Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Fail to get an IPV6 on esxi at online.net

    Scheduled Pinned Locked Moved IPv6
    4 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mbouchonnet
      last edited by

      Hi there,

      I have a dedicated server at online with vmware.
      I have a pfsense (2.3-RELEASE) virtual machine wich act as a gateway between the internet and the "lan" which is in fact just another vswitch on wich all of my vms are connected.
      Evgerything works fine with ipv4.

      I'm trying to use ipv6 on theses machines.
      There's a doc on "online" website https://documentation.online.net/en/serveur-dedie/reseau/ipv6-prefix but it doesn't cover *BSD nor pfsense.

      I found this tutorial for FreeBSD http://barfooze.de/stuff/online_ipv6.txt but it doesn't work. I can't manage to get any ipv6 on the wan interface.

      I found this one for pfsense http://howto.arendtsen.dk/online-pfsense-ipv6/ but still no luck :(

      I don't really see what could I miss, the "DUID" part seems ok,  can see traffic coming so it's not a firewall issue, if anyone has an idea, i will be happy.

      Here's a log when I manually launch dhcp6c.

      [2.3-RELEASE][root@toto]/: dhcp6c -Df -c /var/etc/dhcp6c_wan.conf em0
      Apr/18/2016 16:33:39: extracted an existing DUID from /var/db/dhcp6c_duid: 00:03:00:01:46:b2:d6:c2:b4:0b
      Apr/18/2016 16:33:39: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
      Apr/18/2016 16:33:39: failed initialize control message authentication
      Apr/18/2016 16:33:39: skip opening control port
      Apr/18/2016 16:33:39: <3>[interface] (9)
      Apr/18/2016 16:33:39: <5>[em0] (3)
      Apr/18/2016 16:33:39: <3>begin of closure [{] (1)
      Apr/18/2016 16:33:39: <3>[script] (6)
      Apr/18/2016 16:33:39: <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
      Apr/18/2016 16:33:39: <3>end of sentence [;] (1)
      Apr/18/2016 16:33:39: <3>end of closure [}] (1)
      Apr/18/2016 16:33:39: <3>end of sentence [;] (1)
      Apr/18/2016 16:33:39: <3>[id-assoc] (8)
      Apr/18/2016 16:33:39: <13>[pd] (2)
      Apr/18/2016 16:33:39: <13>[0] (1)
      Apr/18/2016 16:33:39: <13>begin of closure [{] (1)
      Apr/18/2016 16:33:39: <3>end of closure [}] (1)
      Apr/18/2016 16:33:39: <3>end of sentence [;] (1)
      Apr/18/2016 16:33:39: called
      Apr/18/2016 16:33:39: some IA configuration defined but not used
      Apr/18/2016 16:33:39: called
      Apr/18/2016 16:33:39: reset a timer on em0, state=INIT, timeo=0, retrans=383
      Apr/18/2016 16:33:39: a new XID (e04e31) is generated
      Apr/18/2016 16:33:39: set client ID (len 10)
      Apr/18/2016 16:33:39: set elapsed time (len 2)
      Apr/18/2016 16:33:39: send solicit to ff02::1:2%em0
      Apr/18/2016 16:33:39: reset a timer on em0, state=SOLICIT, timeo=0, retrans=1088
      Apr/18/2016 16:33:40: set client ID (len 10)
      Apr/18/2016 16:33:40: set elapsed time (len 2)
      Apr/18/2016 16:33:40: send solicit to ff02::1:2%em0
      Apr/18/2016 16:33:40: reset a timer on em0, state=SOLICIT, timeo=1, retrans=2151
      Apr/18/2016 16:33:43: set client ID (len 10)
      Apr/18/2016 16:33:43: set elapsed time (len 2)
      Apr/18/2016 16:33:43: send solicit to ff02::1:2%em0
      Apr/18/2016 16:33:43: reset a timer on em0, state=SOLICIT, timeo=2, retrans=4283
      Apr/18/2016 16:33:47: set client ID (len 10)
      Apr/18/2016 16:33:47: set elapsed time (len 2)
      Apr/18/2016 16:33:47: send solicit to ff02::1:2%em0
      Apr/18/2016 16:33:47: reset a timer on em0, state=SOLICIT, timeo=3, retrans=8905
      ^C
      

      And the tcpdump log running at the same time

      [2.3-RELEASE][root@toto]/root: tcpdump -i em0 ip6
      tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
      listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
      16:33:38.809416 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:39.464061 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
      16:33:39.587882 IP6 fe80::32e4:dbff:fef9:6cdf > ff02::1: ICMP6, router advertisement, length 32
      16:33:39.774221 IP6 fe80::250:56ff:fe00:7ad5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:39.834204 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:39.834421 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:39.834595 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:39.836906 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:39.845715 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:39.854553 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:39.890567 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:40.430790 IP6 fe80::2a92:4aff:fe33:5aea.mdns > ff02::fb.mdns: 0 PTR (QM)? 187.202.3.183.in-addr.arpa. (44)
      16:33:40.560559 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
      16:33:40.844501 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:40.874138 IP6 fe80::250:56ff:fe00:7ad5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:40.881217 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:40.918026 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:40.939837 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:40.959722 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:41.001462 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:41.040867 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:41.560496 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
      16:33:42.554062 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
      16:33:43.041026 IP6 fe80::250:56ff:fe00:7ad5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:43.631392 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
      16:33:43.682772 IP6 fe80::32e4:dbff:fef9:6cdf > ff02::1: ICMP6, router advertisement, length 32
      16:33:44.631458 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
      16:33:45.631390 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
      16:33:46.694040 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
      16:33:47.334097 IP6 fe80::250:56ff:fe00:7ad5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
      16:33:47.694026 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
      16:33:47.995899 IP6 fe80::32e4:dbff:fef9:6cdf > ff02::1: ICMP6, router advertisement, length 32
      16:33:48.694051 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
      16:33:49.788870 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
      16:33:50.465282 IP6 fe80::2a92:4aff:fe33:57ba.mdns > ff02::fb.mdns: 0 PTR (QM)? 30.204.218.58.in-addr.arpa. (44)
      ^C
      
      1 Reply Last reply Reply Quote 0
      • T
        Toady
        last edited by

        One common issue when starting out with IPv6 is to block ICMP - IPv6 uses ICMP for RA and Neighbour Solicitation among other things, so if you do want to limit ICMP - be sure about what you are limiting and on what interfaces.

        Coming from the IPv4 world many people just turn it off and then stuff breaks;

        Give us some more idea of where your issues are and we'll try and help

        1 Reply Last reply Reply Quote 0
        • M
          mbouchonnet
          last edited by

          Hello,

          Actually, I restarted the computer, tried in "rescue mode" (the computer boot with a live cd ubuntu), managed to get ipv6 running and it worked.
          And when I restarted pfsense it worked too (i tried 2 or 3 times before to restart pfsense) so i suspect there was something weird witch the block that the rescue mode repaired.

          1 Reply Last reply Reply Quote 0
          • M
            MAGIC
            last edited by

            @mbouchonnet:

            Hello,

            Actually, I restarted the computer, tried in "rescue mode" (the computer boot with a live cd ubuntu), managed to get ipv6 running and it worked.
            And when I restarted pfsense it worked too (i tried 2 or 3 times before to restart pfsense) so i suspect there was something weird witch the block that the rescue mode repaired.

            Hi!
            I am trying it as well, but my pfSense only gets a /128 as stated in the console. What did you do in rescue mode? I want to do it as quick as possible to have a low downtime…

            Regards

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.