Wireless clients lose ipv6 gateway
-
Last week I returned to pfsense after a few years using my ISPs router, and more recently a Unifi USG.
I did a fresh install of v2.5.1 but cannot get my wireless clients (Android and iOS) to retain ipv6 gateway information.
My ISP hands out a /56 via DHCPv6 and I can delegate /64s to my LAN and VLANs no problem (via track interface).
My wired clients (e.g. linux server) pick up an ipv6 address and DNS and retain it no problem.
However my wireless clients initially get an ipv6 gateway but after 10-60 mins lose the gateway info and hence their ability to connect over ipv6. ipv4 is working fine (pppoe).
I've tried with and without gateway monitoring, with and without DHCPv6 on the LAN/VLANs and various different modes of RA including unmanaged, managed, assisted and stateless DHCP. All give me the same result.
Another curious thing, my wife's Android phone (Nokia 6.1) running Android 10 receives the specified ipv6 DNS server info (2x NextDNS addresses) but my Android phone (Nokia 8.1) running Android 11 does not. Both our ipads receive the ipv6 DNS addresses. All of them lose the ipv6 gateway after anything from 10-60 mins.
My ISP router (BT SmartHub 2) and Unifi USG both had no ipv6 gateway issues.
Is something broken in 2.5.1?
When a new wireless connection is first made, I get 10/10 on test-ipv6.com and 19/20 on ipv6-test.com so my ipv6 connection is working, but only for a very brief period of time.
-
Does IPv4 still work? IPv6 devices get the DNS address via RDNSS, which is part of the router advertisements. The lifetime on mine is 60 seconds and the RAs happen frequently enough that it doesn't time out. However, DNS is also provided by IPv4 DHCP, which should have a (default) 2 hour lease. If you use a notebook computer, do you get the same thing with both WiFi and Ethernet connections? WiFi is effectively a bridge between the LAN and device, so the device should behave the same way with either connection.
-
@jknott ipv4 isn't a problem just ipv6 and then only for wireless clients. My Linux server is wired and is unaffected.
Yesterday I turned on gateway monitoring for both ipv4 and ipv6 gateways to see if that had an impact (it didn't) and this morning I turned it off again and so far today my android phone has retained it's ipv6 gateway. Bizare!
I have dhcp6 on and RA set to assisted - I haven't touched those today.
My RA router default is also at 60 sec which is the default value.
-
@sarkyscouser said in Wireless clients lose ipv6 gateway:
I have dhcp6 on and RA set to assisted
I use SLAAC, so no DHCPv6 server.
-
@jknott I tried all the permutations of DHCP6 and RA modes and none worked until I cycled gateway monitoring.
I could probably turn off DHCP6 now and go to umanaged RA mode but as it's working I am not touching it!
-
I have observed this, too and no combination of gateway monitoring, Unifi Multicast setting, DHCPv6 on or off made any difference. It appears to be an Android implementation issue where the device will go to power save mode and not refresh RA.
Some references: 1
Looking at pfSense Router Advertisements section I see 3 areas of interest:
Minimum RA interval (defaults to 5s)
Maximum RA interval (defaults to 20s)
Router lifetime (defaults to 3 x max, so max 60s)My hypothesis is that many (most?) Android firmware builds will not receive these multicast announcements when you put the device down.
To power down the radio and save battery.
With pfSense default settings my understanding of it is that this means if the device is not in the loop for more than 60 seconds the RA will expire and the device will assume there is no IPv6 router on the network. Why on earth it doesn't come back once you pick up the device and unlock its screen is a mystery to me but it seems to quite a number of people, regardless of Unifi or pfSense being in the equation.
To test this hypothesis I will try two things:
-
Use developer mode on an effected Android device to prevent sleep and see what happens.
-
Set "Router Lifetime" to a high number. Higher than 12h. Let's say the user had a party got drunk, slept 10 hours. I want the device to still know there is IPv6 when they wake up after not being touched for 12 hours.
Not sure the side effects of a super high Router Lifetime. I think if there is only one IPv6 router on the network and no HA setup involved it won't hurt. Perhaps anyone can chime in on that. There must be a reason why the pfSense defaults are rather low. Most Samsung Android devices will not check into WiFi every 60s when they are idle with screen off.
TL;DR: I suspect the solution may be here somehow:
-
-
Akismet won't let me edit so I need to reply to myself here:
What makes me want to look at "Router Lifetime":
TIL that pfSense UI will not let me set 12 hours. I can set a max of 9000 seconds (2.5 h). I will go ahead and test with that. As long as rhe device checks in with the network and gets a new RA broadcast in that time frame things should work.
-
@mfld I understand your line of thinking but I managed to get my android phone (Nokia 8.1 running Android 11) to hold it's ipv6 connection info for 24 hours yesterday by unsetting gateway monitoring.
This morning I decided to disable dhcp6 and set RA to unmanaged mode to see what happened and within 10 min my phone dropped the dhcp6 gateway and didn't re-establish it.
So I'm going back to dhcp6 on and assisted mode and if that still works that's where I'm staying.
-
This post is deleted! -
@mfld said in Wireless clients lose ipv6 gateway:
Akismet won't let me edit so I need to reply to myself here:
What makes me want to look at "Router Lifetime":
TIL that pfSense UI will not let me set 12 hours. I can set a max of 9000 seconds (2.5 h). I will go ahead and test with that. As long as rhe device checks in with the network and gets a new RA broadcast in that time frame things should work.
@mfld please let us know how you get on with this, that might fix the issue with unmanaged mode.
-
@sarkyscouser OK so rather than going back to DHCP6 and assisted mode, I went into my WAN interface, clicked save and apply changes (without actually making any) and now it seems to be holding.
So from this experience, it appears that 2 things are necessary:
- turn off gateway monitoring
- whenever you make any changes to DHCP6 or RA mode, re-save and apply settings in WAN interface.
-
@sarkyscouser said in Wireless clients lose ipv6 gateway:
@sarkyscouser OK so rather than going back to DHCP6 and assisted mode, I went into my WAN interface, clicked save and apply changes (without actually making any) and now it seems to be holding.
So from this experience, it appears that 2 things are necessary:
- turn off gateway monitoring
- whenever you make any changes to DHCP6 or RA mode, re-save and apply settings in WAN interface.
Spoke too soon, gateway lost again :-(
-
@mfld said in Wireless clients lose ipv6 gateway:
It appears to be an Android implementation issue where the device will go to power save mode and not refresh RA.
I have 2 Android devices and I've had 4 others I no longer use. I have never seen that.
-
@jknott said in Wireless clients lose ipv6 gateway:
@mfld said in Wireless clients lose ipv6 gateway:
It appears to be an Android implementation issue where the device will go to power save mode and not refresh RA.
I have 2 Android devices and I've had 4 others I no longer use. I have never seen that.
Beginning to think that this is a bug that needs raising. How best to debug via the logs first before I do that?
-
Strange, isn't it. Maybe it's a combo of Unifi + Android + IPv6.
Here at this site all devices do it. They all lose IPv6 address if you put them down with their screen off and walk away for a bit. They won't reaquire it until you bounce the WiFi.
Moto G6 (Android 9), Oneplus 6T (Android 10), Samsung Note 20 Ultra 5G (Android 11), Samsung S20 (Android 11).
All seem to work fine now that Router lifetime in RA settings has been cranked up from default. Turned GW monitoring back on and it still works just fine. This is why this hasn't made it into redmine. Neither of us have anything conclusive that would make a useful bug report. But it is certainly real.
-
@sarkyscouser said in Wireless clients lose ipv6 gateway:
Beginning to think that this is a bug that needs raising. How best to debug via the logs first before I do that?
I would have dropped it into redmine long ago if I had a way to prove the issue. I can guarantee you right now they would just close it because it cannot be reproduced. Thousands of installs out there do not have this issue. We'd have to dig very deep. Packet capture everything from the device in your hand back to pfSense.
It may also depend on what apps one has installed. Apps can make the device listen for multicast.
This may be related:
-
@mfld said in Wireless clients lose ipv6 gateway:
Strange, isn't it. Maybe it's a combo of Unifi + Android + IPv6.
Here at this site all devices do it. They all lose IPv6 address if you put them down with their screen off and walk away for a bit. They won't reaquire it until you bounce the WiFi.
Moto G6 (Android 9), Oneplus 6T (Android 10), Samsung Note 20 Ultra 5G (Android 11), Samsung S20 (Android 11).
All seem to work fine now that Router lifetime in RA settings has been cranked up from default. Turned GW monitoring back on and it still works just fine. This is why this hasn't made it into redmine. Neither of us have anything conclusive that would make a useful bug report. But it is certainly real.
Yes I think the default RA settings are poor. Just done a quick bit of research:
https://techhub.hpe.com/eginfolib/networking/docs/switches/WB/16-01/5200-0135_wb_2920_ipv6/content/ch08.html
https://knowledge.broadcom.com/external/article/167985/ipv6-router-lifetime-in-router-advertise.htmland pumped up my default settings to:
Default valid lifetime: 655350
Default preferred lifetime: 604800
Minimum RA interval: 200
Maximum RA interval: 600
Router lifetime: 1800and now my Android 11 device receives ipv6 DNS which is the first time that has happened.
If DHCP6 + assisted persists for 24 - 48 hours I'll try with no DHCP6 and unmanaged again and see what happens.
-
@sarkyscouser said in Wireless clients lose ipv6 gateway:
Yes I think the default RA settings are poor. Just done a quick bit of research:
To me it seems the defaults are sane for most enviroments and the different RA modes in pfSense's implementation of radvd work exactly as advertised. The issue with mobile devices is that they need to be sleeping and selective about what they will do when the screen is off. For IOS devices we don't see an issue when DHCP6 is on because the lease time is long enough and they just handle things differently.
For Android there is no DHCP6 support and devices with aggressive power management will see the default RA expiry of 60s, go to sleep, not refresh anything and then the timer expires. But I don't understand why the devices do not reaquire IPv6 when the user picks them up and unlocks the screen. radvd should broadcast in the next 5-20 seconds, the device should see that and process it. I don't get it. Above my paygrade.
Router lifetime seems to do the trick here. Had a Samsung S10 screen locked and put away for 2 hours, picked it up and its fine.
-
@sarkyscouser said in Wireless clients lose ipv6 gateway:
Default valid lifetime: 655350
Default preferred lifetime: 604800
Minimum RA interval: 200
Maximum RA interval: 600I do not think you need to mess with these. The defaults are fine. Just the Router Lifetime default seems to be too low. Let me know how this works out for you.
-
@mfld said in Wireless clients lose ipv6 gateway:
@sarkyscouser said in Wireless clients lose ipv6 gateway:
Default valid lifetime: 655350
Default preferred lifetime: 604800
Minimum RA interval: 200
Maximum RA interval: 600I do not think you need to mess with these. The defaults are fine. Just the Router Lifetime default seems to be too low. Let me know how this works out for you.
If I only increase the router lifetime my android 11 device doesn't pick up ipv6 dns addresses so going to see how these settings pan out.
