IPv6 on WAN but not on LAN



  • Hi,

    my pfSense 2.3 runs on a APU1C with IPv6 enabled. My Provider here in Germany is Telekom. In front of the WAN Interface is a FritzBox Router (IPv4 + IPv6 enabled)
    I have already an external IPv6 Adress on my WAN Interface - but no IPv6 on my LAN Interface (Track Interface -> WAN)

    LAN_Bridge0 is a bridge between my WiFi Card and my LAN_Port.
    My current Settings:

    • IPv6 is enabled (System -> Advaned -> Networking -> Allow IPv6 is ON)

    • WAN Port IPv6 Config Type: DHCP6

    • DHCPv6 Prefix Delegation Size: 60 (my Provider is given me /56 on WAN)

    • Send IPv6 prefix hint is checked

    • LAN_Bridge0 IPv6 Config Type: Track Interface -> WAN

    • Floating Rules created for IPv6 ICMP and Port 546,547,1900,535

    • Block private networks on WAN is disabled

    • No DHCPv6 Server or Router Advertisments is running

    • No DHCPv6 relay is running

    My Network:

    
          WAN / Internet
                :
                : Telekom
                :
          .-----+-----.	  external Telekom IPv6 Adresse:
          |  FritzBox |       2003:XXXX:ae20:XXXX::/56
          '-----+-----'
    	      |
    	FB  | 192.168.217.1
            WAN | 192.168.217.2 / 2003:xxx:ae20:XXXX:20d:XXXX:fe33:XXXX 
    			|
          .-----+-----. 
          |  pfSense  +
          '-----+-----' 
                |
            LAN | 172.16.17.254 / No more IPv6
                |
          .-----+------.
          | LAN-Switch |
          '-----+------'
                |
        ...-----+------... (Clients/Servers)
    	        172.16.17.0 /24
    
    

    Interface Status

    
    WAN_PORT Interface (wan, re2)
    
    Status
        up
    MAC Address
        00:0d:b9:33:9c:42
    IPv4 Address
        192.168.217.2
    Subnet mask IPv4
        255.255.255.0
    Gateway IPv4
        192.168.217.1
    IPv6 Link Local
        fe80::20d:b9ff:fe33:9c42%re2
    IPv6 Address
        2003:85:ae1d:XXX:20d:XXXX:fe33:XXXX
    Subnet mask IPv6
        64
    Gateway IPv6
        fe80::5e49:79ff:fe98:4e23
    ISP DNS servers
        192.168.217.1
    MTU
        1500
    Media
        100baseTX <full-duplex>In/out packets
        480763/427787
    In/out packets (pass)
        480763/427787
    In/out packets (block)
        391/4
    In/out errors
        0/0
    Collisions
        0	
    
    LAN_BRIDGE0 Interface (lan, bridge0)
    
    Status
        up
    MAC Address
        02:f4:68:8c:0c:00
    IPv4 Address
        172.16.17.254
    Subnet mask IPv4
        255.255.255.0
    IPv6 Link Local
        fe80::1:1%bridge0
    MTU
        1500
    In/out packets
        520206/491235
    In/out packets (pass)
        520206/491235
    In/out packets (block)
        100/0
    In/out errors
        0/4
    Collisions
        0	
    
    LAN_PORT Interface (opt1, re1)
    
    Status
        up
    MAC Address
        00:0d:b9:33:9c:41
    IPv6 Link Local
        fe80::20d:b9ff:fe33:9c41%re1
    MTU
        1500
    Media
        1000baseT <full-duplex>In/out packets
        4669/0
    In/out packets (pass)
        4669/0
    In/out packets (block)
        128/0
    In/out errors
        0/0
    Collisions
        0
    Bridge (bridge0)
        learning	
    
    WLAN_BRIDGE0 Interface (opt2, ath0)
    
    Status
        up
    MAC Address
        04:f0:21:0a:71:1f
    IPv6 Link Local
        fe80::6f0:21ff:fe0a:711f%ath0_wlan0
    MTU
        1500
    Media
        autoselect mode 11ng <hostap>Channel
        5
    SSID
        SKULL-Net
    In/out packets
        0/2277
    In/out packets (pass)
        0/2277
    In/out packets (block)
        0/0
    In/out errors
        0/8
    Collisions
        0
    Bridge (bridge0)
        learning	
    
    WLAN_GUEST Interface (opt3, ath0_wlan1)
    
    Status
        up
    MAC Address
        06:f0:21:0a:71:1f
    IPv4 Address
        172.16.19.254
    Subnet mask IPv4
        255.255.255.0
    IPv6 Link Local
        fe80::1:1%ath0_wlan1
    MTU
        1500
    Media
        autoselect mode 11ng <hostap>Channel
        5
    SSID
        SKULL-Guest
    In/out packets
        0/503
    In/out packets (pass)
        0/503
    In/out packets (block)
        0/0
    In/out errors
        0/1
    Collisions
        0	
    
    PIA_VPN Interface (opt4, ovpnc1)
    
    Status
        up
    MAC Address
        00:00:00:00:00:00
    IPv4 Address
        10.199.1.6
    Subnet mask IPv4
        255.255.255.255
    Gateway IPv4
        10.199.1.5
    IPv6 Link Local
        fe80::20d:b9ff:fe33:9c40%ovpnc1
    MTU
        1500
    In/out packets
        6342/6354
    In/out packets (pass)
        6342/6354
    In/out packets (block)
        82/0
    In/out errors
        0/0
    Collisions
        0	
    
    WLAN_VPN Interface (opt5, ath0_wlan2)
    
    Status
        up
    MAC Address
        0e:f0:21:0a:71:1f
    IPv4 Address
        172.16.20.254
    Subnet mask IPv4
        255.255.255.0
    IPv6 Link Local
        fe80::cf0:21ff:fe0a:711f%ath0_wlan2
    MTU
        1500
    Media
        autoselect mode 11ng <hostap>Channel
        5
    SSID
        SKULL-VPN
    In/out packets
        0/0
    In/out packets (pass)
        0/0
    In/out packets (block)
        0/0
    In/out errors
        0/3
    Collisions
        0	
    
    VLAN10_DMZ Interface (opt6, re1_vlan10)
    
    Status
        up
    MAC Address
        00:0d:b9:33:9c:41
    IPv4 Address
        172.16.50.254
    Subnet mask IPv4
        255.255.255.0
    IPv6 Link Local
        fe80::20d:b9ff:fe33:9c41%re1_vlan10
    MTU
        1500
    Media
        1000baseT <full-duplex>In/out packets
        8/4
    In/out packets (pass)
        8/4
    In/out packets (block)
        0/0
    In/out errors
        0/0
    Collisions
        0	
    
    VLAN20_VPN Interface (opt7, re1_vlan20)
    
    Status
        up
    MAC Address
        00:0d:b9:33:9c:41
    IPv4 Address
        172.16.21.254
    Subnet mask IPv4
        255.255.255.0
    IPv6 Link Local
        fe80::20d:b9ff:fe33:9c41%re1_vlan20
    MTU
        1500
    Media
        1000baseT <full-duplex>In/out packets
        10/2
    In/out packets (pass)
        10/2
    In/out packets (block)
        0/0
    In/out errors
        0/0
    Collisions
        0</full-duplex></full-duplex></hostap></hostap></hostap></full-duplex></full-duplex> 
    

    On pfSense 2.2 the IPv6 was just fine on WAN+LAN. Since i updated to version 2.3 the IPv6 Adress on the LAN side is gone.
    I want to use IPv6 also on the LAN as before. Is there a way to debug the problem ?
    Anyone a hint ?

    Big Thanks!

    Kind regards,
    BeNe










  • The handful of similar circumstances that have come up after upgrading to 2.3 ended up being unrelated to the upgrade, they lost DHCP6 or PD after renewal. Some buggy firmware's been going around for cable modems on some US ISPs that causes IPv6 breakage. But yours is a much different scenario, that wouldn't be the case for you.

    You sure your modem is really still handing out PD?

    What dhcp6c logs you have in the DHCP log?



  • @cmb:

    Some buggy firmware's been going around for cable modems on some US ISPs that causes IPv6 breakage. But yours is a much different scenario, that wouldn't be the case for you.

    Just wanted to point out that only one modem (the Arris SB6183) had an issue with IPv6 that I'm aware of, and the issue was actually resolved late last year. Some US cable ISPs are late to the game in testing/rolling it out because of their less than complete IPv6 systems, but one of them did have it tested and released to customers late last year or very early this year because of the fact that their network is 100% IPv6 capable, including their provisioning systems.

    Add in the new "vulnerability" (not really) regarding the reboot/reset buttons in the Arris modem web interface and now those ISP's are having to start their firmware testing process all over to get a new firmware update processed that resolves both issues.



  • I've got the same problem, IPv6 was tracking before the 2.3 update and now it doesn't. I haven't been able to get anything but the WAN to take a address. I've tried restarting the interface and various other things. Not sure what's wrong, but I suspect there is a bug here.



  • I played around with the IPv6 options on the pfSense WAN Interface.
    After i enabled "Request only an IPv6 prefix" i got an IPv6 address on the LAN.  :)
    So the main problem is fixed for me with this option.

    This was a failed DHCPv6 Log:

    
    May 8 19:56:16 	dhcp6c 	51008 	advertise contains NoAddrsAvail status
    May 8 19:56:16 	dhcp6c 	51008 	server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1
    May 8 19:56:16 	dhcp6c 	51008 	status code: no addresses
    May 8 19:56:16 	dhcp6c 	51008 	get DHCP option status code, len 33
    May 8 19:56:16 	dhcp6c 	51008 	DUID: 00:03:00:01:5c:49:79:98:4e:23
    May 8 19:56:16 	dhcp6c 	51008 	get DHCP option server ID, len 10
    May 8 19:56:16 	dhcp6c 	51008 	DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40
    May 8 19:56:16 	dhcp6c 	51008 	get DHCP option client ID, len 14
    May 8 19:56:16 	dhcp6c 	51008 	receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2
    May 8 19:56:16 	dhcp6c 	51008 	reset a timer on re2, state=SOLICIT, timeo=4, retrans=17217
    May 8 19:56:16 	dhcp6c 	51008 	send solicit to ff02::1:2%re2
    May 8 19:56:16 	dhcp6c 	51008 	set IA_PD
    May 8 19:56:16 	dhcp6c 	51008 	set IA_PD prefix
    May 8 19:56:16 	dhcp6c 	51008 	set option request (len 4)
    May 8 19:56:16 	dhcp6c 	51008 	set elapsed time (len 2)
    May 8 19:56:16 	dhcp6c 	51008 	set identity association
    May 8 19:56:16 	dhcp6c 	51008 	set client ID (len 14)
    May 8 19:56:07 	dhcp6c 	51008 	advertise contains NoAddrsAvail status
    May 8 19:56:07 	dhcp6c 	51008 	server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1
    May 8 19:56:07 	dhcp6c 	51008 	status code: no addresses
    May 8 19:56:07 	dhcp6c 	51008 	get DHCP option status code, len 33
    May 8 19:56:07 	dhcp6c 	51008 	DUID: 00:03:00:01:5c:49:79:98:4e:23
    May 8 19:56:07 	dhcp6c 	51008 	get DHCP option server ID, len 10
    May 8 19:56:07 	dhcp6c 	51008 	DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40
    May 8 19:56:07 	dhcp6c 	51008 	get DHCP option client ID, len 14
    May 8 19:56:07 	dhcp6c 	51008 	receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2
    May 8 19:56:07 	dhcp6c 	51008 	reset a timer on re2, state=SOLICIT, timeo=3, retrans=8905
    May 8 19:56:07 	dhcp6c 	51008 	send solicit to ff02::1:2%re2
    May 8 19:56:07 	dhcp6c 	51008 	set IA_PD
    May 8 19:56:07 	dhcp6c 	51008 	set IA_PD prefix
    May 8 19:56:07 	dhcp6c 	51008 	set option request (len 4)
    May 8 19:56:07 	dhcp6c 	51008 	set elapsed time (len 2)
    May 8 19:56:07 	dhcp6c 	51008 	set identity association
    May 8 19:56:07 	dhcp6c 	51008 	set client ID (len 14)
    May 8 19:56:03 	dhcp6c 	51008 	advertise contains NoAddrsAvail status
    May 8 19:56:03 	dhcp6c 	51008 	server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1
    May 8 19:56:03 	dhcp6c 	51008 	status code: no addresses
    May 8 19:56:03 	dhcp6c 	51008 	get DHCP option status code, len 33
    May 8 19:56:03 	dhcp6c 	51008 	DUID: 00:03:00:01:5c:49:79:98:4e:23
    May 8 19:56:03 	dhcp6c 	51008 	get DHCP option server ID, len 10
    May 8 19:56:03 	dhcp6c 	51008 	DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40
    May 8 19:56:03 	dhcp6c 	51008 	get DHCP option client ID, len 14
    May 8 19:56:03 	dhcp6c 	51008 	receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2
    May 8 19:56:03 	dhcp6c 	51008 	reset a timer on re2, state=SOLICIT, timeo=2, retrans=4283
    May 8 19:56:03 	dhcp6c 	51008 	send solicit to ff02::1:2%re2
    May 8 19:56:03 	dhcp6c 	51008 	set IA_PD
    May 8 19:56:03 	dhcp6c 	51008 	set IA_PD prefix
    May 8 19:56:03 	dhcp6c 	51008 	set option request (len 4)
    May 8 19:56:03 	dhcp6c 	51008 	set elapsed time (len 2)
    May 8 19:56:03 	dhcp6c 	51008 	set identity association
    May 8 19:56:03 	dhcp6c 	51008 	set client ID (len 14)
    May 8 19:56:02 	dhcpd 		Server starting service.
    May 8 19:56:02 	dhcpd 		Sending on Socket/fallback/fallback-net
    May 8 19:56:02 	dhcpd 		Sending on BPF/bridge0/02:f4:68:8c:0c:00/172.16.17.0/24
    May 8 19:56:02 	dhcpd 		Listening on BPF/bridge0/02:f4:68:8c:0c:00/172.16.17.0/24
    May 8 19:56:02 	dhcpd 		Sending on BPF/ath0_wlan1/06:f0:21:0a:71:1f/172.16.19.0/24
    May 8 19:56:02 	dhcpd 		Listening on BPF/ath0_wlan1/06:f0:21:0a:71:1f/172.16.19.0/24
    May 8 19:56:02 	dhcpd 		Sending on BPF/ath0_wlan2/0e:f0:21:0a:71:1f/172.16.20.0/24
    May 8 19:56:02 	dhcpd 		Listening on BPF/ath0_wlan2/0e:f0:21:0a:71:1f/172.16.20.0/24
    May 8 19:56:02 	dhcpd 		Sending on BPF/re1_vlan10/00:0d:b9:33:9c:41/172.16.50.0/24
    May 8 19:56:02 	dhcpd 		Listening on BPF/re1_vlan10/00:0d:b9:33:9c:41/172.16.50.0/24
    May 8 19:56:02 	dhcpd 		Sending on BPF/re1_vlan20/00:0d:b9:33:9c:41/172.16.21.0/24
    May 8 19:56:02 	dhcpd 		Listening on BPF/re1_vlan20/00:0d:b9:33:9c:41/172.16.21.0/24
    May 8 19:56:02 	dhcpd 		Wrote 173 leases to leases file.
    May 8 19:56:02 	dhcpd 		Wrote 0 new dynamic host decls to leases file.
    May 8 19:56:02 	dhcpd 		Wrote 0 deleted host decls to leases file.
    May 8 19:56:02 	dhcpd 		For info, please visit https://www.isc.org/software/dhcp/
    May 8 19:56:02 	dhcpd 		All rights reserved.
    May 8 19:56:02 	dhcpd 		Copyright 2004-2016 Internet Systems Consortium.
    May 8 19:56:02 	dhcpd 		Internet Systems Consortium DHCP Server 4.3.3-P1
    May 8 19:56:02 	dhcpd 		PID file: /var/run/dhcpd.pid
    May 8 19:56:02 	dhcpd 		Database file: /var/db/dhcpd.leases
    May 8 19:56:02 	dhcpd 		Config file: /etc/dhcpd.conf
    May 8 19:56:02 	dhcpd 		For info, please visit https://www.isc.org/software/dhcp/
    May 8 19:56:02 	dhcpd 		All rights reserved.
    May 8 19:56:02 	dhcpd 		Copyright 2004-2016 Internet Systems Consortium.
    May 8 19:56:02 	dhcpd 		Internet Systems Consortium DHCP Server 4.3.3-P1
    May 8 19:56:01 	dhcp6c 	51008 	advertise contains NoAddrsAvail status
    May 8 19:56:01 	dhcp6c 	51008 	server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1
    May 8 19:56:01 	dhcp6c 	51008 	status code: no addresses
    May 8 19:56:01 	dhcp6c 	51008 	get DHCP option status code, len 33
    May 8 19:56:01 	dhcp6c 	51008 	DUID: 00:03:00:01:5c:49:79:98:4e:23
    May 8 19:56:01 	dhcp6c 	51008 	get DHCP option server ID, len 10
    May 8 19:56:01 	dhcp6c 	51008 	DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40
    May 8 19:56:01 	dhcp6c 	51008 	get DHCP option client ID, len 14
    May 8 19:56:01 	dhcp6c 	51008 	receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2
    May 8 19:56:01 	dhcp6c 	51008 	reset a timer on re2, state=SOLICIT, timeo=1, retrans=2151
    May 8 19:56:01 	dhcp6c 	51008 	send solicit to ff02::1:2%re2
    May 8 19:56:01 	dhcp6c 	51008 	set IA_PD
    May 8 19:56:01 	dhcp6c 	51008 	set IA_PD prefix
    May 8 19:56:01 	dhcp6c 	51008 	set option request (len 4)
    May 8 19:56:01 	dhcp6c 	51008 	set elapsed time (len 2)
    May 8 19:56:01 	dhcp6c 	51008 	set identity association
    May 8 19:56:01 	dhcp6c 	51008 	set client ID (len 14)
    May 8 19:55:59 	dhcp6c 	51008 	advertise contains NoAddrsAvail status
    May 8 19:55:59 	dhcp6c 	51008 	server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1
    May 8 19:55:59 	dhcp6c 	51008 	status code: no addresses
    May 8 19:55:59 	dhcp6c 	51008 	get DHCP option status code, len 33
    May 8 19:55:59 	dhcp6c 	51008 	DUID: 00:03:00:01:5c:49:79:98:4e:23
    May 8 19:55:59 	dhcp6c 	51008 	get DHCP option server ID, len 10
    May 8 19:55:59 	dhcp6c 	51008 	DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40
    May 8 19:55:59 	dhcp6c 	51008 	get DHCP option client ID, len 14
    May 8 19:55:59 	dhcp6c 	51008 	receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2
    May 8 19:55:59 	dhcp6c 	51008 	reset a timer on re2, state=SOLICIT, timeo=0, retrans=1088
    May 8 19:55:59 	dhcp6c 	51008 	send solicit to ff02::1:2%re2 
    
    

    Thanks for all your help!



  • Im having now the same Problem.
    Im from Germany and i don’t get an IPv6 at the Lan Interface. The Wan gets an IPv6 and the router (of my ISP) tells me it is registered with the ipv4 (Home Network) and ipv6. All on the Wan.
    At lan interface i can access the webpage.
    I made the wan dhcp6 at the ipv6 configuration type,
    Checked only the 2 ticks send ip prefix hint and debug. For the prefix Delegation size I used 64 (cause the router gets an 64 Delegation size).

    At the lan Interface I made it track interface for the ipv6 configuration type. And choosed at the bottom Wan for the track ipv6 interface and entered 0 for the prefix id.

    At dhcpv6 server & ra I disabled the dhcpv6 server and tried all router modes at router advertisements.

    I hope someone could help me. It’s really important.


Log in to reply