IPv6 Track Interface not getting IPv6
-
I've got two issues with IPv6 "Track Interface" not getting its IPv6 address. pfSense 2.4.5.
Firstly, I've been setting up an OPT1 interface. I configured everything correctly with IPv6 Configuration Type being "Track Interface", tracking the WAN. But still, I found that IPv6 would not start operating until I went to Status β Interfaces, and did "Release WAN" and then "Renew WAN". Then IPv6 started working. (I think this also happened when I originally set up the LAN interface in pfSense 2.4.4-p3, but I wasn't sure what was going on at the time. I think it may have started working when I changed a WAN configuration experimentally, which had a similar effect as releasing and renewing the WAN.)
Secondly, with everything running fine, and the LAN and OPT1 both working with IPv6 addressesβ If the power goes out, then when the power comes back on, LAN and OPT1 don't get an IPv6 address. Then when I manually do a "Release WAN" and then "Renew WAN", they get their IPv6 addresses.
I'm in Australia, using the NBN FttC through the NCD (NBN Connection Device which is a modem with reverse power feed to the fibre DPU on the street). My provider is Aussie Broadband, using IPoE giving the addresses with DHCP and DHCPv6. When the power goes off, the NCD, the pfSense box and all my switches all lose power, and then all switch on at the same time when the power comes back on.
-
@cmcqueen said in IPv6 Track Interface not getting IPv6:
I'm in Australia
So, you must work on the LAN Down Under.
I'm not familiar with the term IPoE, apparently it's similar to PPPoE. However, perhaps you should consider a UPS. I have one here, which keeps pfSense and my modem up, even if there's a power hit. Failing that, perhaps you could create a script that pings some IPv6 address at interval and causes the DHCPv6 client to restart when it fails.
-
LAN Down Under β ha, I like it!
IPoE is really just a funny way of saying regular IP over Ethernet. The term is mostly used to contrast with PPPoE in the context of broadband internet service. See What exactly is IPoE?
As for your suggestions... a UPS is a good idea, and I hope one day to get one. However, without a UPS, I think the pfSense should still be able to initiate IPv6 on the LAN interfaces once IPv6 is acquired on the WAN via DHCPv6. This seems like a pfSense bug. It's not a problem with the DHCPv6 client β the WAN gets its IPv6 address fine, it's just the LAN interfaces configured for "Track Interface" that don't get their IPv6 address initialised properly.
-
Last year, when I had an IPv6 problem with my ISP, I used Wireshark in order to see what was happening. In order to capture the frames, I configured a 5 port managed switch as a network tap, which I inserted between my modem and pfSense. I was then able to examine the DHCPv6 packets to see there was a problem at the cable company's head end. I was even able to identify the failing system by name. However, you'd need a UPS for something like that to survive a power hit, at least for the switch. You could use a notebook computer, with it's own battery, to run Wireshark on.
-
Another important point:
When I originally configured LAN IPv6 to "Track Interface", in pfSense 2.4.4-p3, and it didn't get an IPv6 address until I released and renewed the WAN β that was using a different Internet provider. I was using Internode, with the WAN being PPPoE with VLAN tagging. Then when I switched Internet provider to Aussie Broadband, I had the same issue, but that uses IPoE instead.
Since I've had the same issue with two different Internet providers, and with both PPPoE and IPoE, that makes it more likely that this is a pfSense issue, not an issue with a particular Internet provider.
-
This might also be relevant:
https://redmine.pfsense.org/issues/5999
I do have a Virtual IPv6 address on my WAN (because my Internet provider (Aussie Broadband) appears to have broken routing on the IPv6 address that it assigns to my router WAN via DHCPv6).
-
If it's the same as I experienced, I just manually added the ISP's prefix on the Router Advertisement. For some reason, pfSense stops automatically doing that, when you add a ULA prefix. However, I don't think that's your issue, as I don't recall you mentioning ULA before. I'm on a cable modem, so I can't help with PPPoE or IPoE.
-
Would really like to know how you've got IPv6 working with ABB.
@JKnott said
So, you must work on the LAN Down Under.
This was sent to me when the movie was still relatively recent.
-
Then there's the network song This LAN is Your LAN.
-
I've got 2.4.5-p1 running now. Today I switched the power off and back on. When the NBN device and the router restarted, all the IPv6 addresses were assigned properly. So that's a good improvement!
Other than the pfSense upgrade to 2.4.5-p1, I haven't changed any configuration. So maybe it's an improvement in 2.4.5-p1. But, I can't say for sure, because it's possible my Internet provider has made some configuration changes which improved it.
-
Make sure you have Do not allow PD/Address release on the WAN page set.
-
A comment on Whirlpool says:
A lot of routers use the WIDE-DHCPV6 package. And many of them have not incorporated the patch listed below. Without the patch, if the DHCP client gets a response that it wasn't expecting, it just gives up and stops trying.
β Add patch 0018 to ignore advertise messages with none of requested data and missed status codes.https://metadata.ftp-master.debian.org/changelogs/main/w/wide-dhcpv6/wide-dhcpv6_20080615-22_changelog
Patch: https://pastebin.com/a8wCHdHD
Does pfSense use the WIDE-DHCPV6 client? If so, does it incorporate this patch?
-
@JKnott said in IPv6 Track Interface not getting IPv6:
Make sure you have Do not allow PD/Address release on the WAN page set.
Is this generic advice, or advice tuned to my Internet provider (Aussie Broadband)?
If it's generic advice, why is Do not allow PD/Address release a user option?
-
its there, on the wan interface page
Its not tuned to aussies :)(but its not that important, since this is meaningful only when interfaces close gracefully.
On a power outage, line disconnection etc, you never get the time to send such things anyways)
And isp's often don't really care and always issue a new prefix upon reconnection -
I'm in Canada, so it's not an Aussie thing. As for why it's there, previously it wasn't and the prefix would frequently change. I suppose there is a reason why someone would want to always release the prefix, but I don't know what that is, other than perhaps changing ISP or something.
