IPv6 connection unstable



  • Hi,

    The past two weeks I have been using PFsense as a replacement for my cisco router. And I have to say, that it's an amazing router. But I noticed frequent disconnects for IPv6. I had it down to me making changes to firewall rules and other stuff all the time, but now that I am finished, the disconnects still happen.

    My setup is that I get both a static IPv4 and a static ::/48 from my provider using PPPOe. The WAN interface is up and IPv4 works, but IPv6 to the same ISP is down (cannot ping from any connected network, nor from the router itself. '

    The only way to resume connectivity over IPv6 appears to be a reboot of pfsense.

    Now, this is a deal breaker, the router being replaced had a stable connection to the same ISP for quite some time, so the logical blame would lie with pfsense.

    I am looking for ways to troubleshoot the issue, but it seems the log that I did see (PPP) is not helpfull in any way, as it doesn't even register the disconnect.

    Any other place to look, and is there a way to revive the IPv6 connection without having to reboot the box ?



  • @jvangent100:


    Any other place to look, and is there a way to revive the IPv6 connection without having to reboot the box ?

    Check for one instance of dhcp6c with [Diagnostics: Execute command] (ps ax | grep dhcp6c) or kill -9 the PID
    [Interfaces: Wan] save
    or
    [Status: Interfaces] disconnect; connect



  • The last two things don't work, they won't revive the connection for some reason.

    I just tried  "/etc/rc.linkup stop wan" and again a start wan and that seems to work !

    I would have thought doing it through the GUI would be the same thing :)

    Anyway the dhcp6c_wan.conf shows the following:

    interface pppoe0 {
            send ia-pd 0;  # request prefix delegation
            request domain-name-servers;
            request domain-name;
            script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers pl$
    };
    id-assoc pd 0 {
    };

    Is there a log attached to this process somewhere, maybe it will log something when the connection is down. The last few days, I have seen daily disconnects, whilst before I never had this issue and the IPv6 connection was perfectly stable.

    OK: found /var/log/dhcpd.log which seems to contain more information. I see frequent dhcp6c[18063]: XID mismatch

    around, is this a problem ?



  • @jvangent100:


    OK: found /var/log/dhcpd.log which seems to contain more information. I see frequent dhcp6c[18063]: XID mismatch
    around, is this a problem ?

    Yes. It can be related to more than one instance of dhcp6c, or your gateway has another ID as valid.

    I encounter lease renewal problems when my PPPoE IPv6 Link Local is a private-extension fe80 number i.s.o. the real MAC related. I can/must repair this by doing PPPoE disconnect/connect after a reboot.

    Reboot gives a private-extension fe80 every time.  :(
    despite [System: Advanced: System Tunables] (net.inet6.ip6.use_tempaddr=0) and (net.inet6.ip6.prefer_tempaddr=0)

    Other important points:
    MTU 1492 for IPv6 WAN & LAN ? (lack RFC 4638)
    Uncheck bogon networks WAN & LAN until pfSense 2.2.1 is out or do the patch.
    Firewall floating rule IPv6 ICMP any any allowed



  • @hda:

    @jvangent100:


    OK: found /var/log/dhcpd.log which seems to contain more information. I see frequent dhcp6c[18063]: XID mismatch
    around, is this a problem ?

    Yes. It can be related to more than one instance of dhcp6c, or your gateway has another ID as valid.

    I encounter lease renewal problems when my PPPoE IPv6 Link Local is a private-extension fe80 number i.s.o. the real MAC related. I can/must repair this by doing PPPoE disconnect/connect after a reboot. Reboot gives a private-extension fe80 every time.  :(

    Other important points:
    MTU 1492 for IPv6 WAN & LAN ? (lack RFC 4638)
    Uncheck bogon networks WAN & LAN until pfSense 2.2.1 is out or do the patch.
    Firewall floating rule IPv6 ICMP any any allowed

    Well mine Always comes up after reboot, but it disconnects frequently.

    anyway:

    MTU check
    Uncheck bogon check
    ICMP6 allow on all segments (LAN, WAN1, WAN2, DMZ and Guest) didn't know I could use a floating rule for this :)

    In any case, I cooked up a little script that gets the processID, kills the dhcp process and then stops and starts the wan again, seems to work fine and at least is a quick fix to connection problem.

    Will watch relevant logs and hope to find out why I am getting frequent disconnects (sometimes twice a day). Could periodically killing and starting DCHPc6 help ?



  • @jvangent100:

    Well mine Always comes up after reboot, but it disconnects frequently.

    Will watch relevant logs and hope to find out why I am getting frequent disconnects (sometimes twice a day). Could periodically killing and starting DCHPc6 help ?

    Some past experience.

    Assure a MAC-derived fe80 linklocal on the WAN, do not rely on one compounded from privacy-extensions.

    If the other side pulls the line (too long for apinger), then IPv4 will recover but IPv6 may not. But then a (re)fresh PPPoE disconnect/connect will solve. [Status: Interfaces]

    If a disconnect is (IPv4 & IPv6), then test relaxation (factor 4 to 8 (Probe Interval, Down)) for apinger [System: Gateways: Edit gateway].

    Periodically restarting, like frequent config changes, can introduce instance problems for dhcp6c like new PID is established and old is not flushed.


Log in to reply