IPV6 gone after changing WAN nic

Cybdex

To make a long story a bit shorter, i have had a few issues with ipv6 stability. I made a thread about some stuff a while back https://forum.pfsense.org/index.php?topic=98346, but ended up actually getting stuff to work with me running my own dhcpv6 server and internal /64 net..

I have upgraded to 2.2.5 stable and things continued to work as before.

However, things have not been stable. I have had some dropouts of my wan link, and it seems as ipv6 tends to crash after that happens. A save/apply on the wan settings page usually brings stuff back, so thats what ive been doing for the last 3-4 months. But to try to troubleshoot the unstable wan link i decided to swap my WAN nic for a different one in case this is what is causing it.

Thats when stuff really stopped working. I used the same setup as i had, just swapped the wan nic, but perhaps not surprisingly my old ISP delegated /48 prefix probably was not valid anymore? (Dunno how things happen vs. ipv4, cos swapping a nice with different mac = new ipv4 wan address)

The only way im able to even get something resembling a ipv6 address is to set ipv6 on LAN to disabled, and using the default config on WAN ipv6. Then i get a /128 address on my WAN interface, but are not able to ping out from my pfsense box at all. Cant find any dropped packets in the firewall either.
If i enable "Track interface" on my LAN (as im supposed to do on a default config), the ipv6 both on WAN and LAN is gone and not coming back after a reboot.

So.. Troubleshooting tips are welcome.

My current /var/etc/dhcp6c_wan.conf

interface xl0 {
        send ia-na 0;   # request stateful address
        send ia-pd 0;   # request prefix delegation
        request domain-name-servers;
        request domain-name;
        script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
        prefix-interface bge0 {
                sla-id 0;
                sla-len 16;
        };
};

My routing log kills radvd with: (With LAN set to track interface)

radvd[30984]: no auto-selected prefix on interface bge0, disabling advertisements

Thats probably right, cos my LAN never receives any ipv6 (although, i kinda was under the belief that radvd had to initiate the getting an address on lan in the first place in a "track interface" setup?)

C

Cybdex

Right.. After leaving the box for 3+ hours, i actually have now got a /128 ipv6 address on the WAN AND a ipv6 delegated net (actually the same as i had before??) on my LAN.

This is with WAN set mostly default (post above for my config), and LAN to "track interface".

Internal clients also get a ipv6 from the LAN /64 net! Almost looking good now.. xept that i cant ping out from anywhere, not my lan clients, or the pfsense box itself. Hmmm…

Tips?

C

PS. Cant say i dare do any reboots/renew or whatever now hehe..

Cybdex

Right.. After fiddeling some more, i enabled the "Only request an IPv6 prefix, do not request an IPv6 address", and viola.. Back to ipv6 connectivity again. (On my "old" prefix before this nic change).

Doing some calculations, it actually seems as ipv6 came back appx 24 hours after changing the wan nic. Is this a "normal" thing to happen? Ie. it takes 24 hours for the ISP to "release" my prefix due to me changing nic?

C

Cybdex

Things have been seemingly up&running for a couple of days now with no issues. (Prolly jinx it now tho hehe)

Anyway, the config atm is:

interface xl0 {
	send ia-pd 0;
	request domain-name-servers;
	request domain-name;
	script "/var/etc/dhcp6c_wan_script.sh";
};
id-assoc pd 0 { 
	prefix 2001:xxxx:xxxx::/48 infinity;
	prefix-interface xl0 {
		sla-id 0;
		sla-len 16;
	};
};

My LAN is set to static ip with RA in "Unmanaged" mode.

However, every 12 hours i get this in my log:

Dec 15 16:06:09 	php-fpm[51091]: /rc.newwanipv6: rc.newwanipv6: Failed to update WAN[wan] IPv6, restarting...
Dec 15 16:06:09 	php-fpm[51091]: /rc.newwanipv6: rc.newwanipv6: Info: starting on xl0.

I dunno.. Since i dont actually have a public ipv6 address on my wan interface (just getting delegated prefix from isp, and the link-local address), im not sure if i should consider this as an error.. Would be nice if it registered that it had "renewed" my prefix or something? I dunno..

The other thing i "changed" this round is to allow inbound ICMPv6 traffic on "*". I had it enabled on "LAN", but i guess perhaps i need inbound ICMPv6 from my ISP or sumting on eg. the link local address aswell? Not sure really.

Any insight on whether i should consider the error message a error, or just ignore it? :)

C

Cybdex

Even tho i seem to be talking to myself, i give it a go (again).

Had a 7 day "streak" without any incidents, but the previous night i had a WAN disconnect according to the logs. This in turn lead to me loosing ipv6 a few hours later. Now, i wonder, could it be that whenever i loose WAN connectivity something "hangs" in that RA wont broadcast/refresh my prefix until i either reboot or restart wan? (By saving wan settings and applying without actually changing anything).

It could be just a coincidence that i had 7 days uptime on WAN now vs. before changing nic's, as it usually happen at night (2 pm ish), which COULD indicate some ISP maintenance or something like that. Anyway, the thing is that it does seem as when WAN link goes down, something weird will happen with my prefix.

I just upgraded to 2.2.6 today, but havent really had the chance to study the patchnotes yet, so not sure if this is something that is specifically addressed there tho.

C