Fail to get an IPV6 on esxi at online.net



  • Hi there,

    I have a dedicated server at online with vmware.
    I have a pfsense (2.3-RELEASE) virtual machine wich act as a gateway between the internet and the "lan" which is in fact just another vswitch on wich all of my vms are connected.
    Evgerything works fine with ipv4.

    I'm trying to use ipv6 on theses machines.
    There's a doc on "online" website https://documentation.online.net/en/serveur-dedie/reseau/ipv6-prefix but it doesn't cover *BSD nor pfsense.

    I found this tutorial for FreeBSD http://barfooze.de/stuff/online_ipv6.txt but it doesn't work. I can't manage to get any ipv6 on the wan interface.

    I found this one for pfsense http://howto.arendtsen.dk/online-pfsense-ipv6/ but still no luck :(

    I don't really see what could I miss, the "DUID" part seems ok,  can see traffic coming so it's not a firewall issue, if anyone has an idea, i will be happy.

    Here's a log when I manually launch dhcp6c.

    [2.3-RELEASE][root@toto]/: dhcp6c -Df -c /var/etc/dhcp6c_wan.conf em0
    Apr/18/2016 16:33:39: extracted an existing DUID from /var/db/dhcp6c_duid: 00:03:00:01:46:b2:d6:c2:b4:0b
    Apr/18/2016 16:33:39: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Apr/18/2016 16:33:39: failed initialize control message authentication
    Apr/18/2016 16:33:39: skip opening control port
    Apr/18/2016 16:33:39: <3>[interface] (9)
    Apr/18/2016 16:33:39: <5>[em0] (3)
    Apr/18/2016 16:33:39: <3>begin of closure [{] (1)
    Apr/18/2016 16:33:39: <3>[script] (6)
    Apr/18/2016 16:33:39: <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
    Apr/18/2016 16:33:39: <3>end of sentence [;] (1)
    Apr/18/2016 16:33:39: <3>end of closure [}] (1)
    Apr/18/2016 16:33:39: <3>end of sentence [;] (1)
    Apr/18/2016 16:33:39: <3>[id-assoc] (8)
    Apr/18/2016 16:33:39: <13>[pd] (2)
    Apr/18/2016 16:33:39: <13>[0] (1)
    Apr/18/2016 16:33:39: <13>begin of closure [{] (1)
    Apr/18/2016 16:33:39: <3>end of closure [}] (1)
    Apr/18/2016 16:33:39: <3>end of sentence [;] (1)
    Apr/18/2016 16:33:39: called
    Apr/18/2016 16:33:39: some IA configuration defined but not used
    Apr/18/2016 16:33:39: called
    Apr/18/2016 16:33:39: reset a timer on em0, state=INIT, timeo=0, retrans=383
    Apr/18/2016 16:33:39: a new XID (e04e31) is generated
    Apr/18/2016 16:33:39: set client ID (len 10)
    Apr/18/2016 16:33:39: set elapsed time (len 2)
    Apr/18/2016 16:33:39: send solicit to ff02::1:2%em0
    Apr/18/2016 16:33:39: reset a timer on em0, state=SOLICIT, timeo=0, retrans=1088
    Apr/18/2016 16:33:40: set client ID (len 10)
    Apr/18/2016 16:33:40: set elapsed time (len 2)
    Apr/18/2016 16:33:40: send solicit to ff02::1:2%em0
    Apr/18/2016 16:33:40: reset a timer on em0, state=SOLICIT, timeo=1, retrans=2151
    Apr/18/2016 16:33:43: set client ID (len 10)
    Apr/18/2016 16:33:43: set elapsed time (len 2)
    Apr/18/2016 16:33:43: send solicit to ff02::1:2%em0
    Apr/18/2016 16:33:43: reset a timer on em0, state=SOLICIT, timeo=2, retrans=4283
    Apr/18/2016 16:33:47: set client ID (len 10)
    Apr/18/2016 16:33:47: set elapsed time (len 2)
    Apr/18/2016 16:33:47: send solicit to ff02::1:2%em0
    Apr/18/2016 16:33:47: reset a timer on em0, state=SOLICIT, timeo=3, retrans=8905
    ^C
    

    And the tcpdump log running at the same time

    [2.3-RELEASE][root@toto]/root: tcpdump -i em0 ip6
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
    16:33:38.809416 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:39.464061 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
    16:33:39.587882 IP6 fe80::32e4:dbff:fef9:6cdf > ff02::1: ICMP6, router advertisement, length 32
    16:33:39.774221 IP6 fe80::250:56ff:fe00:7ad5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:39.834204 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:39.834421 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:39.834595 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:39.836906 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:39.845715 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:39.854553 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:39.890567 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:40.430790 IP6 fe80::2a92:4aff:fe33:5aea.mdns > ff02::fb.mdns: 0 PTR (QM)? 187.202.3.183.in-addr.arpa. (44)
    16:33:40.560559 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
    16:33:40.844501 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:40.874138 IP6 fe80::250:56ff:fe00:7ad5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:40.881217 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:40.918026 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:40.939837 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:40.959722 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:41.001462 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:41.040867 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:41.560496 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
    16:33:42.554062 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
    16:33:43.041026 IP6 fe80::250:56ff:fe00:7ad5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:43.631392 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
    16:33:43.682772 IP6 fe80::32e4:dbff:fef9:6cdf > ff02::1: ICMP6, router advertisement, length 32
    16:33:44.631458 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
    16:33:45.631390 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
    16:33:46.694040 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
    16:33:47.334097 IP6 fe80::250:56ff:fe00:7ad5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
    16:33:47.694026 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
    16:33:47.995899 IP6 fe80::32e4:dbff:fef9:6cdf > ff02::1: ICMP6, router advertisement, length 32
    16:33:48.694051 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
    16:33:49.788870 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
    16:33:50.465282 IP6 fe80::2a92:4aff:fe33:57ba.mdns > ff02::fb.mdns: 0 PTR (QM)? 30.204.218.58.in-addr.arpa. (44)
    ^C
    


  • One common issue when starting out with IPv6 is to block ICMP - IPv6 uses ICMP for RA and Neighbour Solicitation among other things, so if you do want to limit ICMP - be sure about what you are limiting and on what interfaces.

    Coming from the IPv4 world many people just turn it off and then stuff breaks;

    Give us some more idea of where your issues are and we'll try and help



  • Hello,

    Actually, I restarted the computer, tried in "rescue mode" (the computer boot with a live cd ubuntu), managed to get ipv6 running and it worked.
    And when I restarted pfsense it worked too (i tried 2 or 3 times before to restart pfsense) so i suspect there was something weird witch the block that the rescue mode repaired.



  • @mbouchonnet:

    Hello,

    Actually, I restarted the computer, tried in "rescue mode" (the computer boot with a live cd ubuntu), managed to get ipv6 running and it worked.
    And when I restarted pfsense it worked too (i tried 2 or 3 times before to restart pfsense) so i suspect there was something weird witch the block that the rescue mode repaired.

    Hi!
    I am trying it as well, but my pfSense only gets a /128 as stated in the console. What did you do in rescue mode? I want to do it as quick as possible to have a low downtime…

    Regards