4. Fail to get an IPV6 on esxi at online.net

Fail to get an IPV6 on esxi at online.net

  • M

    Hi there,

    I have a dedicated server at online with vmware.
    I have a pfsense (2.3-RELEASE) virtual machine wich act as a gateway between the internet and the "lan" which is in fact just another vswitch on wich all of my vms are connected.
    Evgerything works fine with ipv4.

    I'm trying to use ipv6 on theses machines.
    There's a doc on "online" website https://documentation.online.net/en/serveur-dedie/reseau/ipv6-prefix but it doesn't cover *BSD nor pfsense.

    I found this tutorial for FreeBSD http://barfooze.de/stuff/online_ipv6.txt but it doesn't work. I can't manage to get any ipv6 on the wan interface.

    I found this one for pfsense http://howto.arendtsen.dk/online-pfsense-ipv6/ but still no luck :(

    I don't really see what could I miss, the "DUID" part seems ok,  can see traffic coming so it's not a firewall issue, if anyone has an idea, i will be happy.

    Here's a log when I manually launch dhcp6c.

    [2.3-RELEASE][root@toto]/: dhcp6c -Df -c /var/etc/dhcp6c_wan.conf em0
Apr/18/2016 16:33:39: extracted an existing DUID from /var/db/dhcp6c_duid: 00:03:00:01:46:b2:d6:c2:b4:0b
Apr/18/2016 16:33:39: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Apr/18/2016 16:33:39: failed initialize control message authentication
Apr/18/2016 16:33:39: skip opening control port
Apr/18/2016 16:33:39: <3>[interface] (9)
Apr/18/2016 16:33:39: <5>[em0] (3)
Apr/18/2016 16:33:39: <3>begin of closure [{] (1)
Apr/18/2016 16:33:39: <3>[script] (6)
Apr/18/2016 16:33:39: <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
Apr/18/2016 16:33:39: <3>end of sentence [;] (1)
Apr/18/2016 16:33:39: <3>end of closure [}] (1)
Apr/18/2016 16:33:39: <3>end of sentence [;] (1)
Apr/18/2016 16:33:39: <3>[id-assoc] (8)
Apr/18/2016 16:33:39: <13>[pd] (2)
Apr/18/2016 16:33:39: <13>[0] (1)
Apr/18/2016 16:33:39: <13>begin of closure [{] (1)
Apr/18/2016 16:33:39: <3>end of closure [}] (1)
Apr/18/2016 16:33:39: <3>end of sentence [;] (1)
Apr/18/2016 16:33:39: called
Apr/18/2016 16:33:39: some IA configuration defined but not used
Apr/18/2016 16:33:39: called
Apr/18/2016 16:33:39: reset a timer on em0, state=INIT, timeo=0, retrans=383
Apr/18/2016 16:33:39: a new XID (e04e31) is generated
Apr/18/2016 16:33:39: set client ID (len 10)
Apr/18/2016 16:33:39: set elapsed time (len 2)
Apr/18/2016 16:33:39: send solicit to ff02::1:2%em0
Apr/18/2016 16:33:39: reset a timer on em0, state=SOLICIT, timeo=0, retrans=1088
Apr/18/2016 16:33:40: set client ID (len 10)
Apr/18/2016 16:33:40: set elapsed time (len 2)
Apr/18/2016 16:33:40: send solicit to ff02::1:2%em0
Apr/18/2016 16:33:40: reset a timer on em0, state=SOLICIT, timeo=1, retrans=2151
Apr/18/2016 16:33:43: set client ID (len 10)
Apr/18/2016 16:33:43: set elapsed time (len 2)
Apr/18/2016 16:33:43: send solicit to ff02::1:2%em0
Apr/18/2016 16:33:43: reset a timer on em0, state=SOLICIT, timeo=2, retrans=4283
Apr/18/2016 16:33:47: set client ID (len 10)
Apr/18/2016 16:33:47: set elapsed time (len 2)
Apr/18/2016 16:33:47: send solicit to ff02::1:2%em0
Apr/18/2016 16:33:47: reset a timer on em0, state=SOLICIT, timeo=3, retrans=8905
^C

    And the tcpdump log running at the same time

    [2.3-RELEASE][root@toto]/root: tcpdump -i em0 ip6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
16:33:38.809416 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:39.464061 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
16:33:39.587882 IP6 fe80::32e4:dbff:fef9:6cdf > ff02::1: ICMP6, router advertisement, length 32
16:33:39.774221 IP6 fe80::250:56ff:fe00:7ad5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:39.834204 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:39.834421 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:39.834595 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:39.836906 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:39.845715 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:39.854553 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:39.890567 IP6 fe80::3def:9c8b:b5ba:e958.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:40.430790 IP6 fe80::2a92:4aff:fe33:5aea.mdns > ff02::fb.mdns: 0 PTR (QM)? 187.202.3.183.in-addr.arpa. (44)
16:33:40.560559 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
16:33:40.844501 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:40.874138 IP6 fe80::250:56ff:fe00:7ad5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:40.881217 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:40.918026 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:40.939837 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:40.959722 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:41.001462 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:41.040867 IP6 fe80::8db2:5ac9:e7c3:d90c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:41.560496 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
16:33:42.554062 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
16:33:43.041026 IP6 fe80::250:56ff:fe00:7ad5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:43.631392 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
16:33:43.682772 IP6 fe80::32e4:dbff:fef9:6cdf > ff02::1: ICMP6, router advertisement, length 32
16:33:44.631458 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
16:33:45.631390 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
16:33:46.694040 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
16:33:47.334097 IP6 fe80::250:56ff:fe00:7ad5.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
16:33:47.694026 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
16:33:47.995899 IP6 fe80::32e4:dbff:fef9:6cdf > ff02::1: ICMP6, router advertisement, length 32
16:33:48.694051 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
16:33:49.788870 IP6 fe80::250:56ff:fe00:7ad5 > ff02::1:fff9:6cde: ICMP6, neighbor solicitation, who has fe80::32e4:dbff:fef9:6cde, length 32
16:33:50.465282 IP6 fe80::2a92:4aff:fe33:57ba.mdns > ff02::fb.mdns: 0 PTR (QM)? 30.204.218.58.in-addr.arpa. (44)
^C
    0
  • T

    One common issue when starting out with IPv6 is to block ICMP - IPv6 uses ICMP for RA and Neighbour Solicitation among other things, so if you do want to limit ICMP - be sure about what you are limiting and on what interfaces.

    Coming from the IPv4 world many people just turn it off and then stuff breaks;

    Give us some more idea of where your issues are and we'll try and help

    0
  • M

    Hello,

    Actually, I restarted the computer, tried in "rescue mode" (the computer boot with a live cd ubuntu), managed to get ipv6 running and it worked.
    And when I restarted pfsense it worked too (i tried 2 or 3 times before to restart pfsense) so i suspect there was something weird witch the block that the rescue mode repaired.

    0
  • M

    @mbouchonnet:

    Hello,

    Actually, I restarted the computer, tried in "rescue mode" (the computer boot with a live cd ubuntu), managed to get ipv6 running and it worked.
    And when I restarted pfsense it worked too (i tried 2 or 3 times before to restart pfsense) so i suspect there was something weird witch the block that the rescue mode repaired.

    Hi!
    I am trying it as well, but my pfSense only gets a /128 as stated in the console. What did you do in rescue mode? I want to do it as quick as possible to have a low downtime…

    Regards

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy