After 2.2.5, randomly lose IPv6

  • Hi,

    My ISP delegates a /56 or /48 IPv6 block depending on what you've requested. I've got a /56, and a few customers of mine (that also run pfSense) also do. All pfSenses are run as virtual machines on top of VMWare ESXi.

    After upgrading to 2.2.5, I found that IPv6 which was very stable in the past now seems to randomly stop. Of the 3 firewalls I upgraded, 2 no longer seem to receive IPv6 of any kind from the ISP. One of them has working IPv6 but it stops after a few hours, and takes 2-3 reboots to bring it back.

    I've looked in the logs and nothing is jumping out at me. The IPv6 just "stops".

    My issue appears identical to this user:

    I have attached screenshots of WAN and LAN interfaces. What other logs / information can I post to help you diagnose the issue?

  • Thanks for the reply David.

    I tried Status > Interfaces > Disconnect > Reconnect but it still wouldn't bring back iPv6.

    What did it for me was editing /usr/local/sbin/ppp-linkup and /usr/local/sbin/ppp-linkdown and commenting each occurance of /usr/local/sbin/ppp-ipv6

    This has worked on 3 different installations.

  • You have the "holy grail" for debugging - an environment where a problem occurs reliably.

    Your commenting of the calls to /usr/local/sbin/ppp-ipv6 restores the pre 2.2.5 behaviour and proves this is a genuine regression, but that cannot be considered a "proper" fix. As I alluded to in the other thread, the old behaviour amounted to "fire off dhcp6c via rtsold and hope it all stays working", which is not necessarily true. pfSense prior to 2.2.5 took no IPv6 related actions when an established PPP link failed or when the link returned. This could lead to a loss of IPv6 connectivity when a failed PPP link was re-established.

    The question is what is going wrong in your installations with the stock 2.2.5 code. When you can afford a little downtime, would you uncomment the calls to /usr/local/sbin/ppp-ipv6 and send me the output of the four debugging commands in the other thread? My guess is that there is a timing related issue that is leading to dhcp6c being started twice. If that is the case, I think the best fix will be to change interface_configure() in /etc/inc/ to stop it calling interface_dhcpv6_configure() when establishing a PPP connection. That way, the risk of interface_dhcpv6_configure() being called twice on initial PPP link establishment is removed.

    Ultimately, a refactoring and tidying of the DHCPv6 related code might well be worthwhile for the sake of robustness.

    I'm stupidly busy over the next six weeks, but I will try to keep an eye on this issue.

Log in to reply