No IPv6 connectivity after upgrading to 2.5.0 RC
-
I just upgraded to 2.5.0.r.20210216.0300 today, and it looks like I've lost IPv6 connectivity. The gateway WAN_DHCP6 is stuck 'Pending' on RTT and packet loss, with status 'Unknown'. I'm not seeing any log entries for that gateway under Status/System Logs/System/Gateways.
The WAN interface is set to get an IPv6 address using DHCP6, and the LAN is using Track Interface. Under 'DHCP6 Client Configuration' settings, only 'Send IPv6 prefix hint' is checked, and 'DHCPv6 Prefix Delegation size' is set to 64.
Both interfaces show my usual IPv6 addresses on the Dashboard, but going to https://ipv6-test.com/ results in a failed IPv6 test.
Any ideas? I can provide more information if needed.
Thanks!
-
Try doing a Packet Capture of DHCP & DHCPv6. To do that, shut down pfsense and disconnect the WAN cable. Then restart and run Packet Capture, then reconnect the WAN cable. Upload the capture file here.
-
Done. Packets were captured using default settings in non-promiscuous mode, so let me know if I need to redo the capture.
Thanks!
Edit: Trouble uploading the .cap file: "Input file contains unsupported image format". Attempting to upload the file compressed in a 7-Zip archive: capture.7z
-
I should also mention that last night I reinstalled 2.4.5-p1 from scratch and reloaded a backed up configuration in order to get IPv6 working again. I upgraded that today to 2.5.0-RELEASE, but the problem persisted. I then ran the packet capture.
-
@andrew_241 I am seeing a similar issue after upgrading. Perhaps you could check and see if your WAN interface is receiving a gateway address for IPv6?
I started another thread, since I wasn't sure if the issues were the same.
EDIT: link formatting
-
Under Status/Interfaces, I don't see a gateway address for IPv6. Should there be one listed?
-
@andrew_241 I believe so... I'm certainly used to seeing one there. I'm seeing "dynamic" on my gateway status. Which is definitely unusual.
The gateway shows online, but none of my clients can route via IPv6.
-
I see 'dynamic' under Gateway as well, but 'Monitor' is blank, and RTT, RTTsd, Loss and Status are all 'Pending'.
-
@andrew_241 Try restarting the dpinger service. That should get rid of the "pending".
-
Just thought I would mention this: my pfSense box is able to ping IPv6 addresses with a source address of either 'WAN' or 'LAN'. When 'Localhost' is selected, I get 100 percent packet loss:
PING6(56=40+8+8 bytes) ::1 --> 2607:f8b0:4000:800::2004 ping6: wrote www.google.com 16 chars, ret=-1 ping6: wrote www.google.com 16 chars, ret=-1 ping6: wrote www.google.com 16 chars, ret=-1 --- www.google.com ping6 statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss -
@andrew_241 said in No IPv6 connectivity after upgrading to 2.5.0 RC:
When 'Localhost' is selected, I get 100 percent packet loss:
That's fine. Would be a fail if otherwise, as localhost, the 127.0.0.1 and ::1, isn't routaable.
-
I did a clean install of 2.5.0-RELEASE, and on the unconfigured system, I was able to successfully test IPv6 connectivity on a LAN-connected device, but the gateway still shows as 'Unknown'. It's still working after restoring my configuration, though I did not restore the CODEL limiters I had.
-
@andrew_241 I'm in the same boat. I got IPv6 connectivity back up as well, but had to disable my CoDel limiter, since the gateway isn't receiving an IP address.
-
@k3nb5t It looks like my IPv6 connectivity is down again. I didn't reenable the limiters or anything, just restarted the gateway device in front of my pfSense box.
-
I didn't mention this last night, but I did enter my gateway device's link-local address (that 2.4.5-p1 used) under 'Monitor IP' in System/Routing/Gateways/Edit. Some people reported that that got IPv6 working again, but in my case, it doesn't seem to solve the problem.
-
I disabled a couple floating firewall rules, and IPv6 started working again:
Both rules specified passing traffic in the 'out' direction. I think I was messing around with something a while ago.
-
@andrew_241 Yeah, those look like "policy routing" rules since you were specifying a gateway (rather than letting pfSense use the default gateway). But if you only have one WAN connection, or you don't want to route specific traffic in a specific way, you don't really need those rules, because everything can just route through the default gateway.
But since you had those rules... there is a deeper issue with the IPv6 gateway behind the scenes, so the IPv6 rule was not functional because of the bug, and was preventing your IPv6 traffic from flowing as a result.
