• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPv6 forwarding routinely broken; disable/enable DHCP6 on WAN to fix

Scheduled Pinned Locked Moved IPv6
7 Posts 2 Posters 805 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jpwoodbu
    last edited by Jul 4, 2023, 5:54 PM

    Re: [IPv6 not working on boot](but after editing WAN interface)

    The topic referenced above sounds a lot like what I see. TL;DR every time I reboot my pfsense appliance or my ONT has a power blip (which seems to happen daily), I need to set the WAN IPv6 configuration type to None and than back to DHCP6 to get IPv6 forwarding working again.

    Maybe it's an ISP issue. I'm on Spectrum in the Raleigh/Durham area. Packet captures show IPv6 packets going out of the WAN interface but none coming in (except that I can ping the gateway over its link-local v6 address).

    But I'm hoping there's some way to configure the IPv6 settings in pfSense to make my IPv6 setup more reliable. I'm close to just setting up a cronjob to try pinging google.com over IPv6 and automatically bouncing the IPv6 config if it can't.

    K 1 Reply Last reply Jul 4, 2023, 6:11 PM Reply Quote 0
    • K
      keyser Rebel Alliance @jpwoodbu
      last edited by Jul 4, 2023, 6:11 PM

      @jpwoodbu said in IPv6 forwarding routinely broken; disable/enable DHCP6 on WAN to fix:

      Re: [IPv6 not working on boot](but after editing WAN interface)

      The topic referenced above sounds a lot like what I see. TL;DR every time I reboot my pfsense appliance or my ONT has a power blip (which seems to happen daily), I need to set the WAN IPv6 configuration type to None and than back to DHCP6 to get IPv6 forwarding working again.

      Maybe it's an ISP issue. I'm on Spectrum in the Raleigh/Durham area. Packet captures show IPv6 packets going out of the WAN interface but none coming in (except that I can ping the gateway over its link-local v6 address).

      But I'm hoping there's some way to configure the IPv6 settings in pfSense to make my IPv6 setup more reliable. I'm close to just setting up a cronjob to try pinging google.com over IPv6 and automatically bouncing the IPv6 config if it can't.

      Like many places in the world your ISP requires IPv6 DHCP to be configured outside of the pfSense Defaults - in fact, I have never tried that pfSense DHCPv6 defaults have worked anywhere which is why I started a thread here about the matureness of IPv6 and especially DHCPv6. Seems DHCPv6 with ISPs is a dumpsterfire because DHCPv6 is not standardized properly.

      Love the no fuss of using the official appliances :-)

      J 2 Replies Last reply Jul 4, 2023, 6:22 PM Reply Quote 0
      • J
        jpwoodbu @keyser
        last edited by Jul 4, 2023, 6:22 PM

        @keyser thanks for the reply. Can you direct me to that thread? I looked at your posts but I don't think I found it. Also, do you have any suggestions for which settings to change from their defaults? Or should I just experiment?

        K 1 Reply Last reply Jul 4, 2023, 8:08 PM Reply Quote 0
        • J
          jpwoodbu @keyser
          last edited by Jul 4, 2023, 6:25 PM

          @keyser I think I found your thread: https://forum.netgate.com/topic/180601/matureness-of-ipv6-generally?_=1688494596729

          1 Reply Last reply Reply Quote 1
          • K
            keyser Rebel Alliance @jpwoodbu
            last edited by Jul 4, 2023, 8:08 PM

            @jpwoodbu That is the core point of my post - experimentation is almost pointless as there million of combinations of settings to test….
            Because DHCPv6 is so terribly customizable instead of just a “ON/OFF settings, and then have the standard require that server settings configures the client”.

            Failing to renew and rebind DHCPv6 seems the most common problem with pfSense as a DHCPv6 client. Could be that FreeBSD/pfSense has some settings that are more outside the average standard config than Linux or Windows (They seem to renew fine in more cases during my ISP tests)

            I can’t tell you waht to configure because your problem is a specific requirement from your ISP. Your only option is to somehow get a packetcapture of your current ISPs CPE doing DHCPv6 solicit and renew. Then use those packetcaptures and start flicking settings in pfSense to attempt to replicate the needed settings. (Blo**** annoying)

            Love the no fuss of using the official appliances :-)

            J 1 Reply Last reply Jul 9, 2023, 4:06 AM Reply Quote 0
            • J
              jpwoodbu @keyser
              last edited by Jul 9, 2023, 4:06 AM

              I might have found a config that's working for me (Spectrum in Raleigh/Durham). It's been stable for several days.

              The config produces the following content for /var/etc/dhcp6c.conf:

              interface mvneta0.4090 {
                      send ia-na 0;
                      send ia-pd 0;
                      request refreshtime;
                      script "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh";
              };
              id-assoc na 0 { };
              id-assoc pd 0 {
                      prefix-interface mvneta0.4091 {
                              sla-id 0;
                              sla-len 0;
                      };
              };
              

              I think the key thing might be that I've got request refreshtime in the mix. I also happened to have removed the DNS related request lines since I don't need them (I just use Google Public DNS).

              To get there, under the DHCP6 Client Configuration menu, I did the follow:

              1. Checked Advanced Configuration
              2. Checked Do not wait for a RA (not sure this matters; I don't see it in the dhcp6c.conf file)
              3. Set Send options to ia-na 0 , ia-pd 0
              4. Set Request Options to refreshtime
              5. Checked Non-Temporary Address Allocation
              6. Put 0 in the id-assoc na ID field
              7. Checked Prefix Delgation
              8. Put 0 in the id-assoc pd ID field
              9. Put 0 in the Prefix interface sla-id
              10. Put 0 in the sla-len field
              11. Set Prefix Interface to LAN

              Hope this might help someone else.

              J 1 Reply Last reply Jul 9, 2023, 4:08 AM Reply Quote 1
              • J
                jpwoodbu @jpwoodbu
                last edited by Jul 9, 2023, 4:08 AM

                I should add that the only difference between my custom config and the default (non-advanced) config was that request refreshtime; was added and the DNS related request lines were removed.

                This why I have a suspicion that adding in request refreshtime might be the thing that actually helped.

                1 Reply Last reply Reply Quote 1
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received