Native IPv6 doesn't work.



  • I have an ALIX2D13 board, .. running the latest pfsense 2.1 compiled September 11th. I get native IPv6 from my ISP, but it requires border gateway protocol daemon to set the routes, .. from the dhcp6c on port 546

    Around July I had IPv6 working just fine, .. running snapshot version, .. around September 4th I upgraded the snapshot due to kernel security issues from that point on the dhcp6c didn't start by it self, .. and I could get the routes in place by running dhcp6c manually, .. running:

    /usr/local/sbin/dhcp6c -f -d -D -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c_pppoe0.pid pppoe0
    

    After that, .. snapshot went stable, .. now the dhcp6c starts, however the routes don't get updated so a while back I could still do it manually, .. doing killall dhcp6c and running it manually and my routes would get updated.

    FE80::/64 to udp 546 is allowed on the firewall, ..

    However today that doesn't seem to work either !? Does anyone know by any chance how I can make it work, ..



  • I also noticed this today, .. in my dmesg

    cannot forward src fe80:3::f66d:4ff:fe9a:acdb, dst 2a00:1450:4013:c00::5e, nxt 58, rcvif vr2, outif pppoe0
    cannot forward src fe80:3::becf:ccff:fe73:6987, dst 2a00:1450:4013:c00::bc, nxt 6, rcvif vr2, outif pppoe0
    cannot forward src fe80:3::becf:ccff:fe73:6987, dst 2a00:1450:4013:c00::bc, nxt 6, rcvif vr2, outif pppoe0
    cannot forward src fe80:3::becf:ccff:fe73:6987, dst 2a00:1450:4013:c00::bc, nxt 6, rcvif vr2, outif pppoe0
    cannot forward src fe80:3::becf:ccff:fe73:6987, dst 2a00:1450:4013:c00::bc, nxt 6, rcvif vr2, outif pppoe0
    

    and tcpdump shows

    11:35:14.418367 IP6 (hlim 1, next-header UDP (17) payload length: 80) fe80::20d:b9ff:fe2b:7f74.546 > ff02::1:2.547: dhcp6 request (xid=752f3 (client ID hwaddr/time type 1 time 437427472 000db92b7f74) (server ID hwaddr type 1 00077d565900)[|dhcp6ext])
    11:35:14.427138 IP6 (class 0xe0, hlim 255, next-header UDP (17) payload length: 79) fe80::207:7dff:fe56:5900.547 > fe80::20d:b9ff:fe2b:7f74.546: dhcp6 reply (xid=752f3 (server ID hwaddr type 1 00077d565900) (client ID hwaddr/time type 1 time 437427472 000db92b7f74)[|dhcp6ext])
    11:35:15.759607 IP6 (hlim 1, next-header UDP (17) payload length: 60) fe80::20d:b9ff:fe2b:7f74.546 > ff02::1:2.547: dhcp6 solicit (xid=88556a (client ID hwaddr/time type 1 time 437427472 000db92b7f74) (IA_NA IAID:0 T1:0 T2:0) (elapsed time 0))
    11:35:15.790350 IP6 (class 0xe0, hlim 255, next-header UDP (17) payload length: 79) fe80::207:7dff:fe56:5900.547 > fe80::20d:b9ff:fe2b:7f74.546: dhcp6 advertise (xid=88556a (server ID hwaddr type 1 00077d565900) (client ID hwaddr/time type 1 time 437427472 000db92b7f74)[|dhcp6ext])
    11:35:16.768733 IP6 (hlim 1, next-header UDP (17) payload length: 80) fe80::20d:b9ff:fe2b:7f74.546 > ff02::1:2.547: dhcp6 request (xid=caaa7a (client ID hwaddr/time type 1 time 437427472 000db92b7f74) (server ID hwaddr type 1 00077d565900)[|dhcp6ext])
    11:35:16.778064 IP6 (class 0xe0, hlim 255, next-header UDP (17) payload length: 79) fe80::207:7dff:fe56:5900.547 > fe80::20d:b9ff:fe2b:7f74.546: dhcp6 reply (xid=caaa7a (server ID hwaddr type 1 00077d565900) (client ID hwaddr/time type 1 time 437427472 000db92b7f74)[|dhcp6ext])
    

    and a lot of these

    Nov 11 12:04:37 	wan php: rc.newwanipv6: rc.newwanipv6: Failed to update wan IPv6, restarting...
    Nov 11 12:04:39 	wan dhcp6c[76013]: update_ia: status code for NA-0: no addresses
    


  • an other thing i've noticed is that the IPv6 of the pppoe0 doesn't list in /status_interfaces.php it only shows the fe80::/64 range of ip's one with and one without %pppoe0 but no IPv6 however when I check ssh and I do ifconfig pppoe0 it is clearly there !?



  • There is a problem with some IPv6 configurations in the release version of 2.1 - I and several other people have had to go back to RC0 to get things working.

    I don't know enough about the inner workings of the pfSense project to know if anyone is working on this, nor do I know if the problem we see here is the same as the one you're seeing, but despite its 'RELEASE' label, you definitely need to view 2.1 as 'experimental' as far as IPv6 is concerned.



  • Then they shouldn't have labelt 2.1 stable, .. or at least add a warning, .. I've been looking for like weeks, .. I know my way around BSD enough to do changes from the console, only I'm not that great with networking, .. i think i'm missing a route, .. all i need to know is how to route my IPv6LAN/48 prefix to the IPv6WAN/128. In normal situations i would just do route chang/add -inet default someip, .. however that doesn't seem to work.

    I can ping from the WANIPV6/128 prefix just not from LANIPv6/48 prefix, .. there seem just a lot of bugs in the systems php interface, from what i gather it's not catching the IPv6 from the wan properly,



  • @Ofloo:

    Then they shouldn't have labelt 2.1 stable, .. or at least add a warning,

    Ultimately, it's worth what you paid for it…  That's just the way of this kind of project, and there's no point getting angry with people who've indirectly donated their time to you in the first place.  But I do share some of your disappointment with 2.1.

    I suspect it's just not possible to test a product as complex as pfSense thoroughly within the available resources of a small open-source project, so if you use this sort of product then you need to take it for what it is, regardless of the suffixes which the team apply to their version numbers.



  • So if I pay the 99$ i get a gold star thingy then IPv6 will work or what does that mean? Which I would if it would make IPv6 work.

    Listen, I can understand if you didn't "know", but these issues are there from august we are November, I'm not saying there's any way they should donate their time or whatever, just don't label it stable which was done in September ! Even when there where still issues, regarding ipv6.

    Also isn't it there in the top of the feature list, that it is supposed to work !?
    http://blog.pfsense.org/?p=712

    Don't understand me wrong I'm grateful for the project, .. however, that doesn't mean I won't speak my mind. No one is forcing anyone to do anything, ..

    You know I've got a nanobsd that can read your mind and intelligently can do everything for you, you don't need to do shit it all goes by it self, oh you know what right that feature is not working properly, but I've got it.

    Rather then getting into this kind of BS, .. is there anyone who can tell me where i should start trying to fix this. At this point I'm thinking either the dhcp6c or openbgpd, .. also the fact that it doesn't properly assigns the IP can be an issue, at least that's what I think. So I've modified the code then when get_interface is empty it returns my IPv6 instead, cause it is static anyway, ..

    doing that however fixed one dhcp6c error the one about IA_PD, which is weird casue if i read the main it shouldn't be related cause pd should be about prefix.



  • @Ofloo:

    Listen, I can understand if you didn't "know", but these issues are there from august we are November, I'm not saying there's any way they should donate their time or whatever, just don't label it stable which was done in September ! Even when there where still issues, regarding ipv6.

    You certainly come across as very wound-up by this!  I'm nothing to do with the project. I'm just a fellow user, who is also vaguely disappointed by the quality of the IPv6 support in 2.1-release.  I don't have the time to join the project and fix things, either.

    Stop ranting, because it will achieve nothing, other than possibly to demotivate the one or two people who might be persuadable to actually fix this stuff.

    If you can't live with pfSense for what it is and always will be (very cheap, not very stable) then you should find something better.