IPV6 through pppoe (xs4all)



  • Hi all,

    I just set up pfsense to try out.
    Running virtual in bhyve (iohyve).
    Setup adapted from the excellent (Dutch) http://blog.firewallonline.nl/how-to-en-tutorials/xs4all-glasvezel-internet-iptv-op-pfsense-opnsense/

    WAN: igb0  (pci passthrough)
    LAN: tap0/vnet0 bridged on host to em0

    WAN (wan)      -> pppoe      -> v4/PPPoE: 83.MYIP/32
    LAN (lan)      -> vtnet0    -> v4: 10.0.0.4/24
                                      v6/t6: 2001::MYIP6::d431/64

    Igb0 connects to my fibre MTU, em0 to my lan. pfsense has full connectivity, the host is offline for the moment.

    My ISP (xs4all) requires PPPoe for static IPv4 assignment over vlan6. (vlan 4 is IPTV)
    I get an IPv6 subnet, which I am supposed to request over DHCP6, using the ip4 link.
    That works, mostly. LAN and machines on the network get a proper IPv6 out of my subnet, but WAN (the default route) is set to an fe80-linklocal.

    [Edit: Excessive connection attempts by ppp where resolved by a reboot after turning of gateway monitoring]



  • On PPPoE you will need to set "Use IPv4 connectivity as parent interface" on the DHCP6 section of the WAN interface.

    To ensure DHCP6 actually takes place on the WAN interface, you need either to set the LAN's IPv6 setting to "Track interface" (i.e. use a prefix acquired via DHCP-PD on the WAN) or check Advanced on the DHCP6 part of the WAN interface dialog and complete it as follows:

    | Send Options | ia-na 0,ia-pd 0 |
    | Request Options | domain-name-servers,domain-name |
    | Non-Temporary Address Allocation | (checked) |
    | id-assoc na ID | 0 |
    | Prefix Delegation | (checked) |
    | id-assoc pd ID | 0 |

    Leave everything else in that section blank or unchecked as appropriate.

    You've already found my post from earlier today about my patch to address a couple of IPv6 issues. Try first with unpatched pfSense - though once you've done that, I urge you to try that patch. You will likely have Issue 2 and you might experience Issue 1.

    Your setup should be capable of MTU 1500 operation using RFC 4638. If you're using pfSense 2.3 beta, the code is built in - just set the WAN MTU to 1500 and try a Disconnect and Connect in Status -> Interfaces. If you're using pfSense 2.2.4, 2.2.5 or 2.2.6, you can install my RFC 4638 patch. If you wish to apply both the IPv6 issues and RFC 4638 patches, apply the IPv6 issues patch first.



  • Hi David,

    I'm using 2.3, current as of 10 minutes ago.
    I have LAN set to track changes on WAN, so I should not need the advanced config options, as I understand it?



  • I'd reboot pfSense before going any further - that might be sufficient to get things working. If not, are there any clues in the DHCP log (Status -> System Logs, DHCP)?

    It's possible that your scenario is one that won't work without the IPv6 patch, though it's worth trying to get things going without it first.



  • @David_W:

    I'd reboot pfSense before going any further - that might be sufficient to get things working. If not, are there any clues in the DHCP log (Status -> System Logs, DHCP)?

    It's possible that your scenario is one that won't work without the IPv6 patch, though it's worth trying to get things going without it first.

    I just rebooted, and the dhcp log is pretty long. Lots of repetition, but my eye fell on:
    Jan 6 23:10:15 dhcp6c 15942 skip opening control port
    Jan 6 23:10:15 dhcp6c 15942 failed initialize control message authentication
    Jan 6 23:10:15 dhcp6c 15942 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory

    
    Jan 6 23:10:20	dhcpd		Sending on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 6 23:10:20	dhcpd		Listening on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 6 23:10:20	dhcpd		Bound to *:547
    Jan 6 23:10:20	dhcpd		Wrote 0 leases to leases file.
    Jan 6 23:10:20	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 6 23:10:20	dhcpd		All rights reserved.
    Jan 6 23:10:20	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 6 23:10:20	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 6 23:10:20	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 6 23:10:20	dhcpd		All rights reserved.
    Jan 6 23:10:20	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 6 23:10:20	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 6 23:10:20	dhcpd		Sending on Socket/fallback/fallback-net
    Jan 6 23:10:20	dhcpd		Sending on BPF/vtnet0/00:a0:98:d8:d4:31/10.0.0.0/24
    Jan 6 23:10:20	dhcpd		Listening on BPF/vtnet0/00:a0:98:d8:d4:31/10.0.0.0/24
    Jan 6 23:10:20	dhcpd		Wrote 3 leases to leases file.
    Jan 6 23:10:20	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 6 23:10:20	dhcpd		All rights reserved.
    Jan 6 23:10:20	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 6 23:10:20	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 6 23:10:20	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 6 23:10:20	dhcpd		All rights reserved.
    Jan 6 23:10:20	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 6 23:10:20	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 6 23:10:18	dhcpd		Sending on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 6 23:10:18	dhcpd		Listening on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 6 23:10:18	dhcpd		Bound to *:547
    Jan 6 23:10:18	dhcpd		Wrote 0 leases to leases file.
    Jan 6 23:10:18	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 6 23:10:18	dhcpd		All rights reserved.
    Jan 6 23:10:18	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 6 23:10:18	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 6 23:10:18	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 6 23:10:18	dhcpd		All rights reserved.
    Jan 6 23:10:18	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 6 23:10:18	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 6 23:10:18	dhcpd		Sending on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 6 23:10:18	dhcpd		Listening on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 6 23:10:18	dhcpd		Bound to *:547
    Jan 6 23:10:18	dhcpd		Wrote 0 leases to leases file.
    Jan 6 23:10:18	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 6 23:10:18	dhcpd		All rights reserved.
    Jan 6 23:10:18	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 6 23:10:18	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 6 23:10:18	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 6 23:10:18	dhcpd		All rights reserved.
    Jan 6 23:10:18	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 6 23:10:18	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 6 23:10:15	dhcp6c	15942	skip opening control port
    Jan 6 23:10:15	dhcp6c	15942	failed initialize control message authentication
    Jan 6 23:10:15	dhcp6c	15942	failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Jan 6 21:59:58	dhcpd		DHCPACK on 10.0.0.53 to 00:15:65:4c:14:6a (SIP-T46G) via vtnet0
    Jan 6 21:59:58	dhcpd		DHCPREQUEST for 10.0.0.53 from 00:15:65:4c:14:6a via vtnet0
    Jan 6 21:56:15	dhcpd		DHCPACK on 10.0.0.57 to 3c:83:75:c2:2f:0c (Windows-Phone) via vtnet0
    Jan 6 21:56:15	dhcpd		DHCPREQUEST for 10.0.0.57 from 3c:83:75:c2:2f:0c via vtnet0
    Jan 6 21:55:39	dhcpd		DHCPACK on 10.0.0.54 to 00:0e:58:5d:5e:8a (SonosZP) via vtnet0
    Jan 6 21:55:39	dhcpd		DHCPREQUEST for 10.0.0.54 from 00:0e:58:5d:5e:8a via vtnet0
    Jan 6 21:52:35	dhcpd		DHCPACK on 10.0.0.55 to 00:0e:58:5d:5e:68 (SonosZP) via vtnet0
    Jan 6 21:52:35	dhcpd		DHCPREQUEST for 10.0.0.55 from 00:0e:58:5d:5e:68 (SonosZP) via vtnet0
    Jan 6 21:46:25	dhcpd		Sending on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 6 21:46:25	dhcpd		Listening on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 6 21:46:25	dhcpd		Bound to *:547
    
    


  • @HiddenWolf:

    I just rebooted, and the dhcp log is pretty long. Lots of repetition, but my eye fell on:
    Jan 6 23:10:15 dhcp6c 15942 skip opening control port
    Jan 6 23:10:15 dhcp6c 15942 failed initialize control message authentication
    Jan 6 23:10:15 dhcp6c 15942 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory

    Those three lines are normal - pfSense didn't initialise the control port of dhcp6c as it doesn't make use of it. The rest of the log is from dhcpd, the IPv4 DHCP server.

    Unfortunately dhcp6c has no debug options in between the one pfSense uses and an ultra chatty debug version. If you're happy SSHing into pfSense, I can post instructions on how to engage the ultra chatty option.



  • @David_W:

    @HiddenWolf:

    I just rebooted, and the dhcp log is pretty long. Lots of repetition, but my eye fell on:
    Jan 6 23:10:15 dhcp6c 15942 skip opening control port
    Jan 6 23:10:15 dhcp6c 15942 failed initialize control message authentication
    Jan 6 23:10:15 dhcp6c 15942 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory

    Those three lines are normal - pfSense didn't initialise the control port of dhcp6c as it doesn't make use of it. The rest of the log is from dhcpd, the IPv4 DHCP server.

    Unfortunately dhcp6c has no debug options in between the one pfSense uses and an ultra chatty debug version. If you're happy SSHing into pfSense, I can post instructions on how to engage the ultra chatty option.

    Chattier than the DHCP copyright spam even? hah!
    I'm pretty comfortable with ssh. Go ahead.



  • I'm out of my depth, but things appear to work now:

    
    PING6(56=40+8+8 bytes) 2001:984:3f19:0:2a0:98ff:fed8:d431 --> 2a00:1450:400c:c08::64
    16 bytes from 2a00:1450:400c:c08::64, icmp_seq=0 hlim=56 time=7.438 ms
    16 bytes from 2a00:1450:400c:c08::64, icmp_seq=1 hlim=56 time=7.401 ms
    16 bytes from 2a00:1450:400c:c08::64, icmp_seq=2 hlim=56 time=7.398 ms
    
    --- google.com ping6 statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 7.398/7.412/7.438/0.018 ms
    
    

    http://ipv6-test.com shows 17/20, docking points for hostname and icmp firewalling.

    I haven't changed any settings since that last reboot, so apparently your patch made things work.
    I just don't know how. both the gateway and the WAN ipv6 are set to a fe80::2a0:: IP.



  • @HiddenWolf:


    That works, mostly. LAN and machines on the network get a proper IPv6 out of my subnet, but WAN (the default route) is set to an fe80-linklocal.

    That is not necessarily a problem, you do not need an public address on the WAN.
    A problem is when a host on the LAN cannot ping6 ping.xs4all.nl  / 2001:888:0:25::194



  • In /etc/inc/interfaces.inc, locate the command line for dhcp6c in interface_dhcpv6_configure() - at the time of writing it's line 3949 if you have no patches installed. Change -d (lower case d) to -D (upper case D) and save the file.

    A Disconnect and Connect using Status -> Interfaces should retrigger dhcp6c with more verbose debugging enabled. Does the DHCP log provide any useful clues now about the lack of a globally routable IPv6 WAN address?

    The fact that your downstream machines have IPv6 connectivity implies DHCP-PD (also handled by dhcp6c) is working.



  • @hda:

    you do not need an public address on the WAN.
    A problem is when a host on the LAN cannot ping6 2001:888:0:6::66 …

    Though devices on local networks will work fine without pfSense having a globally routable IPv6 address on its WAN interface, this will prevent pfSense from initiating or responding to globally routable IPv6 traffic. In particular, the lack of a globally routable IPv6 address means that pfSense cannot use IPv6 for its ntp daemon or the DNS resolver, also pfSense cannot act as a VPN endpoint over IPv6.



  • @David_W:

    …In particular, the lack of a globally routable IPv6 address means that pfSense cannot use IPv6 for its ntp daemon or the DNS resolver...

    I'm a bit confused now. But the LAN is global, no ? And what about my DNS Resolver and NTP working well for pfSense and all LAN's ? My understanding is that pfSense is doing no public on WAN unless ISP-gateway is static thus part your delegated prefix ? , in the past @cmb wrote something like this IIRC… Anyway :)




  • All right. I am running a pfsense 2.3 with David_W's patch.
    Settings unchanged from above.

    WAN: igb0 (PPPOE,igb0_vlan6) gets my IP4 and fe80::2a0:98ff:fed8:d431%pppoe
    LAN: vnet0 (static 10.0.0.4, track interface WAN) gets 2001:984::d431
    default gateway IPv6: fe80::2a0:a50f:fc78:5530
    Local machines configured for IPv6 are getting assigned proper IP's

    I can ping and ping6 from pfsense, and any machine in the network.
    The interface has been up for a few hours now.

    It works, I'd just expected to see a 2001:bla-like IP on WAN.

    EDIT:
    The overactive PPP is back. Gateway monitoring on/off doesn't seem to make a difference.

    
    an 7 01:46:05	ppp		[wan_link0] Link: reconnection attempt 26 in 4 seconds
    Jan 7 01:46:05	ppp		[wan_link0] LCP: Down event
    Jan 7 01:46:05	ppp		[wan_link0] Link: DOWN event
    Jan 7 01:46:05	ppp		[wan_link0] PPPoE connection timeout after 9 seconds
    Jan 7 01:45:56	ppp		[wan_link0] PPPoE: Connecting to ''
    Jan 7 01:45:56	ppp		[wan_link0] Link: reconnection attempt 25
    Jan 7 01:45:53	ppp		[wan_link0] Link: reconnection attempt 25 in 3 seconds
    Jan 7 01:45:53	ppp		[wan_link0] LCP: Down event
    Jan 7 01:45:53	ppp		[wan_link0] Link: DOWN event
    Jan 7 01:45:53	ppp		[wan_link0] PPPoE connection timeout after 9 seconds
    Jan 7 01:45:44	ppp		[wan_link0] PPPoE: Connecting to ''
    Jan 7 01:45:44	ppp		[wan_link0] Link: reconnection attempt 24
    Jan 7 01:45:40	ppp		[wan_link0] Link: reconnection attempt 24 in 4 seconds
    
    


  • @David_W:

    In /etc/inc/interfaces.inc, locate the command line for dhcp6c in interface_dhcpv6_configure() - at the time of writing it's line 3949 if you have no patches installed. Change -d (lower case d) to -D (upper case D) and save the file.

    A Disconnect and Connect using Status -> Interfaces should retrigger dhcp6c with more verbose debugging enabled. Does the DHCP log provide any useful clues now about the lack of a globally routable IPv6 WAN address?

    The fact that your downstream machines have IPv6 connectivity implies DHCP-PD (also handled by dhcp6c) is working.

    
    Jan 7 01:41:20	dhcpd		exiting.
    Jan 7 01:41:20	dhcpd		the README file.
    Jan 7 01:41:20	dhcpd		send them to the appropriate mailing list as described in
    Jan 7 01:41:20	dhcpd		help directly to the authors of this software - please
    Jan 7 01:41:20	dhcpd		Please do not under any circumstances send requests for
    Jan 7 01:41:20	dhcpd		submitting bug reports and requests for help.
    Jan 7 01:41:20	dhcpd		mailing list, please read the section on the README about
    Jan 7 01:41:20	dhcpd		If you intend to request help from the dhcp-bugs at isc.org
    Jan 7 01:41:20	dhcpd		yet read the README, please read it before requesting help.
    Jan 7 01:41:20	dhcpd		If you did get this software from ftp.isc.org and have not
    Jan 7 01:41:20	dhcpd		requesting help.
    Jan 7 01:41:20	dhcpd		get the latest from ftp.isc.org and install that before
    Jan 7 01:41:20	dhcpd		If you did not get this software from ftp.isc.org, please
    Jan 7 01:41:20	dhcpd		There's already a DHCP server running.
    Jan 7 01:41:20	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:20	dhcpd		All rights reserved.
    Jan 7 01:41:20	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:20	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:20	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:20	dhcpd		All rights reserved.
    Jan 7 01:41:20	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:20	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:20	dhcpd		Sending on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 7 01:41:20	dhcpd		Listening on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 7 01:41:20	dhcpd		Bound to *:547
    Jan 7 01:41:20	dhcpd		Wrote 0 leases to leases file.
    Jan 7 01:41:20	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:20	dhcpd		All rights reserved.
    Jan 7 01:41:20	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:20	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:20	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:20	dhcpd		All rights reserved.
    Jan 7 01:41:20	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:20	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:19	dhcpd		exiting.
    Jan 7 01:41:19	dhcpd		the README file.
    Jan 7 01:41:19	dhcpd		send them to the appropriate mailing list as described in
    Jan 7 01:41:19	dhcpd		help directly to the authors of this software - please
    Jan 7 01:41:19	dhcpd		Please do not under any circumstances send requests for
    Jan 7 01:41:19	dhcpd		submitting bug reports and requests for help.
    Jan 7 01:41:19	dhcpd		mailing list, please read the section on the README about
    Jan 7 01:41:19	dhcpd		If you intend to request help from the dhcp-bugs at isc.org
    Jan 7 01:41:19	dhcpd		yet read the README, please read it before requesting help.
    Jan 7 01:41:19	dhcpd		If you did get this software from ftp.isc.org and have not
    Jan 7 01:41:19	dhcpd		requesting help.
    Jan 7 01:41:19	dhcpd		get the latest from ftp.isc.org and install that before
    Jan 7 01:41:19	dhcpd		If you did not get this software from ftp.isc.org, please
    Jan 7 01:41:19	dhcpd		There's already a DHCP server running.
    Jan 7 01:41:19	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:19	dhcpd		All rights reserved.
    Jan 7 01:41:19	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:19	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:19	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:19	dhcpd		All rights reserved.
    Jan 7 01:41:19	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:19	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:19	dhcpd		Sending on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 7 01:41:19	dhcpd		Listening on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 7 01:41:19	dhcpd		Bound to *:547
    Jan 7 01:41:19	dhcpd		Wrote 0 leases to leases file.
    Jan 7 01:41:19	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:19	dhcpd		All rights reserved.
    Jan 7 01:41:19	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:19	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:19	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:19	dhcpd		All rights reserved.
    Jan 7 01:41:19	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:19	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:18	dhcpd		exiting.
    Jan 7 01:41:18	dhcpd		the README file.
    Jan 7 01:41:18	dhcpd		send them to the appropriate mailing list as described in
    Jan 7 01:41:18	dhcpd		help directly to the authors of this software - please
    Jan 7 01:41:18	dhcpd		Please do not under any circumstances send requests for
    Jan 7 01:41:18	dhcpd		submitting bug reports and requests for help.
    Jan 7 01:41:18	dhcpd		mailing list, please read the section on the README about
    Jan 7 01:41:18	dhcpd		If you intend to request help from the dhcp-bugs at isc.org
    Jan 7 01:41:18	dhcpd		yet read the README, please read it before requesting help.
    Jan 7 01:41:18	dhcpd		If you did get this software from ftp.isc.org and have not
    Jan 7 01:41:18	dhcpd		requesting help.
    Jan 7 01:41:18	dhcpd		get the latest from ftp.isc.org and install that before
    Jan 7 01:41:18	dhcpd		If you did not get this software from ftp.isc.org, please
    Jan 7 01:41:18	dhcpd		includes a bootp server.
    Jan 7 01:41:18	dhcpd		are not running HP JetAdmin software, which
    Jan 7 01:41:18	dhcpd		bootp in /etc/inetd.conf. Also make sure you
    Jan 7 01:41:18	dhcpd		running and that there's no entry for dhcp or
    Jan 7 01:41:18	dhcpd		Please make sure there is no other dhcp server
    Jan 7 01:41:18	dhcpd		Can't bind to dhcp address: Address already in use
    Jan 7 01:41:18	dhcpd		Sending on BPF/vtnet0/00:a0:98:d8:d4:31/10.0.0.0/24
    Jan 7 01:41:18	dhcpd		Listening on BPF/vtnet0/00:a0:98:d8:d4:31/10.0.0.0/24
    Jan 7 01:41:18	dhcpd		Can't install new lease database /var/db/dhcpd.leases.1452127278 to /var/db/dhcpd.leases: No such file or directory
    Jan 7 01:41:18	dhcpd		Sending on Socket/fallback/fallback-net
    Jan 7 01:41:18	dhcpd		Sending on BPF/vtnet0/00:a0:98:d8:d4:31/10.0.0.0/24
    Jan 7 01:41:18	dhcpd		Listening on BPF/vtnet0/00:a0:98:d8:d4:31/10.0.0.0/24
    Jan 7 01:41:18	dhcpd		Wrote 7 leases to leases file.
    Jan 7 01:41:18	dhcpd		Wrote 0 new dynamic host decls to leases file.
    Jan 7 01:41:18	dhcpd		Wrote 0 deleted host decls to leases file.
    Jan 7 01:41:18	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:18	dhcpd		All rights reserved.
    Jan 7 01:41:18	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:18	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:18	dhcpd		Wrote 7 leases to leases file.
    Jan 7 01:41:18	dhcpd		Wrote 0 new dynamic host decls to leases file.
    Jan 7 01:41:18	dhcpd		Wrote 0 deleted host decls to leases file.
    Jan 7 01:41:18	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:18	dhcpd		All rights reserved.
    Jan 7 01:41:18	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:18	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:18	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:18	dhcpd		All rights reserved.
    Jan 7 01:41:18	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:18	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:18	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:18	dhcpd		All rights reserved.
    Jan 7 01:41:18	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:18	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:17	dhcpd		Sending on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 7 01:41:17	dhcpd		Listening on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 7 01:41:17	dhcpd		Bound to *:547
    Jan 7 01:41:17	dhcpd		Wrote 0 leases to leases file.
    Jan 7 01:41:17	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:17	dhcpd		All rights reserved.
    Jan 7 01:41:17	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:17	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:17	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:17	dhcpd		All rights reserved.
    Jan 7 01:41:17	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:17	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:16	dhcpd		Sending on Socket/fallback/fallback-net
    Jan 7 01:41:16	dhcpd		Sending on BPF/vtnet0/00:a0:98:d8:d4:31/10.0.0.0/24
    Jan 7 01:41:16	dhcpd		Listening on BPF/vtnet0/00:a0:98:d8:d4:31/10.0.0.0/24
    Jan 7 01:41:16	dhcpd		Wrote 7 leases to leases file.
    Jan 7 01:41:16	dhcpd		Wrote 0 new dynamic host decls to leases file.
    Jan 7 01:41:16	dhcpd		Wrote 0 deleted host decls to leases file.
    Jan 7 01:41:16	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:16	dhcpd		All rights reserved.
    Jan 7 01:41:16	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:16	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:16	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 01:41:16	dhcpd		All rights reserved.
    Jan 7 01:41:16	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 01:41:16	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 01:41:14	dhcp6c	66276	skip opening control port
    Jan 7 01:41:14	dhcp6c	66276	failed initialize control message authentication
    Jan 7 01:41:14	dhcp6c	66276	failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Jan 7 01:40:40	dhcp6c	16320	exiting
    Jan 7 01:40:40	dhcp6c	16320	no responses were received
    Jan 7 01:40:25	dhcp6c	16320	transmit failed: Device not configured
    Jan 7 01:40:18	dhcp6c	16320	transmit failed: Device not configured
    Jan 7 02:38:37	dhcpd		Sending on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 7 02:38:37	dhcpd		Listening on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 7 02:38:37	dhcpd		Bound to *:547
    Jan 7 02:38:37	dhcpd		Wrote 0 leases to leases file.
    Jan 7 02:38:37	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 02:38:37	dhcpd		All rights reserved.
    Jan 7 02:38:37	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 02:38:37	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 02:38:37	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 02:38:37	dhcpd		All rights reserved.
    Jan 7 02:38:37	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 02:38:37	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 02:38:37	dhcpd		Sending on Socket/fallback/fallback-net
    Jan 7 02:38:37	dhcpd		Sending on BPF/vtnet0/00:a0:98:d8:d4:31/10.0.0.0/24
    Jan 7 02:38:37	dhcpd		Listening on BPF/vtnet0/00:a0:98:d8:d4:31/10.0.0.0/24
    Jan 7 02:38:37	dhcpd		Wrote 7 leases to leases file.
    Jan 7 02:38:37	dhcpd		Wrote 0 new dynamic host decls to leases file.
    Jan 7 02:38:37	dhcpd		Wrote 0 deleted host decls to leases file.
    Jan 7 02:38:37	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 02:38:37	dhcpd		All rights reserved.
    Jan 7 02:38:37	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 02:38:37	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 02:38:37	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 02:38:37	dhcpd		All rights reserved.
    Jan 7 02:38:37	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 02:38:37	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 02:38:35	dhcpd		Sending on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 7 02:38:35	dhcpd		Listening on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 7 02:38:35	dhcpd		Bound to *:547
    Jan 7 02:38:35	dhcpd		Wrote 0 leases to leases file.
    Jan 7 02:38:35	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 02:38:35	dhcpd		All rights reserved.
    Jan 7 02:38:35	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 02:38:35	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 02:38:35	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
    Jan 7 02:38:35	dhcpd		All rights reserved.
    Jan 7 02:38:35	dhcpd		Copyright 2004-2015 Internet Systems Consortium.
    Jan 7 02:38:35	dhcpd		Internet Systems Consortium DHCP Server 4.2.8
    Jan 7 02:38:32	dhcp6c	16237	skip opening control port
    Jan 7 02:38:32	dhcp6c	16237	failed initialize control message authentication
    Jan 7 02:38:32	dhcp6c	16237	failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Jan 7 01:11:32	dhcpd		Sending on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 7 01:11:32	dhcpd		Listening on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 7 01:11:32	dhcpd		Bound to *:547
    Jan 7 01:11:32	dhcpd		Can't install new lease database /var/db/dhcpd6.leases.1452125492 to /var/db/dhcpd6.leases: No such file or directory
    Jan 7 01:11:32	dhcpd		Sending on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 7 01:11:32	dhcpd		Listening on Socket/5/vtnet0/2001:984:3f19::/64
    Jan 7 01:11:32	dhcpd		Bound to *:547
    
    


  • @HiddenWolf:

    I'm out of my depth, but things appear to work now:
    I haven't changed any settings since that last reboot, so apparently your patch made things work.
    I just don't know how. both the gateway and the WAN ipv6 are set to a fe80::2a0:: IP.

    Your connection problems seem independent from the patch I think. IPv6 Link-Local & IPv6 Address should be the same fe80::.  And the Gateway should be another fe80:: number further upstream to ISP.

    But some questions are:
    Why do you use MAC spoofing in Interfaces-WAN ? May we see the Status-Dashboard & Status-Interfaces again ?
    You have weird logs about dhcpd. Do you have other non-pfSense DHCP6-server active ?
    What is it with PPP ? Are you not on a clean straight PPPoE link with XS4ALL and maybe talking through/using a Fritzbox or other ??



  • The WAN interface of pfsense is directly plugged into the MTU.
    The Fritzbox has given me nothing but trouble. It is currently in use as an access point only, and located behind LAN.
    I have not set up mac spoofing. I do not have an dhcp6-server active anywhere else on the network.
    I have no idea about the ppp. I thought i'd fixed it by turning gateway monitoring off, but then it started up again.

    attached are screenshots of:
    assign interfaces
    wan
    lan
    interfaces status

    ![Screen Shot 2016-01-07 at 11.06.58.png](/public/imported_attachments/1/Screen Shot 2016-01-07 at 11.06.58.png)
    ![Screen Shot 2016-01-07 at 11.06.58.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-07 at 11.06.58.png_thumb)
    ![Screen Shot 2016-01-07 at 11.07.54.png](/public/imported_attachments/1/Screen Shot 2016-01-07 at 11.07.54.png)
    ![Screen Shot 2016-01-07 at 11.07.54.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-07 at 11.07.54.png_thumb)
    ![Screen Shot 2016-01-07 at 11.08.11.png](/public/imported_attachments/1/Screen Shot 2016-01-07 at 11.08.11.png)
    ![Screen Shot 2016-01-07 at 11.08.11.png_thumb](/public/imported_attachments/1/Screen Shot 2016-01-07 at 11.08.11.png_thumb)



  • OK straight into the fiber Network Termination Unit vLAN 6 for INET.
    Why is PPPoE on both igb0 and igb0_vlan6, isn't only the last enough ?
    The F!B is made a dumb AP allright ? Did you test without it connected on your hardware ?



  • @hda:

    OK straight into the fiber Network Termination Unit vLAN 6 for INET.
    Why is PPPoE on both igb0 and igb0_vlan6, isn't only the last enough ?
    The F!B is made a dumb AP allright ? Did you test without it connected on your hardware ?

    User error. Removing igb0 from pppoe seems to have resolved the ppp log spam.
    The FB is a dumb access point. 'internet connectivity' is disconnected, and router functionality is disabled. it is connected on LAN2, which puts it in dumb mode.



  • @HiddenWolf:

    …User error...

    Well, we are curious to know if you rebooted the box and then that solved the PPP racing and
    did you solve the problem for the weird dhcpd logging about the "prefix/64" and "is other server running" ? :)



  • I have not rebooted the box today.
    The ppp race was resolved by removing igb0 from the pppoe connection, just vlan6 now.

    DHCPd logging is still off.



  • @hda:

    That is not necessarily a problem, you do not need an public address on the WAN.

    and what if I do want a public v6 address on my WAN interface? Can you give me a hint to make that happen? Because I want to do HTTP and OpenVPN to my pfSense box (with XS4ALL fiber).



  • @haarweg:

    and what if I do want a public v6 address on my WAN interface? Can you give me a hint to make that happen? Because I want to do HTTP and OpenVPN to my pfSense box (with XS4ALL fiber).

    You have public IPv6 on any of your LAN's or box's as public. Because IPv6 is public exposure with just a (un)block away on the WAN-firewall IP:portnumber.