Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 No Gateway after 2.5 upgrade

    Scheduled Pinned Locked Moved IPv6
    97 Posts 27 Posters 33.3k Views 30 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      MarcO42 @g.shaffer
      last edited by

      @g-shaffer Hi, I did this change with the result that I got a static IPv6 address to monitor.
      Btw. This can slo be done here -> System - Routing - Gateways - Edit WAN_DHCP6 -> Monitor IP

      But now come the strange part: After I realised that I can do this also in the configuration I revert the change to

              $rtsoldscript .= "# This shell script launches dhcp6c and configured gateways for this interface.\n";
              $rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_routerV6\n";
              $rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_defaultgwv6\n";
              $rtsoldscript .= "/usr/bin/logger -t rtsold \"Received RA specifying route \$2 for interface {$interface}({$wanif})\"\n";
      

      It works. I can not explin why but it works :)
      Cheers
      Marco

      peteP 1 Reply Last reply Reply Quote 0
      • peteP Offline
        pete @MarcO42
        last edited by pete

        @marco42

        Putting the local link address as an IP6 monitoring address is the first thing I did to originally "fix" the issue.

        This time around went back to putting in the google IP6 address as a monitoring address for IP6:

        1 - 2001:4860:4860::8888
        2 - 2001:4860:4860::8844

        This Google DNS monitoring address is what I was using for PFSense 2.4.x

        That and went to diagnostics / routes / IP6 routes and took the local interface FE80 address minus the %em1 and used it in the diff file.

        I wanted to just leave it alone for time bean as it is working and everytime I play with this I lose my IP6 connectivity.

        On the second WAN failover interface which is using a CPE to T-Mobile I tested it with my Laptop and do get an IP6 address just fine. When I connect it to PFSense and set it to IP6 dhcp I do not get an address. I am not sure how to figure this out so went back to connecting to the LAN interface and using that as a WAN interface for my failover.

        That and not relating to OP I noticed I lost my IPSec and OpenVPN stuff. Fixed the OpenVPN stuff yesterday and confirmed that it is working. Haven't fixed IPSec VPN yet though.

        • Pete

        Auto mater
        23.09.1-RELEASE (amd64)
        built on Mon Dec 11 12:24:00 CST 2023
        FreeBSD 14.0-CURRENT
        PFSense + Qotom - Master
        PFSense + Jetway - Backup
        PFSense + Jetway - Backup
        PFSense + Generic - Backup

        M 1 Reply Last reply Reply Quote 0
        • M Offline
          MarcO42 @pete
          last edited by

          @pete
          To be clear: I reverted my changes in the /etc/inc/interfaces.inc to the code above and didn't use the monitoring funktion from System/Routing/Gateways and after a reconect I can see the the Gateway have now the correct entry. :)

          1 Reply Last reply Reply Quote 0
          • peteP Offline
            pete
            last edited by pete

            @marco42

            Ahhh....thank you Marco.

            So where did you get the IP6 gateway address and where did you install it?

            Do you have the temp files /tmp/em0_routerv6 and /tmp/em0_defaultgwv6 with the IP6 gateway address before you removed the diff changes?

            Today did a new 2.5 build on my PFSense hot spare box. IP6 worked out of the box. Have to test OpenVPN and IPSec VPN on it first.

            Will drop this box in to place after configuring add ons the rebuild the updated machine from scratch.

            Using monitoring function here because primary WAN is cable and secondary WAN is a T-Mobile LTE CPE.

            • Pete

            Auto mater
            23.09.1-RELEASE (amd64)
            built on Mon Dec 11 12:24:00 CST 2023
            FreeBSD 14.0-CURRENT
            PFSense + Qotom - Master
            PFSense + Jetway - Backup
            PFSense + Jetway - Backup
            PFSense + Generic - Backup

            M 1 Reply Last reply Reply Quote 0
            • M Offline
              MarcO42 @pete
              last edited by MarcO42

              @pete
              Hi,
              the IP6 is set like the IP4. After a reconnect its there. (Like magic ;) )
              And yes, I had these files (named on my side with pppoe) before.
              I double checked it right now and I think I found somthing strange.
              I have the old file already in place but please take a look:

              [2.5.0-RELEASE]/root: ls -al /tmp/pppoe_r*
              -rw-r--r--  1 root  wheel  14 Mar  3 03:50 /tmp/pppoe0_router
              -rw-r--r--  1 root  wheel   1 Mar  3 03:50 /tmp/pppoe0_routerV6
              -rw-r--r--  1 root  wheel  26 Mar  3 03:50 /tmp/pppoe0_routerv6
              

              Then I checked my script and I saw that I made a mistake that fixed my issue:

                      $rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_routerV6\n";
              

              I think that in the original script create this file (**_routerv6*) with emptiy content.
              Maybe the function file_put_contents() is afterwards not able to recreate or fill the file with content?

              After I chnaged it to a file named _routerV6 with an upper V another prozess created the correct file.

              So my solution for me is now this:

                      $rtsoldscript .= "# echo $2 > {$g['tmp_path']}/{$wanif}_routerv6\n";
              

              Cheers

              S 1 Reply Last reply Reply Quote 0
              • S Offline
                SteveITS Galactic Empire @MarcO42
                last edited by SteveITS

                @marco42 I figured I'd just check for you as we have one on 21.02 and others on 2.4.5. I found interesting results from "ls -l /tmp/mvneta*" (the interface on SG-2100):

                21.02:
                -rw-r--r-- 1 root wheel 12 Feb 27 00:37 /tmp/mvneta0_defaultgw
                -rw-r--r-- 1 root wheel 1 Feb 27 00:37 /tmp/mvneta0_defaultgwv6
                -rw-r--r-- 1 root wheel 0 Feb 27 00:37 /tmp/mvneta0_dhcp6_complete
                -rw-r--r-- 1 root wheel 0 Feb 27 00:37 /tmp/mvneta0_error_output
                -rw-r--r-- 1 root wheel 244 Feb 27 00:37 /tmp/mvneta0_output
                -rw-r--r-- 1 root wheel 13 Feb 27 00:37 /tmp/mvneta0_router
                -rw-r--r-- 1 root wheel 1 Feb 27 00:37 /tmp/mvneta0_routerv6

                2.4.5p1:
                -rw-r--r-- 1 root wheel 9 Feb 19 00:22 /tmp/mvneta0_defaultgw
                -rw-r--r-- 1 root wheel 26 Feb 15 15:28 /tmp/mvneta0_defaultgwv6
                -rw-r--r-- 1 root wheel 0 Feb 19 00:24 /tmp/mvneta0_error_output
                -rw-r--r-- 1 root wheel 577 Feb 19 00:25 /tmp/mvneta0_output
                -rw-r--r-- 1 root wheel 10 Feb 19 00:25 /tmp/mvneta0_router

                On BOTH, Status/Gateways shows "WAN_DHCP6 (default)" as Pending and IPv6 is working. So perhaps the Pending status is not new in 2.5? Note 2.4.5 does not have "mvneta0_routerv6" either.

                Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
                Upvote 👍 helpful posts!

                M 1 Reply Last reply Reply Quote 0
                • M Offline
                  MarcO42 @SteveITS
                  last edited by MarcO42

                  @teamits said in IPv6 No Gateway after 2.5 upgrade:

                  21.02:
                  -rw-r--r-- 1 root wheel 1 Feb 27 00:37 /tmp/mvneta0_routerv6

                  Hi Steve,
                  your file have a size of 1 Bytes. It looks like that this is the same issue like my. Are you able to edit /etc/inc/interfaces.inc and change line 5145 like I did to validate if my fix works?
                  Cheers

                  peteP S C 3 Replies Last reply Reply Quote 0
                  • peteP Offline
                    pete @MarcO42
                    last edited by

                    @marco42

                    Thank you @marco42.

                    Here made the mistake of removing all IP6 related temp files and GUID file to start from scratch on the IP6 configuration file.

                    Then reconfigured IP6 on the WAN / LAN pieces. Doing this and nothing else showed IP6 pending and working IP6 internet and empty temp files. Edited the temp files to show the local IP6 gateway and all appears fine. Later on edited the diff file with the IP6 local gateway address and that is what is showing in the gateway dashboard section.

                    Today bringing up test hot swap box with new V2.5 on it to see what happens and if IP6 works.

                    • Pete

                    Auto mater
                    23.09.1-RELEASE (amd64)
                    built on Mon Dec 11 12:24:00 CST 2023
                    FreeBSD 14.0-CURRENT
                    PFSense + Qotom - Master
                    PFSense + Jetway - Backup
                    PFSense + Jetway - Backup
                    PFSense + Generic - Backup

                    1 Reply Last reply Reply Quote 1
                    • S Offline
                      SteveITS Galactic Empire @MarcO42
                      last edited by

                      @marco42 I noticed that. But IPv6 is working for both these routers...can ping from the router or PCs behind it. The router has a default route for IPv6 in Diagnostics/Routes, just no gateway shown in Status/Interfaces. These are two locations and two ISPs (AT&T and Comcast).

                      Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                      When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
                      Upvote 👍 helpful posts!

                      1 Reply Last reply Reply Quote 1
                      • C Offline
                        chicaneau @MarcO42
                        last edited by

                        @marco42 Hey I'm new to this bug, but I thought i could provide some input

                        I have attempted your fix on lines 5145 and 5146 with no success. It is not creating the v6 files in /tmp but it does seem to update the script @ /var/etc/rtsold_em0_script.sh

                        If i manually create those 2 files em0_routerv6 and em0_defaultgwv6 then the gateway shows in the front-end on both the dashboard and the gateway status screen. instead of 'dynamic' and '~' respectively. This however doesnt seem to apply to the firewall rules or whatever else is wrong, i assume something has to restart... i did 'reapply filters' on the firewall but this didnt help. I also 'saved' my WAN interface and this didnt help either. In fact it deleted the 2 em0_* files.

                        My RA setting is on unmanaged and i have dhcpv6 disabled. This is how I had it setup on 2.4.5 where it worked perfectly. My clients are not receiving an ipv6 address.

                        I also noticed that on a cold boot that my WAN/LAN interfaces have no ipv6 address at all. They only receive an address after i either save the WAN interface screen or release/renew the WAN address in interface status.

                        Im happy to try any suggestions, cheers

                        G C 2 Replies Last reply Reply Quote 0
                        • G Offline
                          g.shaffer @chicaneau
                          last edited by

                          @chicaneau

                          If your WAN is not set to DHCP6, what is it set to (e.g. Static)?
                          My WAN interface is set to DHCP6 with "Use IPv4 connectivity...", "Send IPv6 prefix hint", "Debug" and "Do not allowPD/Address..." checked. "Do not wait for a RA" is not checked.

                          C 1 Reply Last reply Reply Quote 0
                          • C Offline
                            chicaneau @g.shaffer
                            last edited by

                            @g-shaffer Ahh sorry, i should have been clear. My WAN type is DHCP6. My LAN DCHP6 server is turned off. under Services -> DHCPv6 Server & RA -> DHCPv6 Server.

                            Under WAN i have.

                            config type = "DHCP6", Send IPv6 prefix hint = ticked, Do not wait for a RA= ticked, Do not allow PD/Address release = unticked.

                            Under Router Advertisements i have Router mode = "unmanaged" and everything else blank/default

                            These are the exact settings i have on 2.4.5 which worked perfectly from cold boot with no issues.

                            1 Reply Last reply Reply Quote 0
                            • C Offline
                              chicaneau @chicaneau
                              last edited by chicaneau

                              @chicaneau EDIT: it appears the script started working after i unset the ipv6 type in the WAN config and set it to DHCP6 again. I also only set my DHCPv6 Prefix Delegation size to 56 (as per isp recommendation) and left all else unticked in the ipv6 settings.

                              I still have no ipv6 connectivity from any windows devices. ping6 in the pfsense shell is working for external addresses

                              the ipv6 gateway now shows online and shows the gateway ipv6 address instead of "~"

                              peteP 1 Reply Last reply Reply Quote 0
                              • peteP Offline
                                pete @chicaneau
                                last edited by pete

                                I still have no ipv6 connectivity from any windows devices. ping6 in the pfsense shell is working for external addresses

                                Initially iPFSense shell was the only way to ping6 IP6 addresses. Not my LAN devices. Then I set RA to the following and it worked.

                                Try setting:

                                Services / DHCPv6 Server & RA / LAN / Router Advertisements

                                Stateless DHCP
                                Will advertise this router with stateless autoconfig and other configuration information available via DHCPv6.

                                I did this and see IP6 addresses from any LAN connected device and pass all IP6 testing from laptop / desktop. Here is an Ubuntu terminal window.

                                root@ICS-IBM-T540P-0:/home/pete# ping6 2001:4860:4860::8888
                                PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes
                                64 bytes from 2001:4860:4860::8888: icmp_seq=1 ttl=113 time=13.7 ms
                                64 bytes from 2001:4860:4860::8888: icmp_seq=2 ttl=113 time=14.7 ms
                                64 bytes from 2001:4860:4860::8888: icmp_seq=3 ttl=113 time=14.5 ms
                                64 bytes from 2001:4860:4860::8888: icmp_seq=4 ttl=113 time=11.5 ms
                                64 bytes from 2001:4860:4860::8888: icmp_seq=5 ttl=113 time=11.6 ms
                                

                                For Windows 10 it use ping or ping -6 in command prompt or power shell.

                                Windows10.jpg

                                • Pete

                                Auto mater
                                23.09.1-RELEASE (amd64)
                                built on Mon Dec 11 12:24:00 CST 2023
                                FreeBSD 14.0-CURRENT
                                PFSense + Qotom - Master
                                PFSense + Jetway - Backup
                                PFSense + Jetway - Backup
                                PFSense + Generic - Backup

                                C 1 Reply Last reply Reply Quote 1
                                • M Offline
                                  mloiterman
                                  last edited by

                                  This is incredibly frustrating.

                                  I have changed and tried nearly every ipv6 setting in my 2.5 install and I cannot get it to route ipv6 at all.

                                  I have reinstalled 2.5 and migrated configuration and it just continues to give this error:

                                  There were error(s) loading the rules: /tmp/rules.debug:315: no routing address with matching address family found. - The line in question reads [315]: pass in quick on $LAN1_PRIMARY $GWDefault_Gateway_Group_ipv6 inet6 from xxx:xxx:xxx:xxx::/64 to any tracker 1436634070 keep state label "USER_RULE: LAN1 -> any Default IPv6"
                                  

                                  2.4.5 worked perfectly with this config.

                                  G MikeV7896M 2 Replies Last reply Reply Quote 0
                                  • G Offline
                                    g.shaffer @mloiterman
                                    last edited by g.shaffer

                                    @mloiterman
                                    I've noticed some issues with the IPv6 routing tables, it doesn't look like routes are getting setup when you enable IPv6 on an interface. After setting up an interface, DHCPv6 and RA for the interface (VLAN), I've rebooted by FW and IPv6 routing starts working for clients on the VLAN. I've also had issues setting up interfaces as "Track Interface" and gone to Static IPv6 address allocations on my local network interfaces.

                                    1 Reply Last reply Reply Quote 0
                                    • C Offline
                                      chicaneau @pete
                                      last edited by

                                      @pete This kind of works... I now have 2 IPv6 addresses and a temporary ipv6 address on my win10 device. But it still feels like the routing is broken. All pings fail, attempting to load any ipv6 site in the browser just falls back to ipv4

                                      https://ipv6-test.com/ completely fails.
                                      It really feels like a firewall or routing issue. I'm at a loss, cant believe how broken this is.

                                      G peteP 2 Replies Last reply Reply Quote 0
                                      • G Offline
                                        g.shaffer @chicaneau
                                        last edited by g.shaffer

                                        @chicaneau

                                        Given how this issue cascades throughout the system - it breaks the gateway, routing, firewall rules, etc. I amazed that netgate doesn't appear to be looking at this. IPv6 was rock solid in 2.4.5-p1, seems to have been broken in 2.5.0!

                                        1 Reply Last reply Reply Quote 1
                                        • peteP Offline
                                          pete @chicaneau
                                          last edited by

                                          @chicaneau

                                          Try this:

                                          1 - remove all of the IP6 related stuff on your WAN / LAN links.
                                          2 - TFTP to the /tmp directory and remove all related IP6 entries.
                                          3 - reboot PFSense and your modem
                                          4 - re-enable IP6 on WAN / LAN interfaces.

                                          See if that works.

                                          • Pete

                                          Auto mater
                                          23.09.1-RELEASE (amd64)
                                          built on Mon Dec 11 12:24:00 CST 2023
                                          FreeBSD 14.0-CURRENT
                                          PFSense + Qotom - Master
                                          PFSense + Jetway - Backup
                                          PFSense + Jetway - Backup
                                          PFSense + Generic - Backup

                                          C 1 Reply Last reply Reply Quote 0
                                          • C Offline
                                            chicaneau @pete
                                            last edited by

                                            @pete tried this. No difference. I’m on the cusp of giving up on this. Might need someone much smarter than me to resolve the underlying routing issues

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.