Getting new IPv6 prefix

JKnott · Feb 4, 2019, 8:08 PM

When I first started using pfSense, there was a problem where something as simple as disconnecting and reconnecting the WAN port from the modem would release the prefix and get a new one. Now, when I want to do that, I can't. I have turned off the option to not release the prefix, but it still doesn't release. I have also tried deleting the dhcp6c_duid file and rebooting, but no luck. Any ideas?

BTW, the reason I want to do this is my ISP has developed a routing problem for my current prefix, and I'm hoping a new prefix will fix the problem. I have verified with my ISPs 2nd level support that there is a routing problem, but the people who are responsible for the network don't seem to be interested in fixing it.

Derelict · Feb 4, 2019, 8:32 PM

Did you save the DUID in System > Advanced, Networking??

Try changing the time field there (if it's the default DUID style.) The output of date +'%s' is a good choice.

JKnott · Feb 4, 2019, 8:39 PM

At the moment, it's raw DUID. Are you suggesting I change that to DUID-LLT?

Derelict · Feb 4, 2019, 8:40 PM

Depends on the ISP, I suppose. If it's saved it should be changed there though.

JKnott · Feb 4, 2019, 8:43 PM

I'll try DUID-LLT. I have saved the original dhcpc6_duid file.

JKnott · Feb 4, 2019, 8:49 PM

Changing the DUID type and rebooting did not change my prefix.

Derelict · Feb 4, 2019, 9:05 PM

Sounds like an ISP problem. Does the dhcp6c log show you sending the new DUID and them sending the same thing?

Guarantee if I was to change mine I'd get a new PD from Cox.

JKnott · Feb 4, 2019, 9:17 PM

Where is that log? I don't see it in /var/log or /var/db.

Derelict · Feb 4, 2019, 9:20 PM

It's in Status > System Logs, DHCP. Filter on process dhcp6c.

Be sure debug logs are enabled in the dhcp6 section on Interfaces > WAN. They can just be left enabled. It's not a lot of additional logging but it's valuable.

JKnott · Feb 4, 2019, 9:39 PM

Here's what they show.

Feb 4 16:34:49 dhcp6c 481 Sending Solicit
Feb 4 16:34:49 dhcp6c 481 set client ID (len 14)
Feb 4 16:34:49 dhcp6c 481 set elapsed time (len 2)
Feb 4 16:34:49 dhcp6c 481 set option request (len 4)
Feb 4 16:34:49 dhcp6c 481 set IA_PD prefix
Feb 4 16:34:49 dhcp6c 481 set IA_PD

That doesn't tell me much, so I'll have to fire up Wireshark.

It's really annoying that my prefix changed when I didn't want it to and doesn't when I do.

Derelict · Feb 4, 2019, 9:48 PM

That doesn't look like debug is enabled. It will show the DUID sent, etc.

JKnott · Feb 4, 2019, 10:14 PM

@derelict

The only debug item I see on the WAN page is "Start DHCP6 client in debug mode", which is enabled.

Derelict · Feb 5, 2019, 1:54 AM

Then you should have more descriptive output there,

JKnott · Feb 5, 2019, 1:54 AM

@derelict

Tried again:
Feb 4 20:48:06 dhcp6c 481 IA_PD: ID=0, T1=0, T2=0
Feb 4 20:48:06 dhcp6c 481 get DHCP option status code, len 56
Feb 4 20:48:06 dhcp6c 481 status code: no prefixes
Feb 4 20:48:06 dhcp6c 481 get DHCP option DNS, len 32
Feb 4 20:48:06 dhcp6c 481 dhcp6c Received REQUEST
Feb 4 20:48:06 dhcp6c 481 nameserver[0] 2607:f798:18:10:0:640:7125:5204
Feb 4 20:48:06 dhcp6c 481 nameserver[1] 2607:f798:18:10:0:640:7125:5198
Feb 4 20:48:06 dhcp6c 481 make an IA: PD-0
Feb 4 20:48:06 dhcp6c 481 status code for PD-0: no prefixes
Feb 4 20:48:06 dhcp6c 481 IA PD-0 is invalidated
Feb 4 20:48:06 dhcp6c 481 remove an IA: PD-0
Feb 4 20:48:06 dhcp6c 481 reset a timer on re0, state=INIT, timeo=0, retrans=677
Feb 4 20:48:06 dhcp6c 481 executes /var/etc/dhcp6c_wan_dhcp6withoutra_script.sh
Feb 4 20:48:08 dhcp6c 481 script "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh" terminated
Feb 4 20:48:08 dhcp6c 481 removing an event on re0, state=REQUEST
Feb 4 20:48:08 dhcp6c 481 removing server (ID: 00:01:00:01:15:9b:b6:e5:00:21:28:5f:d2:b7)
Feb 4 20:48:08 dhcp6c 481 got an expected reply, sleeping.
Feb 4 20:48:08 dhcp6c 481 Sending Solicit
Feb 4 20:48:08 dhcp6c 481 a new XID (feda7) is generated
Feb 4 20:48:08 dhcp6c 481 set client ID (len 14)
Feb 4 20:48:08 dhcp6c 481 set elapsed time (len 2)
Feb 4 20:48:08 dhcp6c 481 set option request (len 4)
Feb 4 20:48:08 dhcp6c 481 set IA_PD prefix
Feb 4 20:48:08 dhcp6c 481 set IA_PD
Feb 4 20:48:08 dhcp6c 481 send solicit to ff02::1:2%re0
Feb 4 20:48:08 dhcp6c 481 reset a timer on re0, state=SOLICIT, timeo=0, retrans=1038
Feb 4 20:48:09 dhcp6c 481 Sending Solicit
Feb 4 20:48:09 dhcp6c 481 set client ID (len 14)
Feb 4 20:48:09 dhcp6c 481 set elapsed time (len 2)
Feb 4 20:48:09 dhcp6c 481 set option request (len 4)
Feb 4 20:48:09 dhcp6c 481 set IA_PD prefix
Feb 4 20:48:09 dhcp6c 481 set IA_PD
Feb 4 20:48:09 dhcp6c 481 send solicit to ff02::1:2%re0
Feb 4 20:48:09 dhcp6c 481 reset a timer on re0, state=SOLICIT, timeo=1, retrans=2027
Feb 4 20:48:11 dhcp6c 481 Sending Solicit
Feb 4 20:48:11 dhcp6c 481 set client ID (len 14)
Feb 4 20:48:11 dhcp6c 481 set elapsed time (len 2)
Feb 4 20:48:11 dhcp6c 481 set option request (len 4)
Feb 4 20:48:11 dhcp6c 481 set IA_PD prefix
Feb 4 20:48:11 dhcp6c 481 set IA_PD
Feb 4 20:48:11 dhcp6c 481 send solicit to ff02::1:2%re0
Feb 4 20:48:11 dhcp6c 481 reset a timer on re0, state=SOLICIT, timeo=2, retrans=4070
Feb 4 20:48:15 dhcp6c 481 Sending Solicit
Feb 4 20:48:15 dhcp6c 481 set client ID (len 14)
Feb 4 20:48:15 dhcp6c 481 set elapsed time (len 2)
Feb 4 20:48:15 dhcp6c 481 set option request (len 4)
Feb 4 20:48:15 dhcp6c 481 set IA_PD prefix
Feb 4 20:48:15 dhcp6c 481 set IA_PD
Feb 4 20:48:15 dhcp6c 481 send solicit to ff02::1:2%re0
Feb 4 20:48:15 dhcp6c 481 reset a timer on re0, state=SOLICIT, timeo=3, retrans=8103

Derelict · Feb 5, 2019, 7:26 AM

Looks like upstream is not responding.

JKnott · Feb 5, 2019, 11:59 AM

@derelict said in Getting new IPv6 prefix:

Looks like upstream is not responding.

That wouldn't surprise me. There's definitely a routing problem to my LAN prefix, though to the WAN address is fine. I was able to demonstrate that to 2nd level support. The problem is getting someone beyond them to fix this. At least this narrows down the problem area somewhat. Incidentally, I was doing some work in my ISPs head ends, a couple of months ago, but not the one I connect to. However, that work had nothing to do with IP.

JKnott · Feb 5, 2019, 3:07 PM

@derelict said in Getting new IPv6 prefix:

Looks like upstream is not responding.

Do you know what to look for in the router solicitations and advertisements. Also, I've noticed something curious in the advertisements, the lifetimes are infinite!

JKnott · Feb 5, 2019, 3:51 PM

I've been examining the router advertisements and noticed something else. I see several prefixes provided, all with /64. However, I don't see mine, which should be a /56. I've attached the Wireshark capture file. This was captured as pfSense was booting up. I filtered on the WAN interface link local address and ICMP6.

0_1549381817002_bootup_capture.pcapng

bimmerdriver · Feb 8, 2019, 4:43 AM

Did you try changing the MAC of the WAN port? That might work.

JKnott · Feb 9, 2019, 1:13 AM

@bimmerdriver said in Getting new IPv6 prefix:

Did you try changing the MAC of the WAN port? That might work.

Yes, I did and no it didn't. The problem I'm trying to resolve, is a routing problem with my ISP, where traffic for my network doesn't even reach my firewall. It even fails when I have the modem in gateway mode. I have proven it's a routing problem to tier support, but they can't get the people responsible for maintaining the network to fix it.