Help needed geting fresh install playing nice with IPV6
-
-
At first glance, I see there's only 4 DHCPv6 packets, when there are typically 8. I'll have to look into them in more detail tomorrow. Also, what's all that other stuff doing in there? If you had filtered on DHCPv6 as I said, there wouldn't be the other stuff I see there. You have 5194 packets, when there should only be 8. This makes it a lot harder to solve the problem.
Here's what Wireshark looks like when you have only the DHCPv6 packets. You'll see there are only 8 packets, which makes it a lot easier to analyze.
Here's what a small portion of your capture looks like.
As I said, you have 5194 packets instead of 8.
BTW, you don't have to zip the cap file.
-
-
-
If you have Do not allow PD/Address release selected, try deselecting it and rebooting.
-
@jknott
I do not have "Do not allow PD/Address release" selected.Here are my WAN and LAN configurations.
-
That WAN page isn't readable.
-
-
Same thing. Try doing a screen capture.
-
In packet 5 of your capture I see a release of 2606:a000:bfc0:b6:719c:fa6f:6408:8118.
Does that appear on your WAN interface? It's not within your prefix.
-
So you noticed that the WAN IPV6 address I get from my ISP (Spectrum) starts with 2606, while the IPV6 address that pfSense gives me by "tracking" WAN is a 2603.
This is one of the problems I'm having.
I don't know why this happening, but you can clearly see it in the screenshot.
Frank
-
That's entirely normal. The WAN address has nothing to do with the LAN prefix, other than they're from a pool that belongs to the ISP. In fact, all you need on the WAN side is a link local address.
Recapping some of the earlier stuff, I also see that v6/t6 on my LAN and don't know what it means.
In that screen capture, I see you have valid WAN and LAN IPv6 addresses. You say the gateway is down. Is gateway monitoring enabled? If so, you can disable it, as you don't need it. However, if you do use it, you need a valid IPv6 address to ping. I used traceroute to google and picked the first valid global address along the path for my monitor address. You can't use your gateway address, as it's link local, which pfSense doesn't like.
BTW, you don't have to keep zipping everything. You can paste an image directly on this site. Also, it appears you took a photo of a serial console. You could also have used ssh to connect over the LAN and then taken a screen capture of the ssh session or even copy 'n paste, like this:
pfSense - Netgate Device ID: f6ff265a45c6b06c28b6
*** Welcome to pfSense 2.6.0-RELEASE (amd64) on firewall ***
WAN (wan) -> igb0 -> v4/DHCP4: 99.246.abc.def/23
v6/DHCP6: 2607:f798:804:90:3899:8d05:1234.abcd/128
LAN (lan) -> igb1 -> v4: 172.16.0.1/24
v6/t6: 2607:fea8:4c82:5900:4262:31ff:1234.abc1/64
VLAN3_GUEST_WIFI (opt1) -> igb1.3 -> v4: 172.16.3.1/24
v6/t6: 2607:fea8:4c82:5903:4262:31ff:1234.abc2/64
TEST (opt2) -> igb2 -> v4: 172.16.4.1/24
v6/t6: 2607:fea8:4c82:5904:4262:31ff:1234.abc3/64
CISCO (opt3) -> igb3 -> v4: 192.168.37.0/31
v6/t6: 2607:fea8:4c82:5907:4262:31ff:1234.abc4/64
OPENVPN (opt4) -> ovpns1 -> v4: 172.16.255.1/24
v6: 2607:fea8:4c82:59ff::1/64- Logout (SSH only) 9) pfTop
- Assign Interfaces 10) Filter Logs
- Set interface(s) IP address 11) Restart webConfigurator
- Reset webConfigurator password 12) PHP shell + pfSense tools
- Reset to factory defaults 13) Update from console
- Reboot system 14) Disable Secure Shell (sshd)
- Halt system 15) Restore recent configuration
- Ping host 16) Restart PHP-FPM
- Shell
Enter an option:
-
I only keep zipping files since this webpage doesn't accept my native uploads. The screenshots have to be less than 2MB or they get rejected. The only way I could get the screenshot that small was to make it a PDF file which isn't accepted. Saving it as a .BMP or .JPG the file was just over 2MB and wasn't accepted.
Frank
