Updated to 2.5 everything went smooth except for WAN IPv6 status being stuck on "Unknown" and "Pending" - Have Comcast, despite multiple Cable Modem restarts, and PFSense restarts

Spacey

I've experienced this issue before when first setting up my PFSense but it eventually was able to get a WAN DHCPv6 IP after restarting my Cable modem but the issue has resurfaced- now I didn't change any settings as far as my LAN IPv6 which is set to Tracked from WAN, I have IPv6 DHCP LAN enabled with Assisted Router advertisements- my DNS is set to PiHole in IPv6 and by all accounts, the (LAN) side of IPv6 is working but the WAN side is not- I have Comcast and here are my current settings in screenshots-

I will also note I use PFBlockerng, neither of these should come into play as this is strictly limited to the WAN DHCP IPv6 not getting an IP, I do have a side question regarding the IPv6 DUID and the differences between Raw / DUID-LLT, DUID-EN, DUID-LL (Link Layer which I think maybe easier to set static IPv6 addresses with this setting by strictly it's IPv6 address (not sure), I've always had a problem with this (PiHole) again this is totally a side question-

My WAN Interface IPv6 Settings (again I would love for someone with Comcast to chime in and help me verify these are correct)

https://imgur.com/a/iPS9MNq
My Interface Status in PFSense: (I'm not sure if relinquish lease would do anything here, also would love someone to chime in on what that does)

https://imgur.com/a/DF7ost1
My LAN DHCPv6 Settings and Router Advertisement Settings:

https://imgur.com/a/CHyNWfv
And then my IPv6 Options here which as mentioned are set to Raw DUID Currently, but wondering about DUID-LL if someone can answer that and the differences between if it's easier to assign static variations of those

https://imgur.com/a/IFuPfXi
Also in that screenshot- worth mentioning if either of the 3 unchecked boxes should be checked for Comcast,

Thanks for any help in advance!

Traveller

@spacey I had this same problem getting things stable with Comcast on 2.4.5p1

I found that Saving/Applying the WAN configuration (no changes needed) was enough to kick IPv6 into action.

I'm holding off on this upgrade until the dust settles.

MikeV7896

There's a bug in 2.5.0 that has been found that requires a monitoring address to be manually added in the System > Routing settings for the IPv6 gateway. The gateway will show as "Pending" until a monitoring address is manually set. For whatever reason, 2.5.0 is not automatically getting the gateway address and monitoring it. Try adding a monitoring address (you can make it anything valid/reachable for the purpose of testing) and see if that fixes things for you.

If you want to add the exact gateway address as the monitor address, go to Diagnostics > Routes and copy the default gateway from the IPv6 table. Just know that this could change if your ISP does maintenance before the bug is fixed.

Hopefully that helps...

provels

@virgiliomi
Worked for me. Now passes on all IPv6 test sites I tried.

mircolino

@spacey said in Updated to 2.5 everything went smooth except for WAN IPv6 status being stuck on "Unknown" and "Pending" - Have Comcast, despite multiple Cable Modem restarts, and PFSense restarts:

I do have a side question regarding the IPv6 DUID and the differences between Raw / DUID-LLT, DUID-EN, DUID-LL (Link Layer which I think maybe easier to set static IPv6 addresses with this setting by strictly it's IPv6 address (not sure), I've always had a problem with this (PiHole) again this is totally a side question-

I too have Comcast and selected DUID-UUID which I then generated using this site.

In this way it gets saved to the configuration file and, no matter the version or the hardware, Comcast is always giving me the same IPv6 60 bit prefix delegation. It's almost like having a static IPv6 address (it hasn't changed in almost 2 years I've enabled IPv6).

BTW, after updating to 2.5.0 I've had the exact same problem:

https://forum.netgate.com/topic/161153

As @virgiliomi suggested, forcing a monitoring address seems to fix the issue.

Segfault 0

@virgiliomi is there a link to a bug report?

provels

FWIW, I understand as much about IPv6 as I do about knitting Bernie Sanders' mittens,,,, but when I shell to my FW I see a /128 on my Comcast WAN. This is after adding a monitor address.

MikeV7896

@segfault-0 https://redmine.pfsense.org/issues/11454

MikeV7896

@provels For Comcast, that would be correct. They provide a single (/128) address for WAN, as well as a prefix that can be used for one or more LANs, depending on what prefix size is being requested in your WAN settings.

JKnott

@provels said in Updated to 2.5 everything went smooth except for WAN IPv6 status being stuck on "Unknown" and "Pending" - Have Comcast, despite multiple Cable Modem restarts, and PFSense restarts:

but when I shell to my FW I see a /128 on my Comcast WAN. This is after adding a monitor address.

A /128 on the WAN address is entirely normal, as it's not used for routing. It's just an address that can be used as a target for VPNs etc.. Often the link local address is used for routing.

provels

@jknott
Thanks. And whatever you do, never ask me to tell you how many hosts are in a sub/supernet in IPv4, either! 20 years in the business and I could never catch on...

JKnott

@provels

It's easy on both IPv4 and IPv6. It's 2^n - x, where n is how many host bits on the subnet. With a /24 (32 -24), n = 8. On IPv4, x = 2 and on IPv6, 1. The reason for the difference is there's no such thing as a broadcast address on IPv6.

So, on an IPv6 network, with the usual /64 prefix, you could have 18.4 billion, billion - 1 hosts!

dstacey147

@virgiliomi said in Updated to 2.5 everything went smooth except for WAN IPv6 status being stuck on "Unknown" and "Pending" - Have Comcast, despite multiple Cable Modem restarts, and PFSense restarts:

There's a bug in 2.5.0 that has been found that requires a monitoring address to be manually added in the System > Routing settings for the IPv6 gateway. The gateway will show as "Pending" until a monitoring address is manually set. For whatever reason, 2.5.0 is not automatically getting the gateway address and monitoring it. Try adding a monitoring address (you can make it anything valid/reachable for the purpose of testing) and see if that fixes things for you.

If you want to add the exact gateway address as the monitor address, go to Diagnostics > Routes and copy the default gateway from the IPv6 table. Just know that this could change if your ISP does maintenance before the bug is fixed.

Hopefully that helps...

This worked for me, thanks!