Track interface not getting IPv6 and restarts unbound every minute
-
Hi,
I have a new setup running and I'm setting up my IPv6 again with DHCPv6 enabled on the WAN interface and a track interface enabled on the LAN.
My ISP (Telenet) provides me with a /56.
The DUID of my WAN interface is set fixed in PFSense and shows as a DUID-LLT.As found on the internet from numerous sources I should set my WAN interface with a prefix DG of 56 and enable send IPv6 prefix hint to my ISP. Additionally I've enabled the DHCP6 debug mode and the Do not allow PD/ Address release to prevent the WAN IPv6 to change (due to IPSEC tunnel).
If I enable "Do not wait for a RA" my PFSense reboots and gets "stuck" in a boot loop if I'm not fast enough to disable it again.
On my DATA (LAN) interface I set it to track and select the WAN with a prefix ID of 1 (tested 0 as well).
After a release renew on my WAN I get a nice IPv6 address on the WAN interface.
Then the strange things start to happen.
- My DATA interface never gets an IPv6 through its track setting.
- Unbound (DNS Resolver) restarts its service every minute
If you disable track on the interface(s) Unbound stays stable. and my WAN keeps it's IPv6 until a reboot.
I have a secondary site with the exact same settings (not same hardware -> Hyper-V VM) and their it gets a nice IPv6 on it's track interface(s).
In my system logs I see the following:
May 1 18:08:21 dhcp6c 34695 failed to parse configuration file May 1 18:08:21 dhcp6c 34695 called May 1 18:08:21 dhcp6c 34695 /var/etc/dhcp6c_wan.conf:3 IA_PD (0) is not defined May 1 18:08:21 dhcp6c 34695 called May 1 18:08:21 dhcp6c 34695 <3>end of sentence [;] (1) May 1 18:08:21 dhcp6c 34695 <3>end of closure [}] (1) May 1 18:08:21 dhcp6c 34695 <13>begin of closure [{] (1) May 1 18:08:21 dhcp6c 34695 <13>[0] (1) May 1 18:08:21 dhcp6c 34695 <13>[na] (2) May 1 18:08:21 dhcp6c 34695 <3>[id-assoc] (8) May 1 18:08:21 dhcp6c 34695 <3>end of sentence [;] (1) May 1 18:08:21 dhcp6c 34695 <3>end of closure [}] (1) May 1 18:08:21 dhcp6c 34695 <3>comment [# we'd like some nameservers please] (35) May 1 18:08:21 dhcp6c 34695 <3>end of sentence [;] (1) May 1 18:08:21 dhcp6c 34695 <3>["/var/etc/dhcp6c_wan_script.sh"] (31) May 1 18:08:21 dhcp6c 34695 <3>[script] (6) May 1 18:08:21 dhcp6c 34695 <3>end of sentence [;] (1) May 1 18:08:21 dhcp6c 34695 <3>[domain-name] (11) May 1 18:08:21 dhcp6c 34695 <3>[request] (7) May 1 18:08:21 dhcp6c 34695 <3>end of sentence [;] (1) May 1 18:08:21 dhcp6c 34695 <3>[domain-name-servers] (19) May 1 18:08:21 dhcp6c 34695 <3>[request] (7) May 1 18:08:21 dhcp6c 34695 <3>comment [# request prefix delegation] (27) May 1 18:08:21 dhcp6c 34695 <3>end of sentence [;] (1) May 1 18:08:21 dhcp6c 34695 <3>[0] (1) May 1 18:08:21 dhcp6c 34695 <3>[ia-pd] (5) May 1 18:08:21 dhcp6c 34695 <3>[send] (4) May 1 18:08:21 dhcp6c 34695 <3>comment [# request stateful address] (26) May 1 18:08:21 dhcp6c 34695 <3>end of sentence [;] (1) May 1 18:08:21 dhcp6c 34695 <3>[0] (1) May 1 18:08:21 dhcp6c 34695 <3>[ia-na] (5) May 1 18:08:21 dhcp6c 34695 <3>[send] (4) May 1 18:08:21 dhcp6c 34695 <3>begin of closure [{] (1) May 1 18:08:21 dhcp6c 34695 <5>[igb1] (4) May 1 18:08:21 dhcp6c 34695 <3>[interface] (9) May 1 18:08:21 dhcp6c 34695 skip opening control port May 1 18:08:21 dhcp6c 34695 failed initialize control message authentication May 1 18:08:21 dhcp6c 34695 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory May 1 18:08:21 dhcp6c 34695 extracted an existing DUID from /var/db/dhcp6c_duid: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xxTried numerous things and nothing seems to resolve this, googling it comes up empty handed. Anyone here that encountered something similar like I'm having?
Thanks in advance
-
A bit more information:
- The NIC for LAN/ DATA and vlans in use is an Intel X520-DA2 with 2x10GB SFP+ DAC in a LAG with LACP and vlan interfaces configured
- The WAN NIC is the build in Intel NIC I210 GB ethernet adapter
- PFBlockerNG Devel is installed and set up correctly
When I select SLAAC or 6to4 I immediately get an IPv6 address. Yet when I select DHCP6 it remains without an IPv6 unless I enable Track on one of the interfaces.
But only the WAN receives an IPv6 address after a while (or after a release/ renew). The LAN or for example DATA interface (both vlan interfaces on the LAG) do not receive an IPv6 address.
IPv6 DHCP server settings is using the standard settings:
And then my unbound restarts its service again and again...
After a refresh:
Again after the refresh:
And so on and on until I disable the track interface setting on the interface. This occurs for every interface I have when I enable track.
Disabling PFBlockerNG does not solve the issue, so we "can rule" this one out.
-
So my ISP replaced the modem (same model) and the issue is not resolved. In my firewall logs I see this returning:
May 27 19:59:52 dhcp6c 19049 remove an IA: PD-0 May 27 19:59:52 dhcp6c 19049 IA PD-0 is invalidated May 27 19:59:52 dhcp6c 19049 status code for PD-0: no prefixes May 27 19:59:52 dhcp6c 19049 make an IA: PD-0Which leaves me to believe there is a configuration (or routing) issue on my ISP side.
Am I correct in this statement? And that issue is the reason why my unbound is restarting the whole time? -
DIsconnect the WAN cable and reboot pfSense. Run Packet Capture on the WAN interface, filtering on DHCPv6 and then reconnect the WAN cable. Post the capture packets here.
-
Solved!
My ISP digged deep into this and like I thought it was a routing issue on their side!
I moved to another city last year they didn't changed my public fixed IP addresses. Once they changed my IPv6 /56 it all worked.TL:DR IPv6 routing issue on ISP side.
