• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Getting new IPv6 prefix

Scheduled Pinned Locked Moved IPv6
28 Posts 3 Posters 3.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    JKnott
    last edited by Feb 4, 2019, 8:08 PM

    When I first started using pfSense, there was a problem where something as simple as disconnecting and reconnecting the WAN port from the modem would release the prefix and get a new one. Now, when I want to do that, I can't. I have turned off the option to not release the prefix, but it still doesn't release. I have also tried deleting the dhcp6c_duid file and rebooting, but no luck. Any ideas?

    BTW, the reason I want to do this is my ISP has developed a routing problem for my current prefix, and I'm hoping a new prefix will fix the problem. I have verified with my ISPs 2nd level support that there is a routing problem, but the people who are responsible for the network don't seem to be interested in fixing it.

    PfSense running on Qotom mini PC
    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
    UniFi AC-Lite access point

    I haven't lost my mind. It's around here...somewhere...

    1 Reply Last reply Reply Quote 0
    • D
      Derelict LAYER 8 Netgate
      last edited by Feb 4, 2019, 8:32 PM

      Did you save the DUID in System > Advanced, Networking??

      Try changing the time field there (if it's the default DUID style.) The output of date +'%s' is a good choice.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • J
        JKnott
        last edited by Feb 4, 2019, 8:39 PM

        At the moment, it's raw DUID. Are you suggesting I change that to DUID-LLT?

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • D
          Derelict LAYER 8 Netgate
          last edited by Feb 4, 2019, 8:40 PM

          Depends on the ISP, I suppose. If it's saved it should be changed there though.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • J
            JKnott
            last edited by Feb 4, 2019, 8:43 PM

            I'll try DUID-LLT. I have saved the original dhcpc6_duid file.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • J
              JKnott
              last edited by JKnott Feb 4, 2019, 8:49 PM Feb 4, 2019, 8:49 PM

              Changing the DUID type and rebooting did not change my prefix.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              1 Reply Last reply Reply Quote 0
              • D
                Derelict LAYER 8 Netgate
                last edited by Feb 4, 2019, 9:05 PM

                Sounds like an ISP problem. Does the dhcp6c log show you sending the new DUID and them sending the same thing?

                Guarantee if I was to change mine I'd get a new PD from Cox.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • J
                  JKnott
                  last edited by Feb 4, 2019, 9:17 PM

                  Where is that log? I don't see it in /var/log or /var/db.

                  PfSense running on Qotom mini PC
                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                  UniFi AC-Lite access point

                  I haven't lost my mind. It's around here...somewhere...

                  1 Reply Last reply Reply Quote 0
                  • D
                    Derelict LAYER 8 Netgate
                    last edited by Derelict Feb 4, 2019, 9:20 PM Feb 4, 2019, 9:19 PM

                    It's in Status > System Logs, DHCP. Filter on process dhcp6c.

                    Be sure debug logs are enabled in the dhcp6 section on Interfaces > WAN. They can just be left enabled. It's not a lot of additional logging but it's valuable.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • J
                      JKnott
                      last edited by Feb 4, 2019, 9:39 PM

                      Here's what they show.

                      Feb 4 16:34:49 dhcp6c 481 Sending Solicit
                      Feb 4 16:34:49 dhcp6c 481 set client ID (len 14)
                      Feb 4 16:34:49 dhcp6c 481 set elapsed time (len 2)
                      Feb 4 16:34:49 dhcp6c 481 set option request (len 4)
                      Feb 4 16:34:49 dhcp6c 481 set IA_PD prefix
                      Feb 4 16:34:49 dhcp6c 481 set IA_PD

                      That doesn't tell me much, so I'll have to fire up Wireshark.

                      It's really annoying that my prefix changed when I didn't want it to and doesn't when I do. 😉

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      1 Reply Last reply Reply Quote 0
                      • D
                        Derelict LAYER 8 Netgate
                        last edited by Feb 4, 2019, 9:48 PM

                        That doesn't look like debug is enabled. It will show the DUID sent, etc.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        J 1 Reply Last reply Feb 4, 2019, 10:14 PM Reply Quote 0
                        • J
                          JKnott @Derelict
                          last edited by Feb 4, 2019, 10:14 PM

                          @derelict

                          The only debug item I see on the WAN page is "Start DHCP6 client in debug mode", which is enabled.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          1 Reply Last reply Reply Quote 0
                          • D
                            Derelict LAYER 8 Netgate
                            last edited by Feb 4, 2019, 10:28 PM

                            Then you should have more descriptive output there,

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            J 1 Reply Last reply Feb 5, 2019, 1:54 AM Reply Quote 0
                            • J
                              JKnott @Derelict
                              last edited by Feb 5, 2019, 1:54 AM

                              @derelict

                              Tried again:
                              Feb 4 20:48:06 dhcp6c 481 IA_PD: ID=0, T1=0, T2=0
                              Feb 4 20:48:06 dhcp6c 481 get DHCP option status code, len 56
                              Feb 4 20:48:06 dhcp6c 481 status code: no prefixes
                              Feb 4 20:48:06 dhcp6c 481 get DHCP option DNS, len 32
                              Feb 4 20:48:06 dhcp6c 481 dhcp6c Received REQUEST
                              Feb 4 20:48:06 dhcp6c 481 nameserver[0] 2607:f798:18:10:0:640:7125:5204
                              Feb 4 20:48:06 dhcp6c 481 nameserver[1] 2607:f798:18:10:0:640:7125:5198
                              Feb 4 20:48:06 dhcp6c 481 make an IA: PD-0
                              Feb 4 20:48:06 dhcp6c 481 status code for PD-0: no prefixes
                              Feb 4 20:48:06 dhcp6c 481 IA PD-0 is invalidated
                              Feb 4 20:48:06 dhcp6c 481 remove an IA: PD-0
                              Feb 4 20:48:06 dhcp6c 481 reset a timer on re0, state=INIT, timeo=0, retrans=677
                              Feb 4 20:48:06 dhcp6c 481 executes /var/etc/dhcp6c_wan_dhcp6withoutra_script.sh
                              Feb 4 20:48:08 dhcp6c 481 script "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh" terminated
                              Feb 4 20:48:08 dhcp6c 481 removing an event on re0, state=REQUEST
                              Feb 4 20:48:08 dhcp6c 481 removing server (ID: 00:01:00:01:15:9b:b6:e5:00:21:28:5f:d2:b7)
                              Feb 4 20:48:08 dhcp6c 481 got an expected reply, sleeping.
                              Feb 4 20:48:08 dhcp6c 481 Sending Solicit
                              Feb 4 20:48:08 dhcp6c 481 a new XID (feda7) is generated
                              Feb 4 20:48:08 dhcp6c 481 set client ID (len 14)
                              Feb 4 20:48:08 dhcp6c 481 set elapsed time (len 2)
                              Feb 4 20:48:08 dhcp6c 481 set option request (len 4)
                              Feb 4 20:48:08 dhcp6c 481 set IA_PD prefix
                              Feb 4 20:48:08 dhcp6c 481 set IA_PD
                              Feb 4 20:48:08 dhcp6c 481 send solicit to ff02::1:2%re0
                              Feb 4 20:48:08 dhcp6c 481 reset a timer on re0, state=SOLICIT, timeo=0, retrans=1038
                              Feb 4 20:48:09 dhcp6c 481 Sending Solicit
                              Feb 4 20:48:09 dhcp6c 481 set client ID (len 14)
                              Feb 4 20:48:09 dhcp6c 481 set elapsed time (len 2)
                              Feb 4 20:48:09 dhcp6c 481 set option request (len 4)
                              Feb 4 20:48:09 dhcp6c 481 set IA_PD prefix
                              Feb 4 20:48:09 dhcp6c 481 set IA_PD
                              Feb 4 20:48:09 dhcp6c 481 send solicit to ff02::1:2%re0
                              Feb 4 20:48:09 dhcp6c 481 reset a timer on re0, state=SOLICIT, timeo=1, retrans=2027
                              Feb 4 20:48:11 dhcp6c 481 Sending Solicit
                              Feb 4 20:48:11 dhcp6c 481 set client ID (len 14)
                              Feb 4 20:48:11 dhcp6c 481 set elapsed time (len 2)
                              Feb 4 20:48:11 dhcp6c 481 set option request (len 4)
                              Feb 4 20:48:11 dhcp6c 481 set IA_PD prefix
                              Feb 4 20:48:11 dhcp6c 481 set IA_PD
                              Feb 4 20:48:11 dhcp6c 481 send solicit to ff02::1:2%re0
                              Feb 4 20:48:11 dhcp6c 481 reset a timer on re0, state=SOLICIT, timeo=2, retrans=4070
                              Feb 4 20:48:15 dhcp6c 481 Sending Solicit
                              Feb 4 20:48:15 dhcp6c 481 set client ID (len 14)
                              Feb 4 20:48:15 dhcp6c 481 set elapsed time (len 2)
                              Feb 4 20:48:15 dhcp6c 481 set option request (len 4)
                              Feb 4 20:48:15 dhcp6c 481 set IA_PD prefix
                              Feb 4 20:48:15 dhcp6c 481 set IA_PD
                              Feb 4 20:48:15 dhcp6c 481 send solicit to ff02::1:2%re0
                              Feb 4 20:48:15 dhcp6c 481 reset a timer on re0, state=SOLICIT, timeo=3, retrans=8103

                              PfSense running on Qotom mini PC
                              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                              UniFi AC-Lite access point

                              I haven't lost my mind. It's around here...somewhere...

                              1 Reply Last reply Reply Quote 0
                              • D
                                Derelict LAYER 8 Netgate
                                last edited by Feb 5, 2019, 7:26 AM

                                Looks like upstream is not responding.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                J 2 Replies Last reply Feb 5, 2019, 11:59 AM Reply Quote 0
                                • J
                                  JKnott @Derelict
                                  last edited by Feb 5, 2019, 11:59 AM

                                  @derelict said in Getting new IPv6 prefix:

                                  Looks like upstream is not responding.

                                  That wouldn't surprise me. There's definitely a routing problem to my LAN prefix, though to the WAN address is fine. I was able to demonstrate that to 2nd level support. The problem is getting someone beyond them to fix this. At least this narrows down the problem area somewhat. Incidentally, I was doing some work in my ISPs head ends, a couple of months ago, but not the one I connect to. However, that work had nothing to do with IP.

                                  PfSense running on Qotom mini PC
                                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                  UniFi AC-Lite access point

                                  I haven't lost my mind. It's around here...somewhere...

                                  1 Reply Last reply Reply Quote 0
                                  • J
                                    JKnott @Derelict
                                    last edited by Feb 5, 2019, 3:07 PM

                                    @derelict said in Getting new IPv6 prefix:

                                    Looks like upstream is not responding.

                                    Do you know what to look for in the router solicitations and advertisements. Also, I've noticed something curious in the advertisements, the lifetimes are infinite!

                                    PfSense running on Qotom mini PC
                                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                    UniFi AC-Lite access point

                                    I haven't lost my mind. It's around here...somewhere...

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      JKnott
                                      last edited by Feb 5, 2019, 3:51 PM

                                      I've been examining the router advertisements and noticed something else. I see several prefixes provided, all with /64. However, I don't see mine, which should be a /56. I've attached the Wireshark capture file. This was captured as pfSense was booting up. I filtered on the WAN interface link local address and ICMP6.

                                      0_1549381817002_bootup_capture.pcapng

                                      PfSense running on Qotom mini PC
                                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                      UniFi AC-Lite access point

                                      I haven't lost my mind. It's around here...somewhere...

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        bimmerdriver
                                        last edited by Feb 8, 2019, 4:43 AM

                                        Did you try changing the MAC of the WAN port? That might work.

                                        J 1 Reply Last reply Feb 8, 2019, 12:02 PM Reply Quote 0
                                        • J
                                          JKnott @bimmerdriver
                                          last edited by Feb 8, 2019, 12:02 PM

                                          @bimmerdriver said in Getting new IPv6 prefix:

                                          Did you try changing the MAC of the WAN port? That might work.

                                          Yes, I did and no it didn't. The problem I'm trying to resolve, is a routing problem with my ISP, where traffic for my network doesn't even reach my firewall. It even fails when I have the modem in gateway mode. I have proven it's a routing problem to tier support, but they can't get the people responsible for maintaining the network to fix it.

                                          PfSense running on Qotom mini PC
                                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                          UniFi AC-Lite access point

                                          I haven't lost my mind. It's around here...somewhere...

                                          B 1 Reply Last reply Feb 9, 2019, 1:13 AM Reply Quote 0
                                          1 out of 28
                                          • First post
                                            1/28
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received