2.2.1: No IPv6 assigned to LAN anymore

IPv6
Log in to reply
  • M

    ~~After updating to 2.2.1, my pfSense setup no longer assigns IPv6 addresses on the LAN side.

    pfSense itself works fine and can ping IPv6 hosts. Reverting to 2.2 restores IPv6.

    WAN Interface configuration: DHCP6

    • Send options: ia-pd 0, ia-na 0
    • Non-Temporary Address Allocation checked
    • Prefix Delegation checked
    • custom DUID

    LAN: Track Interface

    dhcp6c and radvd are running.

    A bug?~~

    Solved. Just a configuration error, not 2.2.1 related.

    0
  • V

    Also noticed that post upgrade.

    That ZMQ doesn't seem to be working

    Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20121212/zmq.so' - Shared object "libpgm-5.2.so.0" not found, required by "libzmq.so.4" in Unknown on line 0

    and

    sudo doesn't work

    $sudo
Shared object "libintl.so.9" not found, required by "sudo"

    Not sure if this is related.

    0
  • M

    I seem to have the same problem.  WAN gets an IPV6 address fine, but LAN does not.  This is with Comcast, if that is relevant.

    WAN configuration is DHCP6, DHCPv6 Prefix Delegation size 60, and Send IPv6 prefix hint selected.  LAN is configured to Track Interface WAN.

    0
  • K

    Must only effect native IPV6.  Tunnel brokers seem fine.

    0
  • C

    @kejianshi:

    Must only effect native IPV6.

    Definitely not native in general, seems only DHCPv6+PD related. I'm looking into it.

    0
  • K

    That will affect everyone using Comcast and Time Warner Cable + IPV6 I guess?

    0
  • A

    This is affecting all DHCPv6+PD setups not just Comcast.

    dhcp6c config file does not have pd entry in it:

    interface vmx0 {
        send ia-na 0;   # request stateful address
        request domain-name-servers;
        request domain-name;
        script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
    0
  • A

    Ignore my last post. Forgot that you need to apply WAN after you change LAN settings for DHCPv6+PD to work. Working fine here on AT&T.

    dhcp6c config file:

    
interface vmx0 {
        send ia-na 0;   # request stateful address
        send ia-pd 0;   # request prefix delegation
        request domain-name-servers;
        request domain-name;
        script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
        prefix ::/64 infinity;
        prefix-interface vmx1_vlan10 {
                sla-id 0;
                sla-len 0;
        };
};

    Guys who are having issues, can you post your dhcp6c config file: /var/etc/dhcp6c_wan.conf
    It would also be helpful if you ran dhcp6c in debug mode and posted the output. In order to do that kill existing dhcp6c and execute "/usr/local/sbin/dhcp6c -f -d -D -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c_vmx0.pid vmx0" after replacing interface names in the command.

    0
  • M

    Here's one of the broken setups:

    /var/etc/dhcp6c_wan.conf:

    interface em0 {
        send ia-pd 0;
        send ia-na 0;
        script "/var/etc/dhcp6c_wan_script.sh";
};
id-assoc na { };
id-assoc pd { };

    /usr/local/sbin/dhcp6c -f -d -D -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c_em0.pid em0:

    Mar/18/2015 08:07:35: extracted an existing DUID from /var/db/dhcp6c_duid: my:du:id
Mar/18/2015 08:07:35: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Mar/18/2015 08:07:35: failed initialize control message authentication
Mar/18/2015 08:07:35: skip opening control port
Mar/18/2015 08:07:35: <3>[interface] (9)
Mar/18/2015 08:07:35: <5>[em0] (3)
Mar/18/2015 08:07:35: <3>begin of closure [{] (1)
Mar/18/2015 08:07:35: <3>[send] (4)
Mar/18/2015 08:07:35: <3>[ia-pd] (5)
Mar/18/2015 08:07:35: <3>[0] (1)
Mar/18/2015 08:07:35: <3>end of sentence [;] (1)
Mar/18/2015 08:07:35: <3>[send] (4)
Mar/18/2015 08:07:35: <3>[ia-na] (5)
Mar/18/2015 08:07:35: <3>[0] (1)
Mar/18/2015 08:07:35: <3>end of sentence [;] (1)
Mar/18/2015 08:07:35: <3>[script] (6)
Mar/18/2015 08:07:35: <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
Mar/18/2015 08:07:35: <3>end of sentence [;] (1)
Mar/18/2015 08:07:35: <3>end of closure [}] (1)
Mar/18/2015 08:07:35: <3>end of sentence [;] (1)
Mar/18/2015 08:07:35: <3>[id-assoc] (8)
Mar/18/2015 08:07:35: <13>[na] (2)
Mar/18/2015 08:07:35: <13>begin of closure [{] (1)
Mar/18/2015 08:07:35: <3>end of closure [}] (1)
Mar/18/2015 08:07:35: <3>end of sentence [;] (1)
Mar/18/2015 08:07:35: <3>[id-assoc] (8)
Mar/18/2015 08:07:35: <13>[pd] (2)
Mar/18/2015 08:07:35: <13>begin of closure [{] (1)
Mar/18/2015 08:07:35: <3>end of closure [}] (1)
Mar/18/2015 08:07:35: <3>end of sentence [;] (1)
Mar/18/2015 08:07:35: called
Mar/18/2015 08:07:35: called
Mar/18/2015 08:07:35: reset a timer on em0, state=INIT, timeo=0, retrans=383
Mar/18/2015 08:07:35: a new XID (9b472d) is generated
Mar/18/2015 08:07:35: set client ID (len 10)
Mar/18/2015 08:07:35: set identity association
Mar/18/2015 08:07:35: set elapsed time (len 2)
Mar/18/2015 08:07:35: set IA_PD
Mar/18/2015 08:07:35: send solicit to ff02::1:2%em0
Mar/18/2015 08:07:35: reset a timer on em0, state=SOLICIT, timeo=0, retrans=1088
Mar/18/2015 08:07:35: receive advertise from ro:ut:er%em0 on em0
Mar/18/2015 08:07:35: get DHCP option identity association, len 40
Mar/18/2015 08:07:35:   IA_NA: ID=0, T1=3600, T2=7200
Mar/18/2015 08:07:35: get DHCP option IA address, len 24
Mar/18/2015 08:07:35:   IA_NA address: ip:bl:oc:k::1 pltime=4500 vltime=7200
Mar/18/2015 08:07:35: get DHCP option IA_PD, len 41
Mar/18/2015 08:07:35:   IA_PD: ID=0, T1=3600, T2=7200
Mar/18/2015 08:07:35: get DHCP option IA_PD prefix, len 25
Mar/18/2015 08:07:35:   IA_PD prefix: ip:bl:oc:k::/56 pltime=4500 vltime=34359745568
Mar/18/2015 08:07:35: get DHCP option client ID, len 10
Mar/18/2015 08:07:35:   DUID: my:du:id
Mar/18/2015 08:07:35: get DHCP option server ID, len 14
Mar/18/2015 08:07:35:   DUID: so:me:du:id
Mar/18/2015 08:07:35: get DHCP option preference, len 1
Mar/18/2015 08:07:35:   preference: 255
Mar/18/2015 08:07:35: server ID: so:me:id, pref=255
Mar/18/2015 08:07:35: a new XID (6a05d6) is generated
Mar/18/2015 08:07:35: set client ID (len 10)
Mar/18/2015 08:07:35: set server ID (len 14)
Mar/18/2015 08:07:35: set IA address
Mar/18/2015 08:07:35: set identity association
Mar/18/2015 08:07:35: set elapsed time (len 2)
Mar/18/2015 08:07:35: set IA_PD prefix
Mar/18/2015 08:07:35: set IA_PD
Mar/18/2015 08:07:35: send request to ff02::1:2%em0
Mar/18/2015 08:07:35: reset a timer on em0, state=REQUEST, timeo=0, retrans=977
Mar/18/2015 08:07:35: receive reply from ro:ut:er%em0 on em0
Mar/18/2015 08:07:35: get DHCP option identity association, len 40
Mar/18/2015 08:07:35:   IA_NA: ID=0, T1=3600, T2=7200
Mar/18/2015 08:07:35: get DHCP option IA address, len 24
Mar/18/2015 08:07:35:   IA_NA address: ip:bl:oc:k::1 pltime=4500 vltime=7200
Mar/18/2015 08:07:35: get DHCP option IA_PD, len 41
Mar/18/2015 08:07:35:   IA_PD: ID=0, T1=3600, T2=7200
Mar/18/2015 08:07:35: get DHCP option IA_PD prefix, len 25
Mar/18/2015 08:07:35:   IA_PD prefix: ip:bl:oc:k::/56 pltime=4500 vltime=34359745568
Mar/18/2015 08:07:35: get DHCP option client ID, len 10
Mar/18/2015 08:07:35:   DUID: my:du:id
Mar/18/2015 08:07:35: get DHCP option server ID, len 14
Mar/18/2015 08:07:35:   DUID: so:me:du:id
Mar/18/2015 08:07:35: get DHCP option preference, len 1
Mar/18/2015 08:07:35:   preference: 255
Mar/18/2015 08:07:35: make an IA: PD-0
Mar/18/2015 08:07:35: create a prefix ip:bl:oc:k::/56 pltime=140733193392532, vltime=140733193395232
Mar/18/2015 08:07:35: make an IA: NA-0
Mar/18/2015 08:07:35: create an address ip:bl:oc:k::1 pltime=4500, vltime=7200
Mar/18/2015 08:07:35: add an address ip:bl:oc:k::1/128 on em0
Mar/18/2015 08:07:35: executes /var/etc/dhcp6c_wan_script.sh
Mar/18/2015 08:07:40: script "/var/etc/dhcp6c_wan_script.sh" terminated
Mar/18/2015 08:07:40: removing an event on em0, state=REQUEST
Mar/18/2015 08:07:40: removing server (ID: so:me:id)
Mar/18/2015 08:07:40: got an expected reply, sleeping.
    0
  • M

    Ah come on :)
    I have native IPv6 and WAN (pppoe) and now after upgrade LAN cannot connect via IPv6 anymore.
    Am I affected with same problem?

    From LAN I can reach pfsense but I cannot reach internet.
    From pfsense WAN (pppoe) I can reach internet via IPV6.
    =??

    0
  • K

    If you already did a reboot and its not working then, yes,  I'd imagine you are most likely affected.  I think you are the first to mention ppoe though.  Congratulations.

    Getting IPV6 on the WAN with DHCP?

    0
  • M

    Yes, DHCPv6 PD, ip trough ipv4, do not request IP addr. and that`s it.
    After upgrade and reboot PPPoE WAN can ping IPv6 internet but LAN does not come trough FW…

    0
  • D

    Just to add to the mix … My Internode (Australian ISP) IPv6 config is working fine using a tracked PPPoE WAN with DHCPv6 PD. An IPv6 address is correctly assigned to the LAN interface.

    Interface IPv6 config
    Use IPv4 connectivity -> Yes
    Request only prefix -> Yes
    DHCPv6 Prefix Delegation -> 56
    Send IPv6 prefix hint -> No

    /var/etc/dhcp6c_opt1.conf:
    interface pppoe1 {
    send ia-pd 0; # request prefix delegation
    request domain-name-servers;
    request domain-name;
    script "/var/etc/dhcp6c_opt1_script.sh"; # we'd like some nameservers please
    };
    id-assoc pd 0 {
    prefix-interface vr0 {
    sla-id 0;
    sla-len 8;
    };
    };

    0
  • M

    WebUI generates WRONG config file this is for sure.
    WebUI generated:

    interface pppoe0 {
 request domain-name-servers;
 request domain-name;
 script "/var/etc/dhcp6c_opt2_script.sh"; # we'd like some nameservers please
};

    But is should be:

    interface pppoe0 {
 send ia-pd 0; # request prefix delegation
 request domain-name-servers;
 request domain-name;
 script "/var/etc/dhcp6c_opt2_script.sh"; # we'd like some nameservers please
};
id-assoc pd 0 {
};

    I created my own .conf file and specify it at DHCPv6, restarted PPPoE and it works.

    0
  • M

    Or if I do this also works just fine (see image)


    0
  • H

    @maverick_slo:

    Or if I do this also works just fine (see image)

    +1.

    Using the Advanced solution as a Temporary Solution.

    [ After upgrade from 2.2. Std.config using the PPPoE as parent; prefix only; /48; then LAN's static. Didn't work out.
    Bug expresses with IPv6 no ia-pd 0 in the /var/etc/…WAN config  ]

    0
  • R

    @mrhanman:

    WAN configuration is DHCP6, DHCPv6 Prefix Delegation size 60, and Send IPv6 prefix hint selected.  LAN is configured to Track Interface WAN.

    Working fine here (also Comcast) with that same configuration.

    0
  • A

    It appears that only guys that are using advanced DHCPv6 configuration options are having problems. It would be interesting to hear why you are using advanced options instead of basic options because looking at your configs a lot of things do not make sense.

    There are couple things to keep in mind when you select advanced DHCPv6 options. First, it overrides non-advanced options so they really don't do anything. Second, settings on the LAN interface, making it track WAN for example, are ignored as well

    Majin3 - your dhcp6c config file does not have 'prefix-interface' statement inside of it, thus even though log you posted shows us that prefix is returned from DHCPv6 server dhcp6c simply ignores it because it does not know what to do with it. I looked at the code and I don't see how this could have worked with 2.2. If you have reverted to 2.2 and could post /var/etc/dhcp6c_wan.conf that might help a lot. Also, how did you configure custom DUID?

    maverick_slo - did you use advance options when your setup worked? Configs that you posted have 'request domain-name-servers;' and screenshot that you posted has empty 'Request Options' field. That does not add up because in order to have 'request domain-name-servers;' in config you would need to specify that in 'Request Options' field. And just like in previous case if you have empty 'id-assoc pd 0 {};' in your config file, prefix does not get assigned to LAN, unless you configure it manually using static assignment.

    0
  • H

    @maverick_slo:

    Or if I do this also works just fine (see image)

    I have PPPoE also and have to use the settings in the attached image before I can get my /56 PD to work as the normal settings did not work.

    0
  • M

    @azzido:

    Majin3 - your dhcp6c config file does not have 'prefix-interface' statement inside of it, thus even though log you posted shows us that prefix is returned from DHCPv6 server dhcp6c simply ignores it because it does not know what to do with it. I looked at the code and I don't see how this could have worked with 2.2. If you have reverted to 2.2 and could post /var/etc/dhcp6c_wan.conf that might help a lot. Also, how did you configure custom DUID?

    Ugh, you are right. Seems like it was a configuration error after all and loading my snapshot of 2.2 was also loading a working DHCP6C configuration (with prefix-interface defined) I seem to have broken at some point…
    Thank you and sorry for wasting time. No relation to 2.2.1 whatsoever.

    0
  • M

    I did not use advanced options before.
    also request domain options dont play ANY role here… I just tried with diffetent options...
    only custom config or advanced settings from screenshot are working... Lan is static ipv6 in my case.
    also I have no config error somethibg borked conf file during upgrade...

    0
  • A

    @maverick_slo:

    I did not use advanced options before.
    also request domain options dont play ANY role here… I just tried with diffetent options...
    only custom config or advanced settings from screenshot are working... Lan is static ipv6 in my case.
    also I have no config error somethibg borked conf file during upgrade...

    Your basic config stopped working because of this change: https://redmine.pfsense.org/issues/4436. PD is no longer being requested if you do not have tracking interfaces configured. If you changed from static to track interface on LAN side it would work fine. Can you share why you configure your lan as static instead of track?

    0
  • M

    Sure.
    I have static /64 on pppoe and static /56 (divided into /64) on my lan, so track iface is naturally not an option for me…
    I missed that one actually was anomaly that in 2.2.1 is now resolved...

    0
  • J

    @azzido:

    @maverick_slo:

    I did not use advanced options before.
    also request domain options dont play ANY role here… I just tried with diffetent options...
    only custom config or advanced settings from screenshot are working... Lan is static ipv6 in my case.
    also I have no config error somethibg borked conf file during upgrade...

    Your basic config stopped working because of this change: https://redmine.pfsense.org/issues/4436. PD is no longer being requested if you do not have tracking interfaces configured. If you changed from static to track interface on LAN side it would work fine. Can you share why you configure your lan as static instead of track?

    I am holding off on updating PFsense partly due to this very thread. IPv6 is important to me and I don't want any issues regarding it.

    Maybe I am mis-understanding you. Are you saying that I cannot have a static IPv6 LAN address and a working DHCPv6 prefix delegation ? As that is precisely the setup that has been working here for years and years (only recently with PFsense).

    And in my view such a setup makes perfect sense, my :/48 prefix is static (just as my ipv4 and routed subnet) but my ISP requires me to using DHCP for both.

    For the lan side, I use RADVD but in managed mode, as I don't want clients (let alone servers or routers) to get IP address from RA, they should get IP address and DNS server settings from an authorized internal IPv6 DHCP server.

    0
  • K

    To me, it seems everything is actually working except you have to do in the advanced configuration section what has always worked in the normal WAN setup area.  I assume this is a simple gui error and not an underlying issue with pfsense.  I'd also assume it will be corrected in .2

    probably already fixed in the nightly updates actually, but I haven't tried it.

    0
  • A

    This is my personal opinion which might not match with pfSense dev opinion.

    The whole idea of DHCP (v4 and v6) is that your IP gets configured and then managed by DHCP client. Even if you have static mapping on the DHCP server it is still recommended to use DHCP so you are not left with broken network if someone changes your static mapping. So using DHCPv6+PD on WAN and then statically assigning IP to LAN interface is a bit backwards to say the least and I don't think this kind of setup is officially supported and tested during release testing. I am pretty sure that some of you that do that are doing it so you can use DHCPv6 server on LAN side, since you can only enable it if LAN has static IP. If that is the case this is the bug for the issue: https://redmine.pfsense.org/issues/3029 go complain there instead of blaming other parts of the system.

    With that being said, change 4436 was intentional and I don't think it is going to be rolled back. If that affects you, reproduce your old setup using advanced DHCP6 settings. Since you kind of need to know what you are doing when configuring advanced settings. Here is a quick "guide":

    If you want to be 100% sure that future updtates don't break your setup utilize 'Config File Override' option.

    0
  • M

    lol :)
    Thanks for you explanation but I know what am I doing.
    And no I don`t use static LAN so that I can use DHCPv6 server, in fact I have it disabled.

    0
  • H

    Now I use my custom config file```
    interface em0_vlan88 {
            send ia-na 0;  # request stateful address
    send ia-pd 0; # request prefix delegation
    request domain-name-servers;
    request domain-name;
    script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
    };
    id-assoc na 0 { };
    id-assoc pd 0 {
    prefix ::/48 infinity;
    };

    I would like to use the advanced config section but I don’t know exactly how to fill up these fields. The first part works, but where should I put```
id-assoc na 0 { };
id-assoc pd 0 {
	prefix ::/48 infinity;
```for getting the right result?
    0
  • J

    Of course setting a fixed ipv6 address on any device isn't backwards. Especially not if the chance that the assigned prefix ever changes is zero.

    One would think that if this prefix does chance, it would be the least of your worries, as the number of dynamic dns services that support ipv6 is extremely low.

    There are valid reasons to assigning a fixed IPv6 address on a router interface, even though in RA the router address used is the link local address. If for whatever reason, one has completely disabled RA on say a server, one could use the static IPv6 of the router interface + a static route and be done with it.

    Having said that, at least using advanced options enables us to re-instate the old behavior, which to me makes much more sense, especially in enterprise.

    It is clear this was a deliberate change, I am however not convinced that change makes a lot of sense and I doubt that people that have been bitten by this chance are a tiny group.

    Edit to add, no I am not setting a static IPv6 address on the router interface just so that I can use the  dhcpv6 server supplied by pfsense, that server isn't running on the router and for good reason to.

    0
  • K

    If you are using a service like comcast or time warner cable that assigns dynamic IPV6 addresses via DHCP and should be using a track interface and your are assigning static addresses here and there, you are screwing up.  Your pain is your fault.

    0
  • M

    Yeah that is not good :)
    But my provider gives me one /64 static connecting segment (pppoe) and a static /56 that I divided into 256 /64 networks and I HAVE TO USE STATIC on my VLANs :)
    Trac interface is at no use to me…

    br,
    m

    0
  • J

    @kejianshi:

    If you are using a service like comcast or time warner cable that assigns dynamic IPV6 addresses via DHCP and should be using a track interface and your are assigning static addresses here and there, you are screwing up.  Your pain is your fault.

    My point was that there are quite a few providers that provide STATIC ::/48 or ::/56, but rely on PD to get the prefix to a router, in such cases this change doesn't really make sense.

    0
  • M

    You described my case very well  ;)

    0
  • K

    OK - I see.

    0
  • A

    @hidalgo:

    Now I use my custom config file```
    interface em0_vlan88 {
            send ia-na 0;  # request stateful address
    send ia-pd 0; # request prefix delegation
    request domain-name-servers;
    request domain-name;
    script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
    };
    id-assoc na 0 { };
    id-assoc pd 0 {
    prefix ::/48 infinity;
    };

    I would like to use the advanced config section but I don’t know exactly how to fill up these fields. The first part works, but where should I put```
id-assoc na 0 { };
id-assoc pd 0 {
	prefix ::/48 infinity;
```for getting the right result?

    Configure advanced settings exactly how they appear in the image I posted, then add '::/48' in the 'Prefix ipv6-prefix' field and 'infinity' in 'pltime' field.

    0
  • A

    @maverick_slo:

    Yeah that is not good :)
    But my provider gives me one /64 static connecting segment (pppoe) and a static /56 that I divided into 256 /64 networks and I HAVE TO USE STATIC on my VLANs :)
    Trac interface is at no use to me…

    br,
    m

    maverick, why do you have to use static on your VLANs? I use DHCP6+PD with VLAN configured as track interface and everything works fine.

    0
  • M

    Because I need: XXXX:XXXX:XXXX:XXXX::X to be static and always the same.
    I have 5 subnets that I chose and of course they need to be static…

    0
  • A

    So essentially you are doing it because you want to have a short interface identifier (rightmost 64-bits) in your IPv6 address instead of having them be auto-configured, which would be the case if you used track interface. Did I understand that correctly?

    0
  • M

    My provider gives me static /56 which means 256 /64 subnets.
    I cant use track interface for this config to work in my 5 subnets of /64… Also small ip size is cool to have but its not intended or needed in my case...

    0
  • A

    Did you try following configuration? In your case you can have up to 256 track interfaces, so I still don't understand what exactly is not working for you.

    • WAN Configuration

    • IPv6 Configuration Type: DHCP6

    • DHCPv6 Prefix Delegation size: 56

    • VLAN1 Configuration

    • IPv6 Configuration Type: Track Interface

    • IPv6 Interface: WAN

    • IPv6 Prefix ID: 1

    • VLAN2 Configuration

    • IPv6 Configuration Type: Track Interface

    • IPv6 Interface: WAN

    • IPv6 Prefix ID: 2

    • VLAN3 Configuration

    • IPv6 Configuration Type: Track Interface

    • IPv6 Interface: WAN

    • IPv6 Prefix ID: 3

    • VLAN4 Configuration

    • IPv6 Configuration Type: Track Interface

    • IPv6 Interface: WAN

    • IPv6 Prefix ID: 4

    • VLAN5 Configuration

    • IPv6 Configuration Type: Track Interface

    • IPv6 Interface: WAN

    • IPv6 Prefix ID: 5

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy