Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Disabling IPv6 and update packages/firmware bug

    Scheduled Pinned Locked Moved 2.3-RC Snapshot Feedback and Issues - ARCHIVED
    5 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      C0RR0SIVE
      last edited by

      Have noticed for a few builds now, that when IPv6 is set to DHCP6 on the WAN interface, I can download and check packages just fine, and the WebGUI shows whether I am on the latest version or not.  But, if I set the WAN IPv6 to None anything that checks for package or firmware updates fails with a timeout.  Below is what is seen in the system log when viewing the dashboard, as well as after trying to navigate to the packages.

      nginx: 2016/01/19 06:44:42 [error] 19548#0: *12 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.1.21, server: , request: "GET /widgets/widgets/system_information.widget.php?getupdatestatus=1 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.1.2", referrer: "http://192.168.1.2/index.php"
      
      nginx: 2016/01/19 06:47:47 [error] 19548#0: *18 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.1.21, server: , request: "GET /pkg_mgr_installed.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.1.2", referrer: "http://192.168.1.2/status_logs.php"
      

      When attempting to visit packages, I also get a "Gateway Timeout" error that shouldn't occur either.

      Using a satellite ISP that employs a dual stack modem, this issue does not occur on 2.1.5 or any of the 2.2.x builds for me.

      This issue also does not affect normal browsing, just seems what ever is checking for the package information, and firmware information from PFSense is failing after it has had an IPv6 address to use in the past, but no longer does.

      This also creates a real-world problem for me, as my ISP is known to have issues with IPv6 stability, sometimes they can give an address, other times, they do not.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        In that case you should set the system to prefer IPv4. What's happening there it sounds like is IPv6 is cached as preferred, then you take it away but that process doesn't clear out everything that might possibly cache things. The same is true in every version ever in some places and ways, though given underlying differences between, that might happen in different ways in 2.3 vs. prior versions.

        1 Reply Last reply Reply Quote 0
        • C
          C0RR0SIVE
          last edited by

          Just saying, regardless of that setting, 2.3 should not "prefer" ipv6 over ipv4 just because it had an ipv6 address for a little bit.  If it looses that IPv6 address, it should know on it's own that it won't be able to communicate via IPv6 and go straight to IPv4 to check for things, or at a minimum, use IPv4 as a fallback for anything that it can should ipv6 fail.

          EDIT:

          Checked the "Prefer IPv4 over IPv6" option in advanced, and no dice, same error.  So yup, bug.

          1 Reply Last reply Reply Quote 0
          • J
            JasonJoel
            last edited by

            @C0RR0SIVE:

            This also creates a real-world problem for me, as my ISP is known to have issues with IPv6 stability, sometimes they can give an address, other times, they do not.

            I can't ever check for updates with IPv6 turned on in 2.2 or 2.3, even though other IPv6 traffic works fine (youtube, etc). Because of this behavior in 2.2 I've given up and just disabled IPv6 altogether in pfSense. Which is a shame - I think the system should handle this more gracefully.

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              The general lack of fallback has a bug ticket open.
              https://redmine.pfsense.org/issues/3152

              @C0RR0SIVE:

              Checked the "Prefer IPv4 over IPv6" option in advanced, and no dice, same error.

              You have to flush whatever has a cache after doing so. Reboot with it set to prefer IPv4 and you won't hit that.

              @JasonJoel:

              I can't ever check for updates with IPv6 turned on in 2.2 or 2.3, even though other IPv6 traffic works fine (youtube, etc).

              Sounds like you aren't getting a functional IPv6 IP assigned WAN-side. Your LAN hosts will go out via your routed/PD'ed internal subnet, the firewall itself will go out via whatever's assigned to its WAN.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.