IPv6 issues, not getting IPv6 on client, but can ping ip6 websites



  • Ok guys, I was running 2.1 dev, like really old. I wrote this guide & had IPv6 working perfectly.

    https://doc.pfsense.org/index.php/Configure_Multiple_IPv6_Subnets

    I didn't upgrade for over a year because I didn't want stuff screwed up. I finally gave in and updated & guess what? Yup, my whole IPv6 setup shit the bed.

    I've tried about 2 times previously to get IPv6 restored but have failed. I don't know what got so screwed up in the new updates. I made progress tonight in successfully setting up the tunnel & I can see me HE tunnel on my dashboard as up & connected. I then referred to my system logs as to why my system wasn't handing out IPv6 addresses via DHCPv6.

    I found an error of - php: /interfaces_gif_edit.php: The command '/sbin/ifconfig gif0 inet6 2001:470:7:bfd::2 2001:470:7:bfd::1 prefixlen 64 ' returned exit code '1', the output was 'ifconfig: ioctl (SIOCAIFADDR): Invalid argument'

    I tracked that down to this thread

    http://forum.pfsense.org/index.php/topic,66605.0.html

    OP says he SSH'd into his pfsense box & typed /sbin/ifconfig gif0 inet6 2001:470:7:bfd::2 2001:470:7:bfd::1 prefixlen /64

    He claims this fixes the issue. I was able to make the GIF tunnel in the regular web interface, but OP claims there is a bug & it has to be done manually via command line. Command line kept telling me no gif interface exists. I'm confused because me & OP have same error, but I could create the GIF interface w/o getting that error but OP wasn't able to even make the interface. I only get the error when client computer attempts to pull IPv6 from DHCPv6.

    I was then lead to this thread - http://forum.pfsense.org/index.php?topic=67437.0

    Jimp says "That gif error was fixed shortly after release, if you do a gitsync to RELENG_2_1 it should pick up a fix."

    I messed with gitsync ONCE EVER to update to 2.1 dev which was year(s) ago. I checked pfsense wiki (https://doc.pfsense.org/index.php/Updating_pfSense_code_between_snapshots) to find out how to do as jimp suggested. it says goto console & type "pfSsh.php playback gitsync RELENG_2_0"

    I replaced the "0" with a "1". It then did some stuff & then it completely killed my pfsense box. Every option from SSH console just gives the same error & my web panel says

    "Warning: get_nics_with_capabilities(): It is not safe to rely on the system's timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EST/-5.0/no DST' instead in /etc/inc/globals.inc on line 49 Fatal error: Call to undefined function pfSense_get_interface_addresses() in /etc/inc/globals.inc on line 49 "

    Now my pfsense box is dead. I'm kinda pissed IPv6 went from being perfect for me to completely screwed up & somehow suggested fixes managed to further kill my pfsense box. Please tell me this is fixable w/o a full system restore from the ground up.

    Any ideas on how to get web config back working & IPv6?

    Edit:Thread with jimp (http://forum.pfsense.org/index.php?topic=26061.0) says

    cd /home/pfsense/tools/pfPorts/php5/ && make all install clean
    cd /home/pfsense/tools/pfPorts/php5-pfSense-module/ && make all install clean

    Not sure what this means. I tried copy & pasting to a shell command window. I get directory or file doesn't exist error.



  • Update:This morning I just wiped my entire pfsense box & did a complete reinstall to HD from newest AMD64 live cd image. Restored backup of pfsense config & got my network back operational. I think something messed up with the gitsync. I no longer am getting the previous error in my system log that I was receiving before. I have a new problem now though.

    php: rc.filter_configure_sync: Could not find IPv6 gateway for interface(wan).

    I believe this is the next issue. I don't think I was fully clear in my initial post, but i'm trying to configure IPv6 with a HE.net tunnel.

    I'm confused on what that message means. I tried researching & search results were turning up people trying to do IPv6 directly from Comcast.

    My IPv6 tunnel gateway shows as up status, with ~50ms ping, which is what it was when it was running under 2.1dev. So that should be fine. pfSense box seems to not be handing out IPv6s to my client (laptop). I have turned on DHCPv6 & set advertising to managed. DHCPv6 server is enabled for under both the IPv6 tunnel interface & my WLAN interface to push IPv6 to my laptop. Does DHCPv6 need to be enabled on only one of the interfaces?

    I've been through this guide top to bottom multiple times. https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker

    Any ideas what to check? Any logs you guys may need?

    ETA:This guide (http://xtropx.blogspot.cz/2012/07/pfsense.html) says if the gateway shows as "up" status, then your tunnel is config correctly. Which should be my case. They say after that you have to set things up on your LAN side, in my case WLAN interface. Leading me back to my conclusion of an issue with DHCPv6 or router advertising, because i'm not receiving a IPv6 on my client side.



  • More Updates:

    I'm also seeing this error occasionally now as well. It's under my System Logs > General.

    "php: /services_dhcpv6.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid em0 gif0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.5-P1 Copyright 2004-2013 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Wrote 0 leases to leases file. Bound to *:547 Unsupported device type 240 for "gif0" If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requests for help directly to the authors of this software - please send them"

    No idea what this error message is trying to tell me, or if it's even causing a problem.

    I took a few screenshots. The only thing I keep reading is that if you can ping an ipv6 address from your pfsense machine everyone keeps saying you don't have a ipv6 allow rule set under firewall rules.

    I have set an ipv6 allow all rule under my WLAN ruleset. My WLAN network is what i'm trying to configure for IPv6.

    IPv6 ping from pfsense box - success:

    My WLAN network, showing IPv6 allow all rule:

    My WAN ruleset, I put an IPv6 allow all rule, though it shouldn't be needed as i'm using a HE tunnel, WAN shouldn't see any IPv6, only IPv4, mabye?

    Checked Diagnostics > pfInfo, this em0 interface is my WLAN network. It shows v6 out working, but v6 in isn't having any data/traffic. I think this is the problem here, problem is I don't know what would control that v6 in flow, as I said I already have an ipv6 allow all rule set on my WLAN firewall ruleset.

    Any ideas based off these images?

    ETA:You may now notice different IPv6 address structure in this post than previous post. I found a post, sorry closed link & don't know where it is anymore, but someone was having trouble with a HE tunnel & he had to delete his tunnel & remade it & his issue was magically fixed. My original tunnel was made Sept 2011, so i deleted it & made another w/o success.

    Update:Tried setting up IPv6 on a server I have on a wired interface to rule out equipment problems. My WLAN uses a powerline network adapter which then runs to the wireless router. I think the powerline network adapter isn't playing nice with IPv6. I believe it's blocking IPv6 communication. I'm going to try running my router w/o that to fix that particular problem. However now on the server I can see the link local talking to my router, but it's still not getting a IPv6. Here is a packet capture of what I see.

    Yes, checked my powerline network adapter. It doesn't support IPv6. So that's why WLAN was having issues. However I can see my server talking to the pfSense router about LL addresses. So i'm not sure why the server isn't getting ipv6.

    For reference the "d0a8" address is the LL of the server. Also now the pfinfo chart shows ip6 in on the server interface. So that's fixed. Any possibilities why i'm still not getting IPv6?

    09:59:02.395087 IP6 fe80::b5e8:eb2c:47d1:d0a8 > ff02::2: ICMP6, router solicitation, length 16
    09:59:02.395296 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120
    09:59:02.414326 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86
    09:59:03.413791 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86
    09:59:05.413737 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86
    09:59:09.030341 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120
    09:59:09.413743 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86
    09:59:14.740678 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120
    09:59:17.419506 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86
    09:59:23.399642 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120
    09:59:33.423158 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86
    09:59:35.516024 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120
    09:59:45.561251 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120
    10:00:05.152375 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120
    10:00:05.422338 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86
    10:00:20.486835 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120
    10:00:36.010342 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120
    10:00:48.593356 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120
    10:01:00.057210 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120