Missing Link Local on WAN

zelliglover

I have been tearing my hair out trying to figure this out. I hope the fix for my problem is simple. I have my pfsense on an old dell server connected to my xfinity modem (which is in bridge mode). the ipv4 connection works perfectly. But i cannot get ipv6 to work at all. The only thing i had, was after i factory reset pfsense, the ipv6 addresses popped up on my interfaces, but only for a few seconds. i called xfinity and they said theres nothing they can do. I have tried all i can find out there and nothing worked, so i started digging and i realized that there was no link local v6 address on the wan interface. here is what it looks like:

bce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: WAN
    options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
    ether 00:26:b9:xx:xx:xx
    inet x.x.x.x netmask 0xfffffe00 broadcast 255.255.255.255
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

i also decided to take a pcap of the icmpv6 on my wan and saw this:

23:54:56.881585 IP6 fe80::201:5cff:fe66:46 > ff02::1: ICMP6, router advertisement, length 144
23:54:59.892542 IP6 fe80::201:5cff:fe66:46 > ff02::1: ICMP6, router advertisement, length 144
23:55:02.962385 IP6 fe80::201:5cff:fe66:46 > ff02::1: ICMP6, router advertisement, length 144
23:55:05.971891 IP6 fe80::201:5cff:fe66:46 > ff02::1: ICMP6, router advertisement, length 144

and so on... (this is not the link local address of my LAN interface)

does anyone have any ideas?

JKnott

Without a link local address, IPv6 will not work at all. Every IPv6 capable interface should have one. Is IPv6 enabled on your WAN interface?

zelliglover

@JKnott yes the whole machine is factory default. the only thing ive done is mess with some dhcp6 settings after it didnt work initially. it was very strange when i saw the default terminal page right after the reset i saw the ipv6 addresses configured correctly. but just dissapeared...

i ticked the required knob on system/advanced/networking and i also ticked Do not allow PD/Address release

JKnott

@zelliglover said in Missing Link Local on WAN:

i ticked the required knob on system/advanced/networking

That's for the firewall. You still have to enable IPv6 on the interface. That's on the WAN interface page in IPv6 Configuration Type.

zelliglover

I also ran this command on SSH

[2.7.0-RELEASE][admin@pfSense.home.arpa]/etc: cat netconfig
# $FreeBSD$
#
# The network configuration file. This file is currently only used in
# conjunction with the (TI-) RPC code in the C library, unlike its
# use in SVR4.
#
# Entries consist of:
#
#       <network_id> <semantics> <flags> <protofamily> <protoname> \
#               <device> <nametoaddr_libs>
#
# The <device> and <nametoaddr_libs> fields are always empty in FreeBSD.
#
udp6       tpi_clts      v     inet6    udp     -       -
tcp6       tpi_cots_ord  v     inet6    tcp     -       -
udp        tpi_clts      v     inet     udp     -       -
tcp        tpi_cots_ord  v     inet     tcp     -       -
rawip      tpi_raw       -     inet      -      -       -
local      tpi_cots_ord  -     loopback  -      -       -

JKnott

@zelliglover said in Missing Link Local on WAN:

about a minute ago

I also ran this command on SSH

What about that setting on the WAN page?

zelliglover

@JKnott said in Missing Link Local on WAN:

@zelliglover said in Missing Link Local on WAN:

i ticked the required knob on system/advanced/networking

That's for the firewall. You still have to enable IPv6 on the interface. That's on the WAN interface page in IPv6 Configuration Type.

@JKnott Sorry I meant to answer; Yes I have that set to DHCP6 and have played around with those checkboxes alot

i also noticed this file:

[2.7.0-RELEASE][admin@pfSense.home.arpa]/var/etc: cat dhcp6c.conf
interface bce0 {
	send ia-na 0;	# request stateful address
	send ia-pd 0;	# request prefix delegation
	request domain-name-servers;
	request domain-name;
	script "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh"; # we'd like nameservers and RTSOLD to do all the work
};
id-assoc na 0 { };
id-assoc pd 0 {
	prefix ::/64 infinity;
	prefix-interface bce1 {
		sla-id 0;
		sla-len 0;
	};
};

and the "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh":

[2.7.0-RELEASE][admin@pfSense.home.arpa]/var/etc: cat dhcp6c_wan_dhcp6withoutra_script.sh 
#!/bin/sh
# This shell script launches rtsold.
dmips=${new_domain_name_servers}
dmnames=${new_domain_name}
dreason=${REASON}
echo $dmips > /tmp/bce0_domain_name_servers
echo $dmnames > /tmp/bce0_new_domain_name
echo $dreason > /tmp/bce0_reason
case $REASON in
REQUEST)
/usr/sbin/rtsold -1 -p /var/run/rtsold_bce0.pid -A /var/etc/rtsold_bce0_script.sh bce0
;;
REBIND)
;;
RELEASE)
/usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d "interface=bce0&dmnames=${dmnames}&dmips=${dmips}"
;;
RENEW|INFO)
esac

I also noticed in the same directory this file:

[2.7.0-RELEASE][admin@pfSense.home.arpa]/var/etc: cat dhcp6c_wan_script.sh 
#!/bin/sh
# This shell script launches /etc/rc.newwanipv6 with a interface argument.
dmips=$(cat "/tmp/bce0_domain_name_servers")
dmnames=$(cat "/tmp/bce0_new_domain_name")
/bin/sleep 1
/usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d "interface=bce0&dmnames=${dmnames}&dmips=${dmips}"

johnpoz

@zelliglover I don't have IPv6 enabled on my wan, and it still has a link-local..

igb1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: WAN
        options=4e100bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
        ether 00:08:a2:0c:e6:25
        inet6 fe80::208:a2ff:fe0c:e625%igb1 prefixlen 64 scopeid 0x2
        inet 209.snipped netmask 0xfffff000 broadcast 255.255.255.255
        inet 192.168.100.2 netmask 0xffffff00 broadcast 192.168.100.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

Off the top of my head, not sure what would cause an interface to not have link-local IPv6 address. Its almost impossible actually disable that ;)

zelliglover

@johnpoz Just recieved my ipv6 addresses! but this might only be temporary. I have connectivity with ipv6. This happened after i reassigned my interfaces through the pfsense console. i do not know how long this will last.

very strange issue

johnpoz

@zelliglover so now your have link-local, did the interface you have as wan before still not have link local?

zelliglover

@johnpoz It has a link local now. I don't know why just reassigning the interfaces in the same exact way changed it, but I'm happy with it as long as its working.

bce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: WAN
	options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
	ether 00:26:b9:8b:fc:4f
	inet6 fe80::226:b9ff:fe8b:fc4f%bce0 prefixlen 64 scopeid 0x1
	inet6 2001:558:6040:52:4d97:8d28:xxxx:xxxx prefixlen 128
	inet 73.x.x.x netmask 0xfffffe00 broadcast 255.255.255.255
	media: Ethernet autoselect (1000baseT <full-duplex,master>)
	status: active
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>