IPv6 Native with Telstra, Australia
-
@derelict said in IPv6 Native with Telstra, Australia:
https://www.freebsdfoundation.org/donate/
You said you had someone sympathetic at the ISP. Send them that pcap. Ask why there is no response.
@Derelict Whilst I think of it, what is going on at the ICMP level where Telstra does respond back to pfsense (neighbor solicit), but pfsense doesn't do anything with Telstra's response? Telstra stated in their email to me that they believe that is part of the problem. What should I say back to Telstra in relation to that?
-
@larrikin Putting aside the DHCP6 PD issue - have you tried setting WAN interface IPv6 to SLAAC?
-
@dugeem said in IPv6 Native with Telstra, Australia:
@larrikin Putting aside the DHCP6 PD issue - have you tried setting WAN interface IPv6 to SLAAC?
Thanks for your response and interest in this. Telstra has made it clear they don't support SLAAC and only DHCP.
@Derelict Heard back from my Telstra contact. He is away until Monday but he is going to look into it then. Still interested in your thoughts on the ICMP stuff above...
-
@larrikin Exactly which DHCP6 does Telstra claim they support? Stateless (which is reallly SLAAC + DHCP6-PD) or Stateful?
I wouldn't be surprised if they support SLAAC even if they claim not to.
-
@dugeem said in IPv6 Native with Telstra, Australia:
Exactly which DHCP6 does Telstra claim they support? Stateless (which is reallly SLAAC + DHCP6-PD) or Stateful?
I wouldn't be surprised if they support SLAAC even if they claim not to.Stateful. This is consistent with other third party routers who have managed to get their stuff working on Telstra. I think the key here is I have a contact in Telstra who is going to look at the packet captures, compare them against the back end DHCPv6 logs, and see what is going on. Until we have that information, I honestly would just be playing further in the dark, and I'd rather wait for the Telstra chap to get back to me with what's really going on.
-
@larrikin Unfortunately the presence of the ICMPv6 neighbour solicit packet points towards SLAAC in operation.
DHCPv6 operates using IPv6/UDP on port 547.
This may not help right now ... but possibly something for your Telstra contact(s) to investigate.
-
@dugeem said in IPv6 Native with Telstra, Australia:
@larrikin Unfortunately the presence of the ICMPv6 neighbour solicit packet points towards SLAAC in operation.
DHCPv6 operates using IPv6/UDP on port 547.
This may not help right now ... but possibly something for your Telstra contact(s) to investigate.
Wow, I think you are onto something. Care to take a look at this new packet capture? It is certainly showing a lot more now that it did before.
0_1551260385225_packetcapture.cap.zip
I really am in unchartered space here in terms of my knowledge. I've put the WAN interface as SLAAC, and the LAN as SLAAC as well. No idea what the LAN interface should actually be. Not getting any IPv6 addresses yet, but I feel its closer based on the packet capture (although, I may well be mis-reading it and have no idea what I am doing :)).
-
@larrikin said in IPv6 Native with Telstra, Australia:
@dugeem said in IPv6 Native with Telstra, Australia:
@larrikin Unfortunately the presence of the ICMPv6 neighbour solicit packet points towards SLAAC in operation.
DHCPv6 operates using IPv6/UDP on port 547.
This may not help right now ... but possibly something for your Telstra contact(s) to investigate.
Wow, I think you are onto something. Care to take a look at this new packet capture? It is certainly showing a lot more now that it did before.
0_1551260385225_packetcapture.cap.zip
I really am in unchartered space here in terms of my knowledge. I've put the WAN interface as SLAAC, and the LAN as SLAAC as well. No idea what the LAN interface should actually be. Not getting any IPv6 addresses yet, but I feel its closer based on the packet capture (although, I may well be mis-reading it and have no idea what I am doing :)).
Actually, that entire exercise might be a red herring. More info about to follow on further testing.
-
@derelict said in IPv6 Native with Telstra, Australia:
https://www.freebsdfoundation.org/donate/
You said you had someone sympathetic at the ISP. Send them that pcap. Ask why there is no response.
Now this is interesting.
https://forums.whirlpool.net.au/thread/2784659?p=2#r29
If you've got time, I think you'll find that post very, very informative. It just got put up there. I'd love to know what you think.
-
@derelict said in IPv6 Native with Telstra, Australia:
https://www.freebsdfoundation.org/donate/
You said you had someone sympathetic at the ISP. Send them that pcap. Ask why there is no response.
Also, I found an old post from another forum who claimed he got pfsense to work with Telstra and he left an old packet capture of it working. I attach it here. I can't make head or tail of it.
-
The first thing I see in that capture that was responded to is there is no specificity in the request for the PD length so I would uncheck Send IPv6 Prefix Hint.
Also, I found an old post from another forum who claimed he got pfsense to work with Telstra
How about a link to that?
-
@larrikin said in IPv6 Native with Telstra, Australia:
@larrikin Unfortunately the presence of the ICMPv6 neighbour solicit packet points towards SLAAC in operation.
How? Neighbor solicitations are similar to ARP in IPv4. It's how you identify what MAC address on the local subnet to send traffic to.
There will even be Router Solicitations as the gateway is not sent via DHCP.
There is already a successful capture for DHCP6 posted, and Telstra says DHCP6 is the way to do it. And you're CERTAINLY not going to get a prefix delegation over SLAAC.
I wouldn't muddy the waters.
-
@larrikin said in IPv6 Native with Telstra, Australia:
@Derelict Whilst I think of it, what is going on at the ICMP level where Telstra does respond back to pfsense (neighbor solicit), but pfsense doesn't do anything with Telstra's response? Telstra stated in their email to me that they believe that is part of the problem. What should I say back to Telstra in relation to that?
What packet capture and what response? Please be specific.
-
@derelict said in IPv6 Native with Telstra, Australia:
The first thing I see in that capture that was responded to is there is no specificity in the request for the PD length so I would uncheck Send IPv6 Prefix Hint.
Also, I found an old post from another forum who claimed he got pfsense to work with Telstra
How about a link to that?
I think that packet capture is also a red herring. I have had someone try and replicate those settings and he gets the same result I do. I'll dig up the link though for you.
In the meantime, this link here is our most promising. It's just been done and probably steers us closest to getting this working.
https://forums.whirlpool.net.au/thread/2784659?p=2#r29
-
@derelict said in IPv6 Native with Telstra, Australia:
@larrikin said in IPv6 Native with Telstra, Australia:
@Derelict Whilst I think of it, what is going on at the ICMP level where Telstra does respond back to pfsense (neighbor solicit), but pfsense doesn't do anything with Telstra's response? Telstra stated in their email to me that they believe that is part of the problem. What should I say back to Telstra in relation to that?
What packet capture and what response? Please be specific.
I don't want to lose focus on that other link I just gave you as I think the key to getting this working is in that link.
I think the answer to getting this working lies in this link: https://forums.whirlpool.net.au/thread/2784659?p=2#r29
Note that just got posted with someone else trying to help getting this working.
However, back to answering your question, I am referring to what is in my original post:
Packet capture on my end:
22:13:15.731905 00:0c:29:05:a3:a1 > 33:33:ff:2f:08:93, ethertype IPv6 (0x86dd), length 86: (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::20c:29ff:fe05:a3a1 > ff02::1:ff2f:893: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::4e16:fcff:fe2f:893
source link-address option (1), length 8 (1): 00:0c:29:05:a3:a1
0x0000: 000c 2905 a3a122:13:15.293243 4c:16:fc:2f:08:93 > 33:33:ff:05:a3:a1, ethertype IPv6 (0x86dd), length 96: (class 0xc0, hlim 255, next-header ICMPv6 (58) payload length: 32) 2001:8003:0:bdf:f0:3:9:0 > ff02::1:ff05:a3a1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::20c:29ff:fe05:a3a1
Telstra's logs:
(including the email from the Telstra tech so where it says "I" below, I = Telstra tech guy)
I can see it sending Ipv6 DHCPv6
13:30:59.553687 In
Juniper PCAP Flags [no-L2, In]
-----original packet-----
PFE proto 6 (ipv6): (hlim 1, next-header: UDP (17), length: 146) fe80::20c:29ff:fe05:a3a1.dhcpv6-server > ff02::1:2.dhcpv6-server: [udp sum ok] dhcp6 Relay-forwardIt’s also unable to establish Ipv6 neighbours which I suspect is a reason why it’s not functioning correctly
13:31:01.106029 In
Juniper PCAP Flags [no-L2, In]
-----original packet-----
PFE proto 6 (ipv6): (hlim 255, next-header: ICMPv6 (58), length: 32) fe80::20c:29ff:fe05:a3a1 > ff02::1:ff2f:893: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::4e16:fcff:fe2f:893
source link-address option (1), length 8 (1): 00:0c:29:05:a3:a1
0x0000: 000c 2905 a3a113:31:02.073018 Out
Juniper PCAP Flags [no-L2]
-----original packet-----
PFE proto 6 (ipv6): (class 0xc0, hlim 255, next-header: ICMPv6 (58), length: 32) 2001:8003:0:bdf:f0:3:9:0 > ff02::1:ff05:a3a1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::20c:29ff:fe05:a3a1
source link-address option (1), length 8 (1): 4c:16:fc:2f:08:93
0x0000: 4c16 fc2f 0893 -
Please post captures not textual representations.
-
@derelict said in IPv6 Native with Telstra, Australia:
Please post captures not textual representations.
If you are referring to this link: https://forums.whirlpool.net.au/thread/2784659?p=2#r29
that isn't me or my work. That is someone else. I think he has done an excellent job at uncovering some key details. I've encouraged him to post here, but in the meantime, I'm providing a link so at least you can read what is in that post.
If you want more details from it, I'll proxy that request by posting on that forum asking for it.
-
Not sure why anyone would want to request a "domain-name" from their ISP. It would be an even bigger mystery why requesting one would be required.
-
@derelict said in IPv6 Native with Telstra, Australia:
Not sure why anyone would want to request a "domain-name" from their ISP. It would be an even bigger mystery why requesting one would be required.
I hear you, but the key thing he has done a packet capture of a successful DHCPv6 connection to Telstra and then comparing that to trying to get pfsense working. I think its the closest and best way to troubleshoot this. He even points out in the working version (which isn't using pfsense) what it takes to get it working as it shows how Telstra has implemented IPv6 and perhaps why pfsense isn't working with it.
-
@derelict said in IPv6 Native with Telstra, Australia:
Please post captures not textual representations.
I truly think our answer lies i this post. Do you mind reading it and giving me your thoughts?
https://forums.whirlpool.net.au/thread/2784659?p=2#r29
As stated above, I can go back to that guy and ask any questions you have (I've encouraged him to come to this forum and participate in this thread, but so far he hasn't yet).