lan clients periodically drop ipv6 connectivity
-
Lan clients appear to lose IPV6 connection after a day or two. Packet capture shows the ping going out the wan but no response is received. General IPV6 connectivity works fine prior to this and no longer works after I verify the ping responses stop.
- I'using SLAAC for lan IP addresses
- my ISP provdes a /64 prefix
- as far as i can tell, the client ipv6 network information seems ok (e.g. addresses, gateways, etc.)
- the client ipv6 network information is the same before and after this occurs
- when a lan client stops working, the other lan clients continue to work until they also stop working somtime later
- when the lan clients lose wan ipv6 access, they still retain ipv6 access on the lan (i.e. they can ping each other using ipv6 addresses)
I thought maybe the leases were expiring and the renewed leases were perhaps not being correctly renewed but the RA timeout settings use the default values and seem much shorter than the failure times I'm seeing.
Any ideas on what is happening or how to further diagnose this?
-
I forgot to mention that if I go to Status/Interfaces on the wan interface and click "Release Wan" with "Relinquish Lease" checked and then renew the lease, the clients are once again able to reach ipv6 wan destinations.
-
@gambit100 That is somewhat normal with dynamic IPv6. Name your ISP and country, maybe someone can give more advise.
-
@Bob.Dig Sorry, I should have mentioned this is for Spectrum ISP in the USA
-
Since you're using SLAAC, there should be periodic router advertisements, that provide the IP address etc.. Do you see those? Also, there are no leases with SLAAC. That's a DHCP thing.
You can see the RAs with Wireshark on a client. You can also use Packet Capture on pfSense, but Wireshark is better.
-
@JKnott I see ICMPv6 traffic on both the lan and wan. I'm not a SLACC or RA pro. I've attached a file with a packet capture on the wan (adding it as text gets flagged as spam by akismet for some reason].ICMPv6.txt
-
That file is really not usefull, as it doesn't show the contents.
I ran Wireshark, filtering on ICMP6. Here's a list of the packets received, with the RA in the top row:
Here is the contents of that frame, showing the relevant info. Several items can be expanded further:
This is the sort of thing you need to understand network problems. You can use Packet Capture, in pfSense, but I find Wireshark is much better. Even if you capture with Packet Capture, you're still better off examining the capture with Wireshark.
Now, if you look at the options, you'll see things like assigned addresses and DNS.
