[SOLVED] After 2.3 upgrade IPv6 stopped working
After upgraded from 2.2.6 to 2.3 yesterday my IPv6 (Comcast /64) connectivity, that has worked for over a year, stopped working.
Everything looks like it should be OK. I get IPv6 addresses on my WAN and LAN. Client PC's on my LAN get IPv6 addresses and routing.
Shelled into the pfsense box, tcpdump on the WAN interface shows client IPv6 packets (tested SSH, ICMP6) sent to an internet remote host leaving, nothing returning (I'm uncertain how this works; can tcpdump see everything, or is pf potentially blocking some packets?). The remote host does not see any packets arriving. The pfsense GUI firewall log shows nothing related to this.
When I SSH or ping6 IPv6 addresses from the pfsense box itself, it works. I can ping6 ipv6.google.com just fine, for example.
Any ideas? Thank you.
What you see in tcpdump is what's on the wire. For egress traffic, if you see it there, it's getting sent out to your modem.
I think it's probably more likely the reboot is at fault than the upgrade. Lots of Comcast IPv6 users have upgraded successfully.
Do you have a SB 6183 modem? They've had some firmware issues recently that's breaking people's IPv6.
I have an Arris cm820a cable modem.
You are getting a PD-assigned subnet I guess? Status>Interfaces shows a public IPv6 IP.
If you go to Diag>Ping, choose IPv6, and try to ping ipv6.google.com does that work? Then if you change source address to LAN, does that work?
I rebooted both the cable modem and the pfsense box and now everything works. It must have been something flaky with the modem.
Thank you for your help cmb.
Judging by your description initially, it seemed like you had a PD-assigned subnet, and were sending traffic out your WAN, but it was just disappearing somewhere upstream. Probably was something on the modem that flaked out from the sounds of it, or maybe Comcast missed adding a PD route for your delegated subnet and power cycling the modem fixed that upon your next DHCPv6 request. Glad that worked. Might want to try rebooting only pfsense to make sure it comes up clean after a reboot.