Cannot get IPV6 pd to work
-
I'm not fully up to speed on ipv6, still reading a learning a lot, so please be gentle with me.
My ISP has started to enable IPV6, and although not all users have it enabled yet they were kind enough to enable it on my link to see if pfSense would work, it does not appear to do so.
Now, I have tried with the ISP supplied router and that worked without issue so this is what I have found, it may be wide of the mark, but better minds than mine will, I hope, tell me.
OK, so the basics, my ISP uses WAN DHCP with a /56 prefix delegation, and I am told to use SLAAC on the LAN side.
Now, it appears that pfSense is not sending dhcp solicit packets, below is packet capture from the ISP's router, you'll see the DHCPv6 Solicit is packet 13.
This is never seen from pfSense and further investigation shows me that dhcp6c is not running. I have tried this using both 2.2.6 and now 2.3, the result is the same.
I have tried various settings in the DHCP6 settings, sending ia-pd, requests for DNS etc, nothing makes any difference.
Am I doing something wrong, very possible or is there an issue.
I'll add this that I was told by the ISP, and I quote.
Bit of a side note: At the moment the DHCPv6 SOLICIT needs to come in within a few seconds of the v4 DISCOVER. This isn't how it's going to be once we do the mass rollout, but it's a current limitation.
![ISP Router.JPG](/public/imported_attachments/1/ISP Router.JPG)
![ISP Router.JPG_thumb](/public/imported_attachments/1/ISP Router.JPG_thumb) -
Ok… so a few options to check...
On the WAN side... your IPv6 setting should be DHCPv6. Further down, you should select the prefix size, check the box to request IPv6 over the IPv4 link (anytime there's an IPv4 change, it will also cause IPv6 to check itself), and probably also check the box to send a prefix hint (if your ISP is automatically giving you a /56, that might not be necessary, but if they offer up various prefix sizes you might get whatever their default is if it's not checked).
On your LAN, for IPv6 choose Track Interface, then select WAN. In the IPv6 section, you can choose what prefix ID you want to use (the last two characters of the first half of the IPv6 address (i.e. 2001:aaaa:bbbb:cc00::); choices for a /56 delegation will range from 00 to FF). SLAAC will be used for the LAN interface on pfSense, and after saving/applying, you can then go into DHCPv6/RA settings and adjust as you see fit for the rest of your LAN devices.
Let's start with that and see where you are after this.
edit to turn off smileys so my example IPv6 address doesn't end up with a smiley at the end
-
Thanks for that.
I have done as you suggested and it made no difference. According to the logs dhcp6c never runs.
The v4 DHCP client runs and all there is fine. This is my DHCP log after a restart.
System log shows nothing out of the ordinary. There is nothing later in the DHCP log either.
-
@virgiliomi:
Ok… so a few options to check...
On the WAN side... your IPv6 setting should be DHCPv6. Further down, you should select the prefix size, check the box to request IPv6 over the IPv4 link (anytime there's an IPv4 change, it will also cause IPv6 to check itself), and probably also check the box to send a prefix hint (if your ISP is automatically giving you a /56, that might not be necessary, but if they offer up various prefix sizes you might get whatever their default is if it's not checked).
On your LAN, for IPv6 choose Track Interface, then select WAN. In the IPv6 section, you can choose what prefix ID you want to use (the last two characters of the first half of the IPv6 address (i.e. 2001:aaaa:bbbb:cc00::); choices for a /56 delegation will range from 00 to FF). SLAAC will be used for the LAN interface on pfSense, and after saving/applying, you can then go into DHCPv6/RA settings and adjust as you see fit for the rest of your LAN devices.
Let's start with that and see where you are after this.
edit to turn off smileys so my example IPv6 address doesn't end up with a smiley at the end
On further analysis and testing I have found out that if I run dhcp6c using Shellcmd I do get the prefix and it appears on my LAN, the problem then is my DHCP log shows XID errors as if there were two dhcp6c clients running, ps aux … shows there is only one, another thing to note is that rtsold_re0_script.sh does not appear to run.
From what I can work out examining the capture of the ISP supplied router there is an ICMPc6 RA packet sent out, again, this does not appear to happen with pfSense. It may be this that is causing my issues. It's not unusual for my ISP to set things up in a strange way.
I think I need to add here that an IPV4 connection to my ISP is done using DHCP Option 61, that gives me an IP address, there is no 'normal' PPPoE type login, maybe this is what's causing my issues.
-
Were you the one who opened this by chance?
https://redmine.pfsense.org/issues/5993If not, it's possible you have a similar circumstance. There isn't an RA in the packet capture screenshot in your first post. Though that's only about 12 seconds shown, so it could have missed it. If you don't receive an RA before sending a DHCPv6 solicit, then you end up in the case noted in that bug ticket. That doesn't happen in most all circumstances, but given the oddity you noted with v4 and v6 having to come close together, you're not in a typical circumstance.
-
I did not open the ticket, but I have been working with the person who did and a couple of others to resolve the issue, he works for my ISP so was able to give me the sequence required. I have a temporary hack in place until the issue is fixed.
Possible solution is to add another flag in the WAN IPV6 set-up for IPoE connections and take it from there. My hack at present is to run the daemon using a shellstart command and I've edited the interfaces.inc to take out the dhcp6c start in rtsold_*** creation. This is working, but I still appear to be getting multiple dhcp6c clients getting started somewhere so XID mismatch errors are showing in the logs.
However, now we know what the issue is and what's needed to resolve it.
-
This issue has been picked up by Mike to be looked at for 2.3.1
However, if there are users out there having this issue then I can send them the two files needed to make pfSense work until the issue is resolved. I will be keeping them up to date as required.
So to clarify, this issue is caused by the ISP expecting a DHCP solicit from pfSense BEFORE RA. If it does not get it, no PD is given.
I have had the fix running now for a few days and have not had any side effects.
The 'fix' does not involve running a shellcmd, it is now part of the interfaces.inc and adds some extra logic around the rtsold script creation, changing the launch sequence but allowing for the option to run the original process, that being dependent on a new option in the WAN setup which creates a new flag in config.xml.
-
@marjohh:
This issue has been picked up by Mike to be looked at for 2.3.1
By me, actually, Chris. But yeah. :)
The patch you're using is the one attached on the bug ticket, right?
https://redmine.pfsense.org/issues/5993If you could add feedback on that redmine ticket in a month or so, just so I know whether you've seen any issues with that change, I'd appreciate the feedback.
-
Sorry about that, it was very early when I posted that message and my brain was not fully awake! ::)
Is it the same patches, No, well sort of.
I would like to delete those patches but I cannot find how to do that. I have updated them quite a bit now to include some logic and added an interfaces.php change that sets a value in the config.xml to allow you to set the option, the logic is dependent on that.
I cannot upload them in this area, it does not allow php or inc, and it appears I cannot add them to the https://redmine.pfsense.org/issues/5993 thread either, hence if people want them I'll have to pm them to them.
I'll let you know how it goes in a few weeks. There is another user also switching this weekend to 2.3b and he will be using them too, so it will get plenty of testing.
Do you know where I can get the source for dhcp6c as used in pfsense, is it open?
-
dhcp6c is from FreeBSD ports' net/dhcp6/
https://github.com/pfsense/FreeBSD-ports/tree/devel/net/dhcp6I deleted the patches and full files you posted on the redmine ticket and added a patch there that's the diff between 2.3 as of today, and the full files you posted there. Probably the easiest way to create a patch for that is checkout the main repo (https://github.com/pfsense/pfsense), make your changes there, and run 'git diff'. The output of 'git diff' is your patch.
-
Thank you Chris, much appreciated.
The reason I want to look at dhcp6c is the logging is a bit naf, so I would like to tidy that up.