Comcast IPv6 - no IP received

mrhanman

I recently upgraded to 2.2.1 and took the opportunity to also enable IPv6 support since Comcast has rolled it out in my area.  At first, everything worked beautifully, but now my PC only has a Link-Local IPv6 address.  I've tried reconfiguring everything, but nothing has worked so far.  Here is my configuration.  I appreciate any help I can get.

Interface Adresses
WAN Settings
LAN Settings
Firewall Rules

doktornotor

https://forum.pfsense.org/index.php?topic=90699.0

mrhanman

I have read that thread (even posted in it), but I don't think it applies to me since I have an IPv6 address issued to my WAN and LAN.  The problem I have is that my PC which also had a IPv6 address when initially configured, has now lost it and sports only a Link-Local address.

Thanks for trying, though.

kejianshi

I'm pretty sure this is your problem.  Take a second look at that thread.

MikeV7896

Based on your interface addresses, it appears as though IPv6 IS working for you (both WAN and LAN have IPv6 addresses that are appropriate for Comcast), but there's something else not working right to allow devices on your network to get IPv6 addresses. BTW, my settings are the same as yours (and I have Comcast too) and everything is working fine for me.

So something to check… In your services, is radvd running? Had you previously run with a different IPv6 setup and you just decided to switch to native IPv6?

mrhanman

radvd is running. I once used a tunnel broker and later 6to4.  That was ages ago.  I know my hardware has changed since then, but it's possible I carried over the config.

MikeV7896

If you had changed settings for DHCPv6 server and RA before, those settings are likely still being applied, even though you can't modify them now (something that has been requested in feature #3029).

You might want to change to static IPv6 on your LAN for a moment and set RA to Unmanaged, remove any other custom or advanced settings, then clear all the DHCPv6 server boxes and disable it. Then switch back to Track Interface on LAN and see if that helps.

azzido

mrhanman your issue has definitively nothing to do with previous thread. You successfully receive IP and PD from Comcast DHCP server.

What OS is client running? If you know how run Wireshark and look for RA messages; enter 'icmpv6.type == 134' in the filter field.
Make sure that radvd process is really running on pfSense and post content of /var/etc/radvd.conf file.

mrhanman

I'm running Windows 8.1 x64.  I'm  having the same problem on two linux machines, one running NAS4Free (FreeBSD 10.1) and another running Steam OS (Debian).  Here's my radvd.conf:

# Automatically Generated, do not edit
# Generated config for dhcp6 delegation from wan on lan
interface msk0 {
	AdvSendAdvert on;
	MinRtrAdvInterval 3;
	MaxRtrAdvInterval 10;
	AdvLinkMTU 1500;
	AdvOtherConfigFlag on;
		prefix 2601:2:xxxx:xxxx::/60 {
		AdvOnLink on;
		AdvAutonomous on;
		AdvRouterAddr on;
	};
	RDNSS 2601:2:8a00:xxxx:xxxx:xxxx:fe30:dcba { };
	DNSSL mydomain.com { };
};

radvd is running:

$ ps ax | grep radvd
32549  -  S       0:02.40 /usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/e

I'm seeing these every few seconds with that filter in wireshark:

2562	132.511429000	fe80::1:1	ff02::1	ICMPv6	166	Router Advertisement from xx:xx:xx:xx:xx:xx

azzido

Kill radvd process, change line 'prefix 2601:2:xxxx:xxxx::/60 {' to 'prefix 2601:2:xxxx:xxxx::/64 {' and start radvd again by running '/usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog'

mrhanman

It works!  ;D

Thanks so much, azzido.  This one really had me pulling my hair out.

So, why was it incorrect there?

azzido

Glad it worked, but don't be too happy :) Config file will be reset to /60 if you make changes on GUI or radvd is restarted by pfSense.

It puts /60 probably because Comcast delegated you /60 prefix, but I am not sure about it. Need to look at the code to see what it is doing.

mrhanman

Well, if Comcast is giving me a /60 prefix, should that be what I have configured on my WAN connection?

kejianshi

If you are using comcast you should be getting a /64 on the wan…

But - In your unique case I'm sure its totally different....

taz3146

if it's comcast business, they likely supply a /56 prefix by default and having the PD set to anything but /56 will make it configure the wrong prefix size on the tracked interfaces.

I noticed that a while back, maybe some kind of checking could be added before it writes the radvd and dhcp6 files and have it warn/notice that a non /64 size is being written to them.

razzfazz

Make sure you have the prefix delegation size on the WAN set correctly; Comcast will give you a /64 prefix if you send no hint, or up to a /60 if you send the respective hint. You would see a non-/64 prefix on your LAN if the prefix size you indicate in the WAN config doesn't match what Comcast actually gives you (e.g. because you selected /56).

mrhanman

I set the prefix hint to /60, and now my radvd.conf shows /64  :o

Is this correct?  It at least seems to be working, but I would have expected them to both be the same.

razzfazz

If everything is configured right, you'll always end up with /64 prefixes on your LAN interfaces; the /60 is the total address space delegated to you, and pfSense will split it up into up to 16 /64 prefixes, one for each interfaces configured to track the WAN.