exactly the same issue. SLAAC on the PPPoE WAN interface seems to work, but I can't ping6 any host on the internet. Also, clients seem to not getting RA's. But before 2.4.4 I was able to ping6 google.com when I logged in to pfSense via SSH. Don't have a solution unfortunately.