IPv6 No Gateway after 2.5 upgrade
-
Thank you @marco42.
Here made the mistake of removing all IP6 related temp files and GUID file to start from scratch on the IP6 configuration file.
Then reconfigured IP6 on the WAN / LAN pieces. Doing this and nothing else showed IP6 pending and working IP6 internet and empty temp files. Edited the temp files to show the local IP6 gateway and all appears fine. Later on edited the diff file with the IP6 local gateway address and that is what is showing in the gateway dashboard section.
Today bringing up test hot swap box with new V2.5 on it to see what happens and if IP6 works.
-
@marco42 I noticed that. But IPv6 is working for both these routers...can ping from the router or PCs behind it. The router has a default route for IPv6 in Diagnostics/Routes, just no gateway shown in Status/Interfaces. These are two locations and two ISPs (AT&T and Comcast).
-
@marco42 Hey I'm new to this bug, but I thought i could provide some input
I have attempted your fix on lines 5145 and 5146 with no success. It is not creating the v6 files in /tmp but it does seem to update the script @ /var/etc/rtsold_em0_script.sh
If i manually create those 2 files em0_routerv6 and em0_defaultgwv6 then the gateway shows in the front-end on both the dashboard and the gateway status screen. instead of 'dynamic' and '~' respectively. This however doesnt seem to apply to the firewall rules or whatever else is wrong, i assume something has to restart... i did 'reapply filters' on the firewall but this didnt help. I also 'saved' my WAN interface and this didnt help either. In fact it deleted the 2 em0_* files.
My RA setting is on unmanaged and i have dhcpv6 disabled. This is how I had it setup on 2.4.5 where it worked perfectly. My clients are not receiving an ipv6 address.
I also noticed that on a cold boot that my WAN/LAN interfaces have no ipv6 address at all. They only receive an address after i either save the WAN interface screen or release/renew the WAN address in interface status.
Im happy to try any suggestions, cheers
-
If your WAN is not set to DHCP6, what is it set to (e.g. Static)?
My WAN interface is set to DHCP6 with "Use IPv4 connectivity...", "Send IPv6 prefix hint", "Debug" and "Do not allowPD/Address..." checked. "Do not wait for a RA" is not checked. -
@g-shaffer Ahh sorry, i should have been clear. My WAN type is DHCP6. My LAN DCHP6 server is turned off. under Services -> DHCPv6 Server & RA -> DHCPv6 Server.
Under WAN i have.
config type = "DHCP6", Send IPv6 prefix hint = ticked, Do not wait for a RA= ticked, Do not allow PD/Address release = unticked.
Under Router Advertisements i have Router mode = "unmanaged" and everything else blank/default
These are the exact settings i have on 2.4.5 which worked perfectly from cold boot with no issues.
-
@chicaneau EDIT: it appears the script started working after i unset the ipv6 type in the WAN config and set it to DHCP6 again. I also only set my DHCPv6 Prefix Delegation size to 56 (as per isp recommendation) and left all else unticked in the ipv6 settings.
I still have no ipv6 connectivity from any windows devices. ping6 in the pfsense shell is working for external addresses
the ipv6 gateway now shows online and shows the gateway ipv6 address instead of "~"
-
I still have no ipv6 connectivity from any windows devices. ping6 in the pfsense shell is working for external addresses
Initially iPFSense shell was the only way to ping6 IP6 addresses. Not my LAN devices. Then I set RA to the following and it worked.
Try setting:
Services / DHCPv6 Server & RA / LAN / Router Advertisements
Stateless DHCP
Will advertise this router with stateless autoconfig and other configuration information available via DHCPv6.I did this and see IP6 addresses from any LAN connected device and pass all IP6 testing from laptop / desktop. Here is an Ubuntu terminal window.
root@ICS-IBM-T540P-0:/home/pete# ping6 2001:4860:4860::8888 PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes 64 bytes from 2001:4860:4860::8888: icmp_seq=1 ttl=113 time=13.7 ms 64 bytes from 2001:4860:4860::8888: icmp_seq=2 ttl=113 time=14.7 ms 64 bytes from 2001:4860:4860::8888: icmp_seq=3 ttl=113 time=14.5 ms 64 bytes from 2001:4860:4860::8888: icmp_seq=4 ttl=113 time=11.5 ms 64 bytes from 2001:4860:4860::8888: icmp_seq=5 ttl=113 time=11.6 ms
For Windows 10 it use ping or ping -6 in command prompt or power shell.
-
This is incredibly frustrating.
I have changed and tried nearly every ipv6 setting in my 2.5 install and I cannot get it to route ipv6 at all.
I have reinstalled 2.5 and migrated configuration and it just continues to give this error:
There were error(s) loading the rules: /tmp/rules.debug:315: no routing address with matching address family found. - The line in question reads [315]: pass in quick on $LAN1_PRIMARY $GWDefault_Gateway_Group_ipv6 inet6 from xxx:xxx:xxx:xxx::/64 to any tracker 1436634070 keep state label "USER_RULE: LAN1 -> any Default IPv6"
2.4.5 worked perfectly with this config.
-
@mloiterman
I've noticed some issues with the IPv6 routing tables, it doesn't look like routes are getting setup when you enable IPv6 on an interface. After setting up an interface, DHCPv6 and RA for the interface (VLAN), I've rebooted by FW and IPv6 routing starts working for clients on the VLAN. I've also had issues setting up interfaces as "Track Interface" and gone to Static IPv6 address allocations on my local network interfaces. -
@pete This kind of works... I now have 2 IPv6 addresses and a temporary ipv6 address on my win10 device. But it still feels like the routing is broken. All pings fail, attempting to load any ipv6 site in the browser just falls back to ipv4
https://ipv6-test.com/ completely fails.
It really feels like a firewall or routing issue. I'm at a loss, cant believe how broken this is. -
Given how this issue cascades throughout the system - it breaks the gateway, routing, firewall rules, etc. I amazed that netgate doesn't appear to be looking at this. IPv6 was rock solid in 2.4.5-p1, seems to have been broken in 2.5.0!
-
Try this:
1 - remove all of the IP6 related stuff on your WAN / LAN links.
2 - TFTP to the /tmp directory and remove all related IP6 entries.
3 - reboot PFSense and your modem
4 - re-enable IP6 on WAN / LAN interfaces.See if that works.
-
@pete tried this. No difference. I’m on the cusp of giving up on this. Might need someone much smarter than me to resolve the underlying routing issues
-
I'm seeing similar behavior on SG-3100 21.02_1. Speculum (NYC)
I have to manually specify a monitoring IPv6 address (or disable monitoring and assume it's up).
-
@mloiterman If you're routing with rules, that's another effect of this gateway issue. If the gateway doesn't populate, there's no gateway to be selected in the rules. Some have found a way around by manually creating files or manually editing scripts, but there's been no progress on a formal fix for this bug that I'm aware of.
-
@virgiliomi its so strange, everything seems fine for me, all the right values are in the right fields in the UI. in the routing table i have a route to my isp gateway FE80 address and i can ping out to anything from the router itself. it just seems something is blocking my devices from seeing anything. Either firewall or routing... but i dont really know how to be sure which.
I've tried adding firewall rules for allow all on lan ipv6 etc to see if i can get some traffic moving, but nothing happens.
I've just noticed my LAN adapter has no link local address..... perhaps this is part of the non-communication issue?
-
@chicaneau OMG! i fixed it!!!
So... let me start with a confession. I do have 2 of my LAN ports in a bridge. Which has never ever been a problem before and I figured it was just acting as a regular interface! BUT!!! i found that under the bridge config, there is a tickbox (not sure if its new) called "Enable IPv6 auto linklocal" once i enabled this and "saved, apply changes" on my WAN interface boom. its all working.
To summarise. all i've done is
-
the 2 line change to /etc/var/interfaces.inc
-
ticked this ipv6 auto linklocal setting.
I have not added an ipv6 monitoring address at all, it is automatically using the gateway i hardcoded in the interfaces.inc file
To clarify existing config, i am running DHCP6 server = off and RA = unmanaged,
wan type = dhcp6 and ra hint =off and do not wait for ra = offThanks everyone on this forum for their input and support. I hope my find can help another lost soul. Cheers
-
-
So I spent a huge amount of time on this yesterday and was finally able to get it to route, but it's not entirely clear what fixed it and I still believe that it's broken.
Anyway, I was able to get it to route IPV6 by resaving the gateway I use for IPV6. That kicked it over and it started working.
BUT
I was also able to get it started by resaving the various WAN and LAN interfaces as well as resaving the DHCP6 Server page, as well as changing the Router Advertisements from Stateless to Unmanged and then back to my original setting of Assisted.
A few caveats:
- A reboot will cause it to not pull the route again. So then I have to go into all of those settings pages and resave and cross my fingers that something causes it to kick over.
- Even when it starts routing correctly, the monitor issue still persists. But, I have worked around that by manually entering the link-local address. But, the gateway in the widget is still listed as "~" even though it says that it's online.
I also tried recreating my ipv6 gateways and gateway groups, but nothing would cause that widget to work automatically. Another point, in my situation, I have made NO changes to the /etc/var/interfaces.inc files which probably explains why this still doesn't work.
For me, as @virgiliomi says, I'm routing with rules, so I don't know if this is really applicable to everyone else.
-
so thanks to this thread I was able to successfully edit the /etc/inc/interfaces.inc file as described and everything works, but I made a slight change so that it grabs the default gateway from the routing table automatically rather than having to hardcode it into the interfaces.inc file. I did the following:
$my_gw = shell_exec("/usr/bin/netstat -rn6 | grep ^default | awk '{print $2}' | sed 's/%.*//g' | tr -d '\n'"); //$rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_defaultgwv6\n"; $rtsoldscript .= "echo $my_gw > {$g['tmp_path']}/{$wanif}_routerv6\n"; //$rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_defaultgwv6\n"; $rtsoldscript .= "echo $my_gw > {$g['tmp_path']}/{$wanif}_defaultgwv6\n";
This is working for me and I'm happier with this in case I have to replace my cable modem or something and my ipv6 info changes. Just my 2 cents, hopefully someone finds this useful.
-
Oops, and just to update my own post here - my default gateway as reported by netstat was fe80::X:X:X:X%igb0. I was intentionally stripping off the interface specification from the default gateway, but this caused the route not to be detected as the default gateway on the system routing page or by dpinger (globe icon was missing). Leaving the interface appended to the ipv6 address seems to work better. So I now have this instead:
$my_gw = shell_exec("/usr/bin/netstat -rn6 | grep ^default | awk '{print $2}' | tr -d '\n'"); //$rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_defaultgwv6\n"; $rtsoldscript .= "echo $my_gw > {$g['tmp_path']}/{$wanif}_routerv6\n"; //$rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_defaultgwv6\n"; $rtsoldscript .= "echo $my_gw > {$g['tmp_path']}/{$wanif}_defaultgwv6\n";
Everything now seems fully functional
@mintypickle said in IPv6 No Gateway after 2.5 upgrade:
so thanks to this thread I was able to successfully edit the /etc/inc/interfaces.inc file as described and everything works, but I made a slight change so that it grabs the default gateway from the routing table automatically rather than having to hardcode it into the interfaces.inc file. I did the following:
$my_gw = shell_exec("/usr/bin/netstat -rn6 | grep ^default | awk '{print $2}' | sed 's/%.*//g' | tr -d '\n'"); //$rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_defaultgwv6\n"; $rtsoldscript .= "echo $my_gw > {$g['tmp_path']}/{$wanif}_routerv6\n"; //$rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_defaultgwv6\n"; $rtsoldscript .= "echo $my_gw > {$g['tmp_path']}/{$wanif}_defaultgwv6\n";
This is working for me and I'm happier with this in case I have to replace my cable modem or something and my ipv6 info changes. Just my 2 cents, hopefully someone finds this useful.