Help needed geting fresh install playing nice with IPV6

JKnott · Aug 13, 2022, 4:02 AM

@ftarz said in Help needed geting fresh install playing nice with IPV6:

It seems like pfsense is unable to get an IPV6 address.

Capture a full DHCPv6 sequence and post the capture file here.

ftarz · Aug 13, 2022, 4:02 AM

Aug 12 23:56:59 dhclient 11650 REBOOT
Aug 12 23:56:59 dhclient 12068 Starting add_new_address()
Aug 12 23:56:59 dhclient 12069 ifconfig re0 inet 107.XX.97.120 netmask 255.255.224.0 broadcast 255.255.255.255
Aug 12 23:56:59 dhclient 12294 New IP Address (re0): 107.XX.97.120
Aug 12 23:56:59 dhclient 12471 New Subnet Mask (re0): 255.255.224.0
Aug 12 23:56:59 dhclient 12631 New Broadcast Address (re0): 255.255.255.255
Aug 12 23:56:59 dhclient 12973 New Routers (re0): 107.XX.96.1
Aug 12 23:56:59 dhclient 13284 Adding new routes to interface: re0
Aug 12 23:56:59 dhclient 13505 Creating resolv.conf
Aug 12 23:56:59 dhclient 7281 bound to 107.XX.97.120 -- renewal in 561 seconds.
Aug 12 23:57:01 dhcp6c 32728 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Aug 12 23:57:01 dhcp6c 32728 failed initialize control message authentication
Aug 12 23:57:01 dhcp6c 32728 skip opening control port
Aug 12 23:57:02 dhcp6c 32820 restarting
Aug 12 23:57:03 dhcp6c 32820 Sending Solicit
Aug 12 23:57:03 dhcp6c 32820 Sending Request
Aug 12 23:57:03 dhcp6c 32820 dhcp6c Received REQUEST
Aug 12 23:57:03 dhcp6c 32820 add an address 2603:XXXX:1600:d000:6a05:caff:fe46:95a2/64 on em0
Aug 12 23:57:03 dhcp6c 32820 add an address 2606:XXXX:bfc0:b6:719c:fa6f:6408:8118/128 on re0
Aug 12 23:57:13 dhcpd 22538 Internet Systems Consortium DHCP Server 4.4.2-P1
Aug 12 23:57:13 dhcpd 22538 Copyright 2004-2021 Internet Systems Consortium.
Aug 12 23:57:13 dhcpd 22538 All rights reserved.
Aug 12 23:57:13 dhcpd 22538 For info, please visit https://www.isc.org/software/dhcp/
Aug 12 23:57:13 dhcpd 22538 Config file: /etc/dhcpd.conf
Aug 12 23:57:13 dhcpd 22538 Database file: /var/db/dhcpd.leases
Aug 12 23:57:13 dhcpd 22538 Internet Systems Consortium DHCP Server 4.4.2-P1
Aug 12 23:57:13 dhcpd 22538 PID file: /var/run/dhcpd.pid
Aug 12 23:57:13 dhcpd 22538 Copyright 2004-2021 Internet Systems Consortium.
Aug 12 23:57:13 dhcpd 22538 All rights reserved.
Aug 12 23:57:13 dhcpd 22538 For info, please visit https://www.isc.org/software/dhcp/
Aug 12 23:57:13 dhcpd 22538 Wrote 0 class decls to leases file.
Aug 12 23:57:13 dhcpd 22538 Wrote 15 leases to leases file.
Aug 12 23:57:13 dhcpd 22538 Listening on BPF/em0/68:05:ca:46:95:a2/192.168.0.0/24
Aug 12 23:57:13 dhcpd 22538 Sending on BPF/em0/68:05:ca:46:95:a2/192.168.0.0/24
Aug 12 23:57:13 dhcpd 22538 Sending on Socket/fallback/fallback-net
Aug 12 23:57:13 dhcpd 22538 Server starting service.
Aug 12 23:57:18 dhcpd 22538 DHCPDISCOVER from 20:df:b935:b4 via em0
Aug 12 23:57:19 dhcpd 22538 DHCPOFFER on 192.168.0.62 to 20:df:b935:b4 (Google-Home-Mini) via em0
Aug 12 23:57:19 dhcpd 22538 DHCPREQUEST for 192.168.0.62 (192.168.0.25) from 20:df:b935:b4 (Google-Home-Mini) via em0
Aug 12 23:57:19 dhcpd 22538 DHCPACK on 192.168.0.62 to 20:df:b935:b4 (Google-Home-Mini) via em0
Aug 12 23:57:23 dhcpd 22538 reuse_lease: lease age 977 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.57
Aug 12 23:57:23 dhcpd 22538 DHCPDISCOVER from 00:08:89:6b:46:47 via em0
Aug 12 23:57:23 dhcpd 22538 DHCPOFFER on 192.168.0.57 to 00:08:89:6b:46:47 via em0
Aug 12 23:57:23 dhcpd 22538 reuse_lease: lease age 977 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.57
Aug 12 23:57:23 dhcpd 22538 DHCPREQUEST for 192.168.0.57 (192.168.0.25) from 00:08:89:6b:46:47 via em0
Aug 12 23:57:23 dhcpd 22538 DHCPACK on 192.168.0.57 to 00:08:89:6b:46:47 via em0

ftarz · Aug 13, 2022, 4:31 AM

Aug 13 00:15:32 dhclient 10908 REBOOT
Aug 13 00:15:32 dhclient 11200 Starting add_new_address()
Aug 13 00:15:32 dhclient 11515 ifconfig re0 inet 107.XX.97.120 netmask 255.255.224.0 broadcast 255.255.255.255
Aug 13 00:15:32 dhclient 11895 New IP Address (re0): 107.XX.97.120
Aug 13 00:15:32 dhclient 12200 New Subnet Mask (re0): 255.255.224.0
Aug 13 00:15:32 dhclient 12302 New Broadcast Address (re0): 255.255.255.255
Aug 13 00:15:32 dhclient 12349 New Routers (re0): 107.XX.96.1
Aug 13 00:15:32 dhclient 12556 Adding new routes to interface: re0
Aug 13 00:15:32 dhclient 12881 Creating resolv.conf
Aug 13 00:15:32 dhclient 6427 bound to 107.XX.97.120 -- renewal in 42649 seconds.
Aug 13 00:15:35 dhcp6c 43552 extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:2a:88:f8:30:68:05:ca:46:95:a2
Aug 13 00:15:35 dhcp6c 43552 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Aug 13 00:15:35 dhcp6c 43552 failed initialize control message authentication
Aug 13 00:15:35 dhcp6c 43552 skip opening control port
Aug 13 00:15:35 dhcp6c 43552 <3>[interface] (9)
Aug 13 00:15:35 dhcp6c 43552 <5>[re0] (3)
Aug 13 00:15:35 dhcp6c 43552 <3>begin of closure [{] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>[send] (4)
Aug 13 00:15:35 dhcp6c 43552 <3>[ia-na] (5)
Aug 13 00:15:35 dhcp6c 43552 <3>[0] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>end of sentence [;] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>comment [# request stateful address] (26)
Aug 13 00:15:35 dhcp6c 43552 <3>[send] (4)
Aug 13 00:15:35 dhcp6c 43552 <3>[ia-pd] (5)
Aug 13 00:15:35 dhcp6c 43552 <3>[0] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>end of sentence [;] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>comment [# request prefix delegation] (27)
Aug 13 00:15:35 dhcp6c 43552 <3>[request] (7)
Aug 13 00:15:35 dhcp6c 43552 <3>[domain-name-servers] (19)
Aug 13 00:15:35 dhcp6c 43552 <3>end of sentence [;] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>[request] (7)
Aug 13 00:15:35 dhcp6c 43552 <3>[domain-name] (11)
Aug 13 00:15:35 dhcp6c 43552 <3>end of sentence [;] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>[script] (6)
Aug 13 00:15:35 dhcp6c 43552 <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
Aug 13 00:15:35 dhcp6c 43552 <3>end of sentence [;] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>comment [# we'd like some nameservers please] (35)
Aug 13 00:15:35 dhcp6c 43552 <3>end of closure [}] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>end of sentence [;] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>[id-assoc] (8)
Aug 13 00:15:35 dhcp6c 43552 <13>[na] (2)
Aug 13 00:15:35 dhcp6c 43552 <13>[0] (1)
Aug 13 00:15:35 dhcp6c 43552 <13>begin of closure [{] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>end of closure [}] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>end of sentence [;] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>[id-assoc] (8)
Aug 13 00:15:35 dhcp6c 43552 <13>[pd] (2)
Aug 13 00:15:35 dhcp6c 43552 <13>[0] (1)
Aug 13 00:15:35 dhcp6c 43552 <13>begin of closure [{] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>[prefix] (6)
Aug 13 00:15:35 dhcp6c 43552 <3>[::] (2)
Aug 13 00:15:35 dhcp6c 43552 <3>[/] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>[64] (2)
Aug 13 00:15:35 dhcp6c 43552 <3>[infinity] (8)
Aug 13 00:15:35 dhcp6c 43552 <3>end of sentence [;] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>[prefix-interface] (16)
Aug 13 00:15:35 dhcp6c 43552 <5>[em0] (3)
Aug 13 00:15:35 dhcp6c 43552 <3>begin of closure [{] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>[sla-id] (6)
Aug 13 00:15:35 dhcp6c 43552 <3>[0] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>end of sentence [;] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>[sla-len] (7)
Aug 13 00:15:35 dhcp6c 43552 <3>[0] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>end of sentence [;] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>end of closure [}] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>end of sentence [;] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>end of closure [}] (1)
Aug 13 00:15:35 dhcp6c 43552 <3>end of sentence [;] (1)
Aug 13 00:15:35 dhcp6c 43552 called
Aug 13 00:15:35 dhcp6c 43552 called
Aug 13 00:15:35 dhcp6c 43581 reset a timer on re0, state=INIT, timeo=0, retrans=891
Aug 13 00:15:36 dhcp6c 43581 restarting
Aug 13 00:15:36 dhcp6c 43581 removing an event on re0, state=INIT
Aug 13 00:15:36 dhcp6c 43581 reset a timer on re0, state=INIT, timeo=0, retrans=910
Aug 13 00:15:37 dhcp6c 43581 Sending Solicit
Aug 13 00:15:37 dhcp6c 43581 a new XID (5c1b2d) is generated
Aug 13 00:15:37 dhcp6c 43581 set client ID (len 14)
Aug 13 00:15:37 dhcp6c 43581 set identity association
Aug 13 00:15:37 dhcp6c 43581 set elapsed time (len 2)
Aug 13 00:15:37 dhcp6c 43581 set option request (len 4)
Aug 13 00:15:37 dhcp6c 43581 set IA_PD prefix
Aug 13 00:15:37 dhcp6c 43581 set IA_PD
Aug 13 00:15:37 dhcp6c 43581 send solicit to ff02::1:2%re0
Aug 13 00:15:37 dhcp6c 43581 reset a timer on re0, state=SOLICIT, timeo=0, retrans=1009
Aug 13 00:15:37 dhcp6c 43581 receive advertise from fe80::217:10ff:fe8b:2d0e%re0 on re0
Aug 13 00:15:37 dhcp6c 43581 get DHCP option client ID, len 14
Aug 13 00:15:37 dhcp6c 43581 DUID: 00:01:00:01:2a:88:f8:30:68:05:ca:46:95:a2
Aug 13 00:15:37 dhcp6c 43581 get DHCP option server ID, len 14
Aug 13 00:15:37 dhcp6c 43581 DUID: 00:01:00:01:1d:7c:50:b0:00:50:56:9d:0c:50
Aug 13 00:15:37 dhcp6c 43581 get DHCP option identity association, len 40
Aug 13 00:15:37 dhcp6c 43581 IA_NA: ID=0, T1=1754, T2=2806
Aug 13 00:15:37 dhcp6c 43581 get DHCP option IA address, len 24
Aug 13 00:15:37 dhcp6c 43581 IA_NA address: 2606:a000:bfc0:b6:719c:fa6f:6408:8118 pltime=603685 vltime=603685
Aug 13 00:15:37 dhcp6c 43581 get DHCP option IA_PD, len 41
Aug 13 00:15:37 dhcp6c 43581 IA_PD: ID=0, T1=1754, T2=2806
Aug 13 00:15:37 dhcp6c 43581 get DHCP option IA_PD prefix, len 25
Aug 13 00:15:37 dhcp6c 43581 IA_PD prefix: 2603:6081:1600:4c86::/64 pltime=3508 vltime=3508
Aug 13 00:15:37 dhcp6c 43581 get DHCP option preference, len 1
Aug 13 00:15:37 dhcp6c 43581 preference: 255
Aug 13 00:15:37 dhcp6c 43581 get DHCP option DNS, len 32
Aug 13 00:15:37 dhcp6c 43581 server ID: 00:01:00:01:1d:7c:50:b0:00:50:56:9d:0c:50, pref=255
Aug 13 00:15:37 dhcp6c 43581 Sending Request
Aug 13 00:15:37 dhcp6c 43581 a new XID (37f164) is generated
Aug 13 00:15:37 dhcp6c 43581 set client ID (len 14)
Aug 13 00:15:37 dhcp6c 43581 set server ID (len 14)
Aug 13 00:15:37 dhcp6c 43581 set IA address
Aug 13 00:15:37 dhcp6c 43581 set identity association
Aug 13 00:15:37 dhcp6c 43581 set elapsed time (len 2)
Aug 13 00:15:37 dhcp6c 43581 set option request (len 4)
Aug 13 00:15:37 dhcp6c 43581 set IA_PD prefix
Aug 13 00:15:37 dhcp6c 43581 set IA_PD
Aug 13 00:15:37 dhcp6c 43581 send request to ff02::1:2%re0
Aug 13 00:15:37 dhcp6c 43581 reset a timer on re0, state=REQUEST, timeo=0, retrans=911
Aug 13 00:15:37 dhcp6c 43581 receive reply from fe80::217:10ff:fe8b:2d0e%re0 on re0
Aug 13 00:15:37 dhcp6c 43581 get DHCP option client ID, len 14
Aug 13 00:15:37 dhcp6c 43581 DUID: 00:01:00:01:2a:88:f8:30:68:05:ca:46:95:a2
Aug 13 00:15:37 dhcp6c 43581 get DHCP option server ID, len 14
Aug 13 00:15:37 dhcp6c 43581 DUID: 00:01:00:01:1d:7c:50:b0:00:50:56:9d:0c:50
Aug 13 00:15:37 dhcp6c 43581 get DHCP option identity association, len 40
Aug 13 00:15:37 dhcp6c 43581 IA_NA: ID=0, T1=302400, T2=483840
Aug 13 00:15:37 dhcp6c 43581 get DHCP option IA address, len 24
Aug 13 00:15:37 dhcp6c 43581 IA_NA address: 2606:a000:bfc0:b6:719c:fa6f:6408:8118 pltime=604800 vltime=604800
Aug 13 00:15:37 dhcp6c 43581 get DHCP option IA_PD, len 41
Aug 13 00:15:37 dhcp6c 43581 IA_PD: ID=0, T1=302400, T2=483840
Aug 13 00:15:37 dhcp6c 43581 get DHCP option IA_PD prefix, len 25
Aug 13 00:15:37 dhcp6c 43581 IA_PD prefix: 2603:6081:1600:4c86::/64 pltime=604800 vltime=604800
Aug 13 00:15:37 dhcp6c 43581 get DHCP option DNS, len 32
Aug 13 00:15:37 dhcp6c 43581 dhcp6c Received REQUEST
Aug 13 00:15:37 dhcp6c 43581 nameserver[0] 2001:1998:f00:2::1
Aug 13 00:15:37 dhcp6c 43581 nameserver[1] 2001:1998:f00:1::1
Aug 13 00:15:37 dhcp6c 43581 make an IA: PD-0
Aug 13 00:15:37 dhcp6c 43581 create a prefix 2603:6081:1600:4c86::/64 pltime=604800, vltime=604800
Aug 13 00:15:37 dhcp6c 43581 add an address 2603:6081:1600:4c86:6a05:caff:fe46:95a2/64 on em0
Aug 13 00:15:37 dhcp6c 43581 make an IA: NA-0
Aug 13 00:15:37 dhcp6c 43581 create an address 2606:a000:bfc0:b6:719c:fa6f:6408:8118 pltime=604800, vltime=17975709916526623360
Aug 13 00:15:37 dhcp6c 43581 add an address 2606:a000:bfc0:b6:719c:fa6f:6408:8118/128 on re0
Aug 13 00:15:37 dhcp6c 43581 executes /var/etc/dhcp6c_wan_script.sh
Aug 13 00:15:37 dhcp6c 49140 dhcp6c RELEASE, REQUEST or EXIT on re0 running rc.newwanipv6
Aug 13 00:15:40 dhcp6c 43581 script "/var/etc/dhcp6c_wan_script.sh" terminated
Aug 13 00:15:40 dhcp6c 43581 removing an event on re0, state=REQUEST
Aug 13 00:15:40 dhcp6c 43581 removing server (ID: 00:01:00:01:1d:7c:50:b0:00:50:56:9d:0c:50)
Aug 13 00:15:40 dhcp6c 43581 got an expected reply, sleeping.
Aug 13 00:15:49 dhcpd 25282 Internet Systems Consortium DHCP Server 4.4.2-P1
Aug 13 00:15:49 dhcpd 25282 Copyright 2004-2021 Internet Systems Consortium.

JKnott · Aug 13, 2022, 1:52 PM

@ftarz

That is not the capture file. The capture file is downloaded from pfSense and has a .cap extension, so that it can be examined in Wireshark. This provides much more info than you listed.

ftarz · Aug 13, 2022, 5:05 PM

packetcapture.zip

JKnott · Aug 14, 2022, 12:51 AM

@ftarz

At first glance, I see there's only 4 DHCPv6 packets, when there are typically 8. I'll have to look into them in more detail tomorrow. Also, what's all that other stuff doing in there? If you had filtered on DHCPv6 as I said, there wouldn't be the other stuff I see there. You have 5194 packets, when there should only be 8. This makes it a lot harder to solve the problem.

Here's what Wireshark looks like when you have only the DHCPv6 packets. You'll see there are only 8 packets, which makes it a lot easier to analyze.

Here's what a small portion of your capture looks like.

As I said, you have 5194 packets instead of 8.

BTW, you don't have to zip the cap file.

ftarz · Aug 14, 2022, 1:10 AM

dhcpv6.pcap

JKnott · Aug 14, 2022, 2:41 AM

@ftarz

You have several "release XID" packets. I'm not sure yet why that's happening.

JKnott · Aug 14, 2022, 2:50 AM

@ftarz

If you have Do not allow PD/Address release selected, try deselecting it and rebooting.

ftarz · Aug 14, 2022, 9:16 PM

@jknott
I do not have "Do not allow PD/Address release" selected.

Here are my WAN and LAN configurations.

WAN (re0).zip LAN (em0).zip

JKnott · Aug 14, 2022, 11:54 PM

@ftarz

That WAN page isn't readable.

ftarz · Aug 15, 2022, 12:53 AM

WAN (re0).7z

JKnott · Aug 15, 2022, 11:01 AM

@ftarz

Same thing. Try doing a screen capture.

JKnott · Aug 15, 2022, 2:18 PM

@ftarz

In packet 5 of your capture I see a release of 2606:a000:bfc0:b6:719c:fa6f:6408:8118.

Does that appear on your WAN interface? It's not within your prefix.

ftarz · Aug 15, 2022, 5:54 PM

screenshot.zip

So you noticed that the WAN IPV6 address I get from my ISP (Spectrum) starts with 2606, while the IPV6 address that pfSense gives me by "tracking" WAN is a 2603.

This is one of the problems I'm having.

I don't know why this happening, but you can clearly see it in the screenshot.

Frank

JKnott · Aug 15, 2022, 7:16 PM

@ftarz

That's entirely normal. The WAN address has nothing to do with the LAN prefix, other than they're from a pool that belongs to the ISP. In fact, all you need on the WAN side is a link local address.

Recapping some of the earlier stuff, I also see that v6/t6 on my LAN and don't know what it means.

In that screen capture, I see you have valid WAN and LAN IPv6 addresses. You say the gateway is down. Is gateway monitoring enabled? If so, you can disable it, as you don't need it. However, if you do use it, you need a valid IPv6 address to ping. I used traceroute to google and picked the first valid global address along the path for my monitor address. You can't use your gateway address, as it's link local, which pfSense doesn't like.

BTW, you don't have to keep zipping everything. You can paste an image directly on this site. Also, it appears you took a photo of a serial console. You could also have used ssh to connect over the LAN and then taken a screen capture of the ssh session or even copy 'n paste, like this:

pfSense - Netgate Device ID: f6ff265a45c6b06c28b6

*** Welcome to pfSense 2.6.0-RELEASE (amd64) on firewall ***

WAN (wan) -> igb0 -> v4/DHCP4: 99.246.abc.def/23
v6/DHCP6: 2607:f798:804:90:3899:8d05:1234.abcd/128
LAN (lan) -> igb1 -> v4: 172.16.0.1/24
v6/t6: 2607:fea8:4c82:5900:4262:31ff:1234.abc1/64
VLAN3_GUEST_WIFI (opt1) -> igb1.3 -> v4: 172.16.3.1/24
v6/t6: 2607:fea8:4c82:5903:4262:31ff:1234.abc2/64
TEST (opt2) -> igb2 -> v4: 172.16.4.1/24
v6/t6: 2607:fea8:4c82:5904:4262:31ff:1234.abc3/64
CISCO (opt3) -> igb3 -> v4: 192.168.37.0/31
v6/t6: 2607:fea8:4c82:5907:4262:31ff:1234.abc4/64
OPENVPN (opt4) -> ovpns1 -> v4: 172.16.255.1/24
v6: 2607:fea8:4c82:59ff::1/64

Logout (SSH only) 9) pfTop
Assign Interfaces 10) Filter Logs
Set interface(s) IP address 11) Restart webConfigurator
Reset webConfigurator password 12) PHP shell + pfSense tools
Reset to factory defaults 13) Update from console
Reboot system 14) Disable Secure Shell (sshd)
Halt system 15) Restore recent configuration
Ping host 16) Restart PHP-FPM
Shell

Enter an option:

ftarz · Aug 16, 2022, 1:54 AM

I only keep zipping files since this webpage doesn't accept my native uploads. The screenshots have to be less than 2MB or they get rejected. The only way I could get the screenshot that small was to make it a PDF file which isn't accepted. Saving it as a .BMP or .JPG the file was just over 2MB and wasn't accepted.

Frank