Old IPv6 addresses may continue to be used after DHCP or RA changes #12947 - not fixed?
-
Hello,
I upgraded t the latest 2.8 beta (2.8.0-BETA (amd64) built on Tue Apr 1 4:29:00 CEST 2025).
https://redmine.pfsense.org/issues/12947
-> Old IPv6 addresses may continue to be used after DHCP or RA changes #12947I submitted this bug in the past and it's not fixed:
https://redmine.pfsense.org/issues/15906It has been classified as a duplicate. But I'm not sure if that was correct, because I have still the same issues and IPv6 communication is still broken after an IPv6 prefix change on WAN.
"Has duplicate Bug #15906: After an IPv6 prefix and IP change on the WAN interface the LAN interface IPs and delegated IPv6 prefixes don’t get updated".I assume bug report https://redmine.pfsense.org/issues/15625 is also related to this.
I can provide logs etc. if someone would like to investigate further.
Thank you. -
The DHCP6 client script has been changed to call
rc.newwanipv6on RENEW which deals with the issue I was able to reproduce:
https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/646389402feb2dd94171d7c81d4be67feef4f8d8If it's still an issue for you however, there may be something else going on. Can you show the output of ifconfig before and after the issue happens as well as both the full system and DHCP logs covering the period when the issue happens?
-
I modified the IPv6 addresses slightly (xx.xx) - not to publish my full IPs here.
Before:
Upstream router:
IPv6-Prefix: 2003:xx:xx43:7f00::/56[2.8.0-BETA][admin@pfSense-ipv6.home.arpa]/root: ifconfig
vtnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: WAN
options=800b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
ether 02:11:32:2d:5b:36
inet 192.168.7.253 netmask 0xffffff00 broadcast 192.168.7.255
inet6 fe80::11:32ff:fe2d:5b36%vtnet0 prefixlen 64 scopeid 0x1
inet6 fdc7:326a:c353:0:11:32ff:fe2d:5b36 prefixlen 64 autoconf pltime 3600 vltime 7200
inet6 2003:xx:xx43:7f00:11:32ff:fe2d:5b36 prefixlen 64 autoconf pltime 1424 vltime 7200
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
vtnet1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: VLAN20
options=800b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
ether 02:11:32:22:a9:2f
inet 192.168.20.253 netmask 0xffffff00 broadcast 192.168.20.255
inet6 fe80::11:32ff:fe22:a92f%vtnet1 prefixlen 64 scopeid 0x2
inet6 fe80::1:1%vtnet1 prefixlen 64 scopeid 0x2
inet6 2003:xx:xx43:7ff8:11:32ff:fe22:a92f prefixlen 64
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
vtnet2: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: VLAN30
options=800b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
ether 02:11:32:23:ab:b3
inet 192.168.30.253 netmask 0xffffff00 broadcast 192.168.30.255
inet6 fe80::11:32ff:fe23:abb3%vtnet2 prefixlen 64 scopeid 0x3
inet6 fe80::1:1%vtnet2 prefixlen 64 scopeid 0x3
inet6 2003:xx:xx43:7ff9:11:32ff:fe23:abb3 prefixlen 64
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>After:(I initiated a IPv6 prefix change, all client IPv6 communication stops)
Upstream router:
New IPv6-Prefix: 2003:xx:xx02:2200::/56[2.8.0-BETA][admin@pfSense-ipv6.home.arpa]/root: ifconfig
vtnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: WAN
options=800b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
ether 02:11:32:2d:5b:36
inet 192.168.7.253 netmask 0xffffff00 broadcast 192.168.7.255
inet6 fe80::11:32ff:fe2d:5b36%vtnet0 prefixlen 64 scopeid 0x1
inet6 fdc7:326a:c353:0:11:32ff:fe2d:5b36 prefixlen 64 autoconf pltime 3600 vltime 7200
inet6 2003:xx:xx43:7f00:11:32ff:fe2d:5b36 prefixlen 64 deprecated autoconf pltime 0 vltime 7132
inet6 2003:xx:xx02:2200:11:32ff:fe2d:5b36 prefixlen 64 autoconf pltime 1731 vltime 7200
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
vtnet1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: VLAN20
options=800b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
ether 02:11:32:22:a9:2f
inet 192.168.20.253 netmask 0xffffff00 broadcast 192.168.20.255
inet6 fe80::11:32ff:fe22:a92f%vtnet1 prefixlen 64 scopeid 0x2
inet6 fe80::1:1%vtnet1 prefixlen 64 scopeid 0x2
inet6 2003:xx:xx43:7ff8:11:32ff:fe22:a92f prefixlen 64
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
vtnet2: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: VLAN30
options=800b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
ether 02:11:32:23:ab:b3
inet 192.168.30.253 netmask 0xffffff00 broadcast 192.168.30.255
inet6 fe80::11:32ff:fe23:abb3%vtnet2 prefixlen 64 scopeid 0x3
inet6 fe80::1:1%vtnet2 prefixlen 64 scopeid 0x3
inet6 2003:xx:xx43:7ff9:11:32ff:fe23:abb3 prefixlen 64
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> -
system - general:
Apr 7 16:54:59 check_reload_status 472 Reloading filter
Apr 7 16:54:58 php-fpm 397 /rc.newwanipv6: Gateway, NONE AVAILABLE
Apr 7 16:54:58 php-fpm 397 /rc.newwanipv6: Gateway, NONE AVAILABLE
Apr 7 16:54:19 php-fpm 397 /rc.newwanipv6: rc.newwanipv6: on (IP address: 2003:xx:xx02:2200:11:32ff:fe2d:5b36) (interface: wan) (real interface: vtnet0).
Apr 7 16:54:19 php-fpm 397 /rc.newwanipv6: rc.newwanipv6: Info: starting on vtnet0 due to RENEW. -
I cannot post the DHCP logs because the forum software flags it as SPAM
-
in there another option for sending you logs?
-
You can upload everything here:
https://nc.netgate.com/nextcloud/s/9RnP5LzP7eYBX7C -
I uploaded the first document - I will upload a second soon.
I'm documenting the full cycle until most issues are cleared up automatically. This takes multiple hours (IPv6 client are offline). -
2nd document uploaded.
fyi - a pfSense reboot fixes everything after an IPv6 prefix change.
-
Thank you for the patch.
It looks like it is not solving the issue.
3rd document uploaded. -
Further testing here shows that when the lease is renewed the downstream interfaces were updated by dhcp6c with the new prefix (vmx4 is the LAN, vmx1 is the WAN):
Apr 8 10:02:13 dhcp6c 37136 Sending Renew Apr 8 10:02:13 dhcp6c 37136 dhcp6c Received INFO Apr 8 10:02:13 dhcp6c 37136 add an address 2001:db8:a:a::aab0/128 on vmx1 Apr 8 10:02:13 dhcp6c 37136 Sending Renew Apr 8 10:02:13 dhcp6c 37136 dhcp6c Received INFO Apr 8 10:02:13 dhcp6c 37136 add an address 2001:db8:c:0:250:56ff:feb2:a5f1/64 on vmx4 Apr 8 10:02:13 dhcp6c 37136 remove an address 2001:db8:b:18:250:56ff:feb2:a5f1/64 on vmx4As I understand, in order for the client to update its interfaces with the new prefix outside of the scheduled times it would need to receive an unsolicited reconfigure message (RFC6644). From the logs provided so far, I'm not seeing this happening. This seems to align with the reported behavior on redmine stating that "This situation resolves only after 1.5 to 2 hours."
FWIW "reconfigure" messages are not supported by Kea according to their documentation, and it seems to be the case for ISC dhcpd as well.