pfsense IPV6 Issues with Comcast
-
Hello All,
I'm a pfsense newbie. Comcast is my ISP. Before starting with pfsense recently , I have typically run a dual ipv4+ipv6 stack without issue on other software (like Openwrt).
My pfsense box is set-up as follows:
- One WAN interface
- One LAN interface
- 2 OPT interfaces (OPT1 and OPT2)
I have no issues with ipv4, works just fine! I have DHCP client on WAN. On LAN, OPT1 and OPT2, I have a static RFC1918 IP and run a DHCP server on each of the interfaces. Each interface is a 192.168.x.x/24 subnet. Again, no issues here, works just fine!
I'm trying to do the following with ipv6
- DHCP6 client on WAN
- Prefix delegation of /60 on WAN
- Even though I have a /60 PD (more below), all I'm looking for is an ipv6 address for WAN and a /64 Prefix delegation from my ISP
- With the /64 Prefix Delegation (PD), I plan to configure LAN, OPT1 and OPT2 with a static v6 IP, and run a DHCP6 server on each of the interfaces. Goal is to have a v6 subnet on each interface
Below is my problem:
- I'm unable to get an ipv6 address from my ISP for the WAN
- I'm also unable to get the /64 prefix delegation
I have tried the following to address the problem:
- Changed the prefix delegation from /64 (original default) to /60 on my WAN interface page. I read on the net about folks having similar issues with comcast, and this was the supposed fix!
- Made sure the firewall is not blocking icmpv6 on WAN
- Rebooted my DOCSIS3 modem
- Rebooted my pfsense router
I'm still unable to get a WAN ipv6 address and a /64 PD from comcast!! What could be going on? What should I be doing different?
Thanks much!
-
You might try posting your config info, so we might have a clue about your configuration. For starters, have you enabled DHCPv6 on the WAN? Also, why do you want to use DHCPv6 on the LAN side. SLAAC works fine.
-
It may be they only give you the delegation, that's all you need really. You should be able to set the internal interfaces to track WAN and use /64s out of the /60 using different prefix IDs on each.
Check the dhcp logs.
Steve
-
Thanks for the responses!
I had a chance to play with this issue some more...
I now have the following config on WAN:
- dhcpv6 (I've always had this enabled, even during my previous post)
- PD of 64
Based on the responses I have set my WAN , OPT1 and OPT2 as follows:
- Set all 3 to track WAN, with a prefix ID of 1,2 and 3 for LAN, OPT1 and OPT2 respectively
There is some progress but still not fully configured for ipv6!
When I look at my dhcp logs, specifically at dhcp6c entries, I see the following:
- a /128 ipv6 address assigned to WAN
- a /64 assigned to LAN, OPT1 and OPT2
- However, my interfaces are still not configured with an ipv6 address!!
The last 2 lines of the dhcp6c logs are as follows:
- "failed initialize control message authentication"
- "failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory"
The last 2 lines appear to be error messages. Any ideas of what this could actually mean? Is it looking for a authentication key or a key file? What could be going on?
Appreciate your inputs- Thanks again!
-
@pfsnsr said in pfsense IPV6 Issues with Comcast:
/usr/local/etc/dhcp6cctlkey
/root: ls /usr/local/etc/dhcp6cctlkey
ls: /usr/local/etc/dhcp6cctlkey: No such file or directory -
If you're assigning v6 subnets to the internal interfaces your PD from Commcast needs to be at least /60.
/64 is one subnet in v6 land./128 is fine for a single interface on WAN they can route your PD to but if that's only a /64 it can only be on one internal interface.
Steve
-
To anyone else who might come across this post with Comcast. (or probably any ISP)
I went to the logs searching the logs as @stephenw10 suggested and noticed some funny "XID Mismatch" logs. So, looking up this article:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/dhcpv6-xid-mismatch.html
It said to basically do (arrow is for pointing out command):
# ps uxawww | grep dhcp6c root xxxxx 0.0 0.0 5780 1488 ?? INs Sat09PM 0:00.90 /usr/local/sbin/dhcp6c -d -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c_re1.pid re1 root xxxxy 0.0 0.0 5780 1524 ?? Is Tue07AM 0:00.30 /usr/local/sbin/dhcp6c -d -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c_re1.pid re1Then, i saw multiple instances of it like the output do:
killall -9 dhcp6cSolved my problem, maybe yours too.
