Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No IPv6 after upgrade to 23.01

    Scheduled Pinned Locked Moved IPv6
    88 Posts 19 Posters 49.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • compuguyC
      compuguy @compuguy
      last edited by compuguy

      @compuguy said in No IPv6 after upgrade to 23.01:

      @nighthawk1967 I disagree with that. I have a Mikrotik on another FiOS network that should support IPv6. I'm pretty sure that's doesn't have ipv6 working either...

      Update: Looks like the Mikrotik router is having no issues and is able to pull a IPv6 prefix from Verizon. This seems to be a PFsense 23.01 bug/issue only....๐Ÿ™

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        @compuguy said in No IPv6 after upgrade to 23.01:

        This seems to be a PFsense 23.01 bug/issue only...

        My setup / background :
        Before January 2023, my ISP - my Internet connection was just IPv4. I was a static IP, so that's fine to me.
        But no IPv6what so ever.
        So, around 2014 ( ? ) I decided to create a he.net tunnelbroker account, as they give a free /48 for "live" with local access points all over the planet.
        I tend to think these guys somewhat created the IPv6 RFCs.

        January 2023 : fiber was installed. That was the end of 24 Mbits/sec VDSL : here comes 800+ Mbits up/down.
        And a new fiber ONT integrated ISP router.
        That didn't route the '6in4' protocol, so that was the end of my he.net free IPv6 access.
        The positive side of this was that their local POP in paris, for me, would not route that kind of bandwith to me, so their Ipv6 would cripple my overall Internet access.
        And the new USP box offers IPv6 for it's LAN devices.
        And even better : it hands over /64 prefixs (delegations) to router type LAN (ISP router point of view) devices, like pfSense.

        And yes : my pfSense DHCP6 client does receive a (one) /64 for my pfSense LAN.
        Not really perfect yet, as I have several LAN using IPv6 and my ISP router is buggy : it can gve more prefixes (64) but it then fails to route over IPv6. So only one it will be.

        I had some insight in what actually happens between my ISP router and pfSense with some severe tcpdump sessions.

        Then some one one a french forum ( ! ) pointed me to Multiple IPv6 Prefix Delegation over AT&T Residential Gateway for pfSense 2.4.5 so I crafted my own dhcp6 client config file, put the dhcp6 client into debug mode, and saw what happened written on the screen (logs).

        Ok, nice, the router is somewhat buggy. The ISP made huge progress : a /56 for every user, and prefixes are handed over to devices that asks for one, or more of them.
        But : not perfect yet, for me.

        Of course, in France, about 16 million users use the same ISP (Orange) and 10 million have fiber. And I'm the only one using multiple IPv6 LANs ..... ๐Ÿ˜ข ?

        Now, to join the subject of this thread : our ISPs are not perfect yet.
        But I use 23.01 on a 4100, and IPv6 works for me, Phones, PC's, printers etc do get a routable IPv6 from pfSense. I'm not using the tracker mode, but the DHCP6 server with static IPv6.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • J
          jasonreg @maverickws
          last edited by

          @maverickws said in No IPv6 after upgrade to 23.01:

          @steveits I'm attributed a /56 prefix;

          WAN configured as DHCP6
          LAN, IoT and DOM (all local networks, IoT and DOM are VLANS) configured as tracking WAN interface for IPv6

          Each interface gets a /64 prefix delegation size.

          How did you get all the local networks tracking the LAN? I can get one network doing this but when I try to setup another network/VLAN I get an error that tracking is already established and in use (or something along these lines).

          Bob.DigB GertjanG 2 Replies Last reply Reply Quote 0
          • Bob.DigB
            Bob.Dig LAYER 8 @jasonreg
            last edited by Bob.Dig

            @jasonreg You have to use another prefix ID. And they don't track LAN but your WAN.

            J 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @jasonreg
              last edited by Gertjan

              @jasonreg

              This :

              fa407267-f4e0-4432-adf4-faf0242428bd-image.png

              doesn't mean you will get more then one prefix.
              --- I think ---

              With that (image) setting, I get 1 prefix, so I can select one (from 0 to 0) as an interface to track (on one LAN interface).

              I wanted to have several prefixes, so I used the forum thread sited above as a guideline.

              I created this file /root/att-rg-dhcpv6-pd.conf :

              interface ix3 {
                      send ia-na 0;
                      send ia-pd 0;
                      send ia-pd 1;
                      send ia-pd 2;
                      send ia-pd 3;
                      send ia-pd 4;
                      send ia-pd 5;
                      send ia-pd 6;
                      send ia-pd 7;
                      request domain-name-servers;
                      request domain-name;
                      script "/var/etc/dhcp6c_wan_script.sh";
              };
              id-assoc na 0 { };
              id-assoc pd 0 {
                      prefix-interface igc0 {
                              sla-id 0;
                              sla-len 0;
                      };
              };
              id-assoc pd 1 {
                      prefix-interface igc2 {
                              sla-id 0;
                              sla-len 0;
                      };
              };
              id-assoc pd 2 { };
              id-assoc pd 3 { };
              id-assoc pd 4 { };
              id-assoc pd 5 { };
              id-assoc pd 6 { };
              id-assoc pd 7 { };
              

              where ix3 is my WAN interface.
              igc0 is my LAN interface
              igc1 is my second LAN interface

              I've used this file like this :
              3187c2e4-0a5b-4c8f-873b-e0c7910c02f9-image.png

              A then, looking at thedhcp6client log lines, the magic happend :
              I saw 2 /64 prefixes handed over buy my ISP upstream router, and could use Tracking on two LAN interfaces, the first had the index 0 and the other the index 1.
              ( and then things still failed for me, but that's another story )

              Btw : I do not pretend that I fully understand what the config file does.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • J
                jasonreg @Bob.Dig
                last edited by

                @bob-dig said in No IPv6 after upgrade to 23.01:

                @jasonreg You have to use another prefix ID. And they don't track LAN but your WAN.

                Yes, sorry typo. Is it as simple as changing the default "0" here:
                23361465-02c2-4f07-8a6d-265377162fb9-image.png
                to a "1" for a separate VLAN or network?

                GertjanG Bob.DigB 2 Replies Last reply Reply Quote 1
                • GertjanG
                  Gertjan @jasonreg
                  last edited by

                  @jasonreg
                  Exact !
                  When tracking works (aka : you received on or more prefixes), that is how it should be set up.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • Bob.DigB
                    Bob.Dig LAYER 8 @jasonreg
                    last edited by

                    @jasonreg 0 to ff in your case, look at the screen(shot). ๐Ÿ˜›

                    J 1 Reply Last reply Reply Quote 0
                    • J
                      jasonreg @Bob.Dig
                      last edited by

                      @bob-dig said in No IPv6 after upgrade to 23.01:

                      @jasonreg 0 to ff in your case, look at the screen(shot). ๐Ÿ˜›

                      OK, so I am a bit lacking here. "0 to ff" would mean what exactly for the next 5 interfaces? Apologize for the (probably) basic question ...

                      And, do I enable the DHCP6 server and RA on each interface or on just the LAN?

                      J 1 Reply Last reply Reply Quote 0
                      • J
                        jasonreg @jasonreg
                        last edited by

                        @jasonreg OK - have that one. numbers until I needed 10 or more than I need to use hex. Got it.

                        So I now have IPV6 on all networks. The only thing I do not understand is why the WAN_DHCP6 Gateway shows Red "Offline, Packetloss"

                        That said, it looks like the IPV6 addresses are now being handed out. Verified on iPad/iPhones etc. changing to the various VLANs.

                        maverickwsM 1 Reply Last reply Reply Quote 0
                        • maverickwsM
                          maverickws @jasonreg
                          last edited by

                          @jasonreg
                          Sometimes after doing a lot of configuration changes, giving a reboot on the firewall gets everything running perfectly at last.
                          It could also mean your IPv6 upstream gateway doesn't respond to monitoring. In that case you either mark the GW always up, or get a valid IPv6 address for the Gateway monitor to reach and define its state.

                          About my previous attempts to figure this out and following up on @mhillmann's conversation;

                          I have data from over a year back where I can see my IPv6 gateway with this ISP. My IPv6 address is always one of a /40 pool, and the upstream gateway is always the same. I checked this extensively.

                          So the WAN interface was using DHCPv6 but in Routing the selected IPv6 gateway was the static one I created. I actually went a step further and disabled the dynamic gateway on the routing table.

                          So the static gateway was up but no traffic from the machines which had an IPv6 correctly attributed by tracking WAN interface setup.

                          So I left this at a standstill waiting for a fix to the issue here. I resigned to "no IPv6" for a while.
                          The other day I opened a site which accused me of being using IPv6.

                          Made an IPv6 test: IPv6 working.
                          Tested on other machines: IPv6 working.

                          Checked the firewall, have the Static IPv6 gateway selected, the same configuration I left before when IPv6 wasn't working. And wasn't for many days.

                          Currently 17 days uptime, have no idea how the issue resolved by itself.

                          So in the meanwhile, tried just rebooting the firewall to see how'd it would go.
                          After reboot, no IPv6 again.

                          1 Reply Last reply Reply Quote 0
                          • S
                            shadowking
                            last edited by

                            Thanks for the redmine report, I'll disable IPv6 until a fix is released.

                            J 1 Reply Last reply Reply Quote 0
                            • J
                              jordanp123 @shadowking
                              last edited by

                              @shadowking
                              Yes, thank you everyone for the conversation. I didn't realize this thread existed and had created my own which appears to be a result of the same issue. I'm gonna disable ipV6 until we have a resolution.

                              1 Reply Last reply Reply Quote 0
                              • D drewsaur referenced this topic on
                              • D drewsaur referenced this topic on
                              • D drewsaur referenced this topic on
                              • D drewsaur referenced this topic on
                              • D drewsaur referenced this topic on
                              • jimpJ
                                jimp Rebel Alliance Developer Netgate
                                last edited by

                                FYI- The latest Plus (2.7.0) and CE (23.05) snapshots have a fix for this. See https://redmine.pfsense.org/issues/14072 for details.

                                tl;dr we added a flag to rtsold which always fires the script no matter which flags are in the RA.

                                It's working for me on the latest snapshots here in my lab, and I could reproduce the issue reliably before.

                                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                Need help fast? Netgate Global Support!

                                Do not Chat/PM for help!

                                S J 2 Replies Last reply Reply Quote 2
                                • S
                                  shadowking @jimp
                                  last edited by

                                  @jimp thx for the hard work, I'll wait for the next stable release, but it's good to see that this issue has been handled quickly and properly.

                                  1 Reply Last reply Reply Quote 0
                                  • J
                                    jordanp123 @jimp
                                    last edited by

                                    @jimp
                                    Just tried it in a CE snapshot VM, works perfectly. No issues at all, once Plus and CE are out in stable I'll be able to get rid of my "Kludges" to get V6 to work. Thanks Everyone Its much appreciated !!!!

                                    1 Reply Last reply Reply Quote 1
                                    • M
                                      mhillmann
                                      last edited by

                                      Works flawless. Thank you for the solution!

                                      1 Reply Last reply Reply Quote 1
                                      • jimpJ
                                        jimp Rebel Alliance Developer Netgate
                                        last edited by

                                        Also noteworthy that we didn't just make the change locally, it's been submitted upstream to FreeBSD as well and will be in future releases there, so we don't have to worry about this breaking again in the future:

                                        https://reviews.freebsd.org/D39931

                                        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                        Need help fast? Netgate Global Support!

                                        Do not Chat/PM for help!

                                        M 1 Reply Last reply Reply Quote 3
                                        • M
                                          mhillmann @jimp
                                          last edited by

                                          @jimp Good choice, as the issue affects FreeBSD too, due to the way rtsold was originally coded in the OS. Rtsold worked before, because sometimes even coding errors produce the intended(?) outcome by mere luck.

                                          jimpJ 1 Reply Last reply Reply Quote 0
                                          • jimpJ
                                            jimp Rebel Alliance Developer Netgate @mhillmann
                                            last edited by

                                            @mhillmann said in No IPv6 after upgrade to 23.01:

                                            @jimp Good choice, as the issue affects FreeBSD too, due to the way rtsold was originally coded in the OS. Rtsold worked before, because sometimes even coding errors produce the intended(?) outcome by mere luck.

                                            On previous versions of pfSense we had a local patch to rtsold that ended up running the script for any flag combination but it looks like that may not have been intentional. So yes, it was working before but completely by accident.

                                            But now it's working deliberately without a local only change. :-)

                                            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                            Need help fast? Netgate Global Support!

                                            Do not Chat/PM for help!

                                            1 Reply Last reply Reply Quote 0
                                            • maverickwsM maverickws referenced this topic on
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.