IPv6 broken beyond pfSense after 2.5 upgrade

tomahhunt

I felt for sure this was the problem I was having.
But I have struggled in a seemingly identical way.

I am on 2.5.0 (also now running the 2.5.1-RC but seems the same)
I tried disabling the gateway monitor as noted above.

I have PPPoE WAN which requests a 48 prefix from my ISP. (Giganet in the UK)
Tried other prefix sizes and various option on the WAN side i.e. prefix hints only request prefix etc.

My Wan has a proper IPv4 and IPv6 IP.
I can always ping ipv6.google.com from the router ping page.

However My LAN which is set to track interface WAN never gets an IPv6 IP assigned to it.

Consequently I can never get any ipv6 assignements to my LAN.

Any debug hints?

Cheers,

Tom

vc6SfV8

Hello,

I attempted to upgrade to 2.5.1 last night but I believe that I encountered the problem above. I couldn't get IPv6 addresses or routing on any of my WAN connections. I tried troubleshooting for several hours but had to give up and rollback to 2.4.5_1.

From the messages above and in the bug tracker, it seems like this might be fixed but in a version that isn't released yet. Is that accurate? (I've been reading from https://redmine.pfsense.org/issues/11454 and they mention installing 2.5.1 plus a patch..) Is there any way to know when this should be published and I could re-attempt upgrading?

Thanks,
Ryan

JrBenito

@vc6sfv8

I am running version 2.5.2-RELEASE and my situation is the same. Here goes some details:

• Enable IPv6 w/ DHCPv6 on WAN (IA_PD only and prefix /56 as ISP instructions)
• dhcp.log file shows PD being received but no address or further delegations to the tracking interfaces
• WAN does not assign IPv6 for itself
• Gateway shows the fe80:: link local address as gateway.

In this scenario, if I manually set an IP to WAN interface (ifconfig igb0 inet6 <ipv6>), the link local (fe80::) disappears (odd) but I get IPv6 connectivity. However, all tracking interfaces are not assigned. Also, if I manually add an IP to them, it seems to work but interface become unresponsive.

JKnott

@jrbenito said in IPv6 broken beyond pfSense after 2.5 upgrade:

WAN does not assign IPv6 for itself

Do you have Request only an IPv6 prefix on the WAN page select? Regardless, a WAN address other than link local is not needed.

Gateway shows the fe80:: link local address as gateway

Entirely normal. Link local addresses are often used for routing. You'll see the same thing on the LAN side.

JrBenito

@jknott

Thanks for clarification.

A couple of hours into debugging and I was able to have it partially working. IPv6 is working as expect. The problem is being caused by LAN side VLANs. I have no idea why, but when any of the VLANs (I have 4) is marked to track interface WAN, it starts flapping.

If I keep doing reload the interface page or issuing ifconfig in a ssh session, I can see the interfac as active (with IPv4 and IPv6) and a split of second later as no carrier. Looking to the physical port at the router, LEDs goes off, come back on for about 2 or 3 seconds, goes off again. Because this flapping behavior, it seems that there is no connection (and there is no connection on that port, however on another port I can see everything ok).

My VLANs are set all together on interface igb3, hence I have igb3.20, igb3.30, igb3.40, igb3.199. No matter if I set all to track IPv6 from WAN or only one, once one is set to track, all of them goes to no carrier state (because the issue is probably on igb3 itself). I have no clue where to look for more information on this.

Ah, and yes, IPv6 on wan is set to send IA_PD only and now I understood that way wouter won't have an /64 for itself. IPv6 on WAN was not the problem, but the IPv6 on LAN. At least now I know it.

BRs,
José

JKnott

@jrbenito

Check the IPv6 Prefix ID. It must be unique for each interface or VLAN. I get a /56 prefix from my ISP, so I can choose anything in the range 0-ff.

JrBenito

@jknott said in IPv6 broken beyond pfSense after 2.5 upgrade:

Check the IPv6 Prefix ID. It must be unique for each interface or VLAN. I get a /56 prefix from my ISP, so I can choose anything in the range 0-ff.

It is same here, I receive a /56 prefix from my ISP. The IPv6 Prefix ID is good call and I checked it, no luck. The flapping starts with even only on VLAN using the IPv6 and, btw, it happens if I set IPv6 manually (static) anyway. I need to dig deeper into it. I will need a length ethernet cable to wire my computer to the spare port of the router so I have connection even when ports start flapping. Otherwise I have to walk down the comm closet with laptop on hand to reset config and have internet/connection back to the main computer.

JrBenito

@JKnott

Just for documentation purposes, what is happening on my end is:

-> when set any vlan interface to track WAN, all vlan interfaces on the same physical ethernet start to flapping.

-> longing into the router through ssh (another ethernet) and verifying /var/etc/dhcp6c_wan.conf shows that configuration was not written to there (even after applying it)

I guess that at this point, pfsense is trying to track wan interface without proper configuration on DHCP and it causes the flapping.

-> I reboot gracefully through ssh session and after it, DHCP config was properly written and IPv6 working on VLAN.

If I don't have the spare ethernet port to connect and control I would have lost a way to gracefully reboot, I don't know if a hardreset would have same effect. Anyway, I now have it working.

Thanks for your insights.

Cheers

mrjackson

@mrsunfire I'm running 2.5.2 and this is still an issue. Disable the 2nd wan and ipv6 just works.

mrjackson

@mrsunfire I just upgraded to 2.6 and this is STILL an issue....