[SOLVED] IPV6 issues. no default route via DHCP in Windows, no routing outside



  • Hello All:

    I'm currently facing two issues that I'm not sure I know how to handle and would like some assistance with resolving.

    The two issues are:

    1. A LAN computer connected to the router is able to get a DHCP IP address and can ping the LAN interface of the router however is not able to ping outside. Rules have been created on the WAN, OPT1 and LAN interfaces for IPv6 allowing traffic from any to any (wide open).  The DHCP server is running in Assisted mode and when pulled using a Linux box, I get an IP and a default route for IPv6 as expected.  A windows VM bridged to the same ethernet interface gets an IP but no default route.   Both hosts can ping the LAN IPv6 interface and a ping from the LAN interface to a host on the local network responds as expected.

    2. None of the hosts (DHCP or statically assigned) can ping externally or resolve external DNS. There does not appear to be any firewall rules blocking access, the WAN, OPT1 and LAN interfaces for IPv6 are set to allow traffic from any to any.  A test using Hurricane Electric's Looking Glass confirms that they can reach my end of the tunnel.  DNS Hostname lookups and pings on the router confirms that the tunnel is operational and I am able to ping ipv6.google.com, etc..

    My pfSense version is 2.1-DEVELOPMENT (i386) built on Tue Sep 13 17:28:43 EDT 2011 FreeBSD 8.1-RELEASE-p4 and was just updated earlier this morning (current versioning shown).

    If possible, I would prefer to fix the routing issue as I am not as concerned with Windows getting fixed as I am about routing working in general.  The routing issue would be far more beneficial.

    Please assist.   It feels like I have the two connections up and running, just don't have the magic to get the two to talk to each other.  If you need any additional information, I will be more than happy to provide whatever information that may prove useful.  I would really love to get this figured out!

    Thank you for your time.

    Edited to add:  I used the instructions from http://doc.pfsense.org/index.php/Using_IPv6_on_2.0 to set up IPv6 on this router.



  • An update:

    I decided to manually assign IPs to the test boxes however I still can't get out to the public Internet.  My end of the IPv6 tunnel is still pingable from the outside and I can still access my inside hosts by their IPv6 addresses.  I was able to manually assign a route on the test boxes pointing to the IPv6 address of the LAN port of the router however I am still not able to get outside.

    One thing I noticed is that a traceroute performed on the test boxes shows a !H for the IP address of that host:

    traceroute to ipv6.google.com (2001:4860:4002:802::1014), 30 hops max, 80 byte packets
    1  2001:470:XXXX:YYYY::3 3001.302 ms !H 3001.290 ms !H 3001.272 ms !H

    The !H indicates no route however there IS a route defined!

    route -n -6

    Kernel IPv6 routing table
    Destination                      Next Hop                  Flag  Met  Ref  Use  If
    2001:470:XXXX:YYYY::/64  ::                              U    256  0    1    eth0
    2000::/3                          2001:470:1f0f:ed8::1    UG  1      0    42  eth0

    Does anyone have any suggestions as to what could be causing this?  I would greatly appreciate any assistance with this issue.



  • More weirdness.

    For some reason and thanks to johnpoz in this forum post http://forum.pfsense.org/index.php/topic,43295.0.html I started looking around at the box from a commandline perspective.  I found that rtadvd (or radvd) was NOT running.  I found the binary in /usr/sbin/rtadvd and a conf file in /var/etc/rtadvd.conf (attached below)

    /etc/rc.d/rtadvd start

    Cannot 'start' rtadvd. Set rtadvd_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.

    cat /var/etc/rtadvd.conf

    common definitions.

    default:
           :raflags#0:rltime#3600:
           :vltime#360000:pltime#360000:mtu#1500:
    ether:
           :mtu#1280:tc=default:

    Generated for DHCPv6 Server lan

    em1:
    :addr="2001:470:1f0f:ed8:0:0:0:0":
    :prefixlen#64:
    :raflags="mo":
    :tc=ether:
    :rdnss="2001:470:200::2,2001:470:300::2":
    :dnssl="local":

    Generated for DHCP-PD delegation opt2

    gif0:
    :pltime=60:
    :pltime=120:
    :vltime=180:
    :rtltime=60:
    :addr="2001:470:1f0e:ed8:0:0:0:0":
    :prefixlen#126:
    :raflags="mo":
    :rdnss="2001:470:1f0f:ed8::1":
    :tc=ether:\

    Manual attempts to start rtadvd showed this error:

    /usr/sbin/rtadvd -f -D -c /var/etc/rtadvd.conf em1

    rtadvd[18322]: <getconfig>non zero router lifetime is specified for em1, which must not be allowed for hosts.  you must change router lifetime or enable IPv6 forwarding.

    After investigating further, I decided to start digging into why em1 was not considered a routing interface.  I came across the sysctl command which I hadn't thought to check as according to the HOWTO, it should  have already been enabled!

    sysctl –help

    sysctl: illegal option -- -
    usage: sysctl [-bdehiNnoqx] name[=value] …
          sysctl [-bdehNnoqx] -a

    sysctl net.inet6.ip6.forwarding

    net.inet6.ip6.forwarding: 0

    sysctl net.inet6.ip6.forwarding=1

    net.inet6.ip6.forwarding: 0 -> 1

    sysctl net.inet6.ip6.forwarding

    net.inet6.ip6.forwarding: 1

    Turning on this option allowed me to start rtadvd:

    /usr/sbin/rtadvd -f -D -c /var/etc/rtadvd.conf em1

    rtadvd[7489]: <ra_timer_update>RA timer on em1 is set to 16:0
    rtadvd[7489]:

    <main>set timer to 15:999607. waiting for inputs or timeout
    rtadvd[7489]:

    <main>set timer to 0:568. waiting for inputs or timeout
    rtadvd[7489]:

    <main>set timer to 0:300. waiting for inputs or timeout
    rtadvd[7489]:

    <main>set timer to 0:169. waiting for inputs or timeout
    rtadvd[7489]:

    <main>set timer to 0:136. waiting for inputs or timeout
    rtadvd[7489]:

    <main>set timer to 0:117. waiting for inputs or timeout
    rtadvd[7489]:

    <main>set timer to 0:97. waiting for inputs or timeout
    rtadvd[7489]:

    <main>set timer to 0:77. waiting for inputs or timeout
    rtadvd[7489]:

    <main>set timer to 0:58. waiting for inputs or timeout
    rtadvd[7489]:

    <main>set timer to 0:39. waiting for inputs or timeout
    rtadvd[7489]:

    <main>set timer to 0:20. waiting for inputs or timeout
    rtadvd[7489]:

    <main>set timer to 0:1. waiting for inputs or timeout
    rtadvd[7489]: <ra_timeout>RA timer on em1 is expired
    rtadvd[7489]: <ra_output>send RA on em1, # of waitings = 0
    rtadvd[7489]: <ra_timer_update>RA timer on em1 is set to 16:0
    rtadvd[7489]:

    <main>set timer to 16:0. waiting for inputs or timeout

    and again without foreground and debug enabled:

    /usr/sbin/rtadvd -c /var/etc/rtadvd.conf em1

    ps fauwx | grep rtadvd

    root  63514  0.0  0.2  3316  1168  ??  Ss  12:09PM  0:00.00 /usr/sbin/rtadvd -c /var/etc/rtadvd.conf em1
    root    5119  0.0  0.3  3524  1260  0  S+  12:09PM  0:00.00 grep rtadvd

    And now, I am finally able to connect to ipv6 addresses using my v6/v4 computer.  The question is why weren't these options set (at least the IPv6 routing forwarding)?  Was there some step I missed in getting radvd started?  It's not listed on the DHCP page nor is it listed under Status->Services as a startable option.

    I did re-git my router this morning, but it does not appear that the versioning has changed:

    2.1-DEVELOPMENT (i386)
    built on Tue Sep 13 17:28:43 EDT 2011
    FreeBSD 8.1-RELEASE-p4

    The only issue now is DNS resolution however I think it's just firewall weirdness and I can get that sorted out later on.  The segment is running v4/v6 and ipv4 DNS server answers ipv6 queries (forwards) so I'm good there.</main></ra_timer_update></ra_output></ra_timeout> </main>

    </main>

    </main>

    </main>

    </main>

    </main>

    </main>

    </main>

    </main>

    </main>

    </main>

    </main></ra_timer_update></getconfig>



  • If you do nog reboot after the first time hou gitsync those won't be set.



  • Hello databeestje:

    When I performed the resync the first time, my shell session got "terminated" (got kicked back to local prompt) and I had to login again so I thought the router had rebooted.  I resynched it just a moment ago and rebooted it again after my session got terminated and it looks like everything's working.  I can access ipv6.google.com and a test site so all appears well now.

    Thank you for your assistance.

    FIRESTORM_v1

    Note to newbies:  If you're planning on implementing IPv6, it's best to use a v6/v4 dual-homed network.  Running IPV6-only will leave you with very little to do on the Internet.  (example:  www.v6.facebook.com only works halfway.  Facebook's fault. :P )


Log in to reply