IPv6 on WAN but not on LAN
-
Hi,
my pfSense 2.3 runs on a APU1C with IPv6 enabled. My Provider here in Germany is Telekom. In front of the WAN Interface is a FritzBox Router (IPv4 + IPv6 enabled)
I have already an external IPv6 Adress on my WAN Interface - but no IPv6 on my LAN Interface (Track Interface -> WAN)LAN_Bridge0 is a bridge between my WiFi Card and my LAN_Port.
My current Settings:-
IPv6 is enabled (System -> Advaned -> Networking -> Allow IPv6 is ON)
-
WAN Port IPv6 Config Type: DHCP6
-
DHCPv6 Prefix Delegation Size: 60 (my Provider is given me /56 on WAN)
-
Send IPv6 prefix hint is checked
-
LAN_Bridge0 IPv6 Config Type: Track Interface -> WAN
-
Floating Rules created for IPv6 ICMP and Port 546,547,1900,535
-
Block private networks on WAN is disabled
-
No DHCPv6 Server or Router Advertisments is running
-
No DHCPv6 relay is running
My Network:
WAN / Internet : : Telekom : .-----+-----. external Telekom IPv6 Adresse: | FritzBox | 2003:XXXX:ae20:XXXX::/56 '-----+-----' | FB | 192.168.217.1 WAN | 192.168.217.2 / 2003:xxx:ae20:XXXX:20d:XXXX:fe33:XXXX | .-----+-----. | pfSense + '-----+-----' | LAN | 172.16.17.254 / No more IPv6 | .-----+------. | LAN-Switch | '-----+------' | ...-----+------... (Clients/Servers) 172.16.17.0 /24
Interface Status
WAN_PORT Interface (wan, re2) Status up MAC Address 00:0d:b9:33:9c:42 IPv4 Address 192.168.217.2 Subnet mask IPv4 255.255.255.0 Gateway IPv4 192.168.217.1 IPv6 Link Local fe80::20d:b9ff:fe33:9c42%re2 IPv6 Address 2003:85:ae1d:XXX:20d:XXXX:fe33:XXXX Subnet mask IPv6 64 Gateway IPv6 fe80::5e49:79ff:fe98:4e23 ISP DNS servers 192.168.217.1 MTU 1500 Media 100baseTX <full-duplex>In/out packets 480763/427787 In/out packets (pass) 480763/427787 In/out packets (block) 391/4 In/out errors 0/0 Collisions 0 LAN_BRIDGE0 Interface (lan, bridge0) Status up MAC Address 02:f4:68:8c:0c:00 IPv4 Address 172.16.17.254 Subnet mask IPv4 255.255.255.0 IPv6 Link Local fe80::1:1%bridge0 MTU 1500 In/out packets 520206/491235 In/out packets (pass) 520206/491235 In/out packets (block) 100/0 In/out errors 0/4 Collisions 0 LAN_PORT Interface (opt1, re1) Status up MAC Address 00:0d:b9:33:9c:41 IPv6 Link Local fe80::20d:b9ff:fe33:9c41%re1 MTU 1500 Media 1000baseT <full-duplex>In/out packets 4669/0 In/out packets (pass) 4669/0 In/out packets (block) 128/0 In/out errors 0/0 Collisions 0 Bridge (bridge0) learning WLAN_BRIDGE0 Interface (opt2, ath0) Status up MAC Address 04:f0:21:0a:71:1f IPv6 Link Local fe80::6f0:21ff:fe0a:711f%ath0_wlan0 MTU 1500 Media autoselect mode 11ng <hostap>Channel 5 SSID SKULL-Net In/out packets 0/2277 In/out packets (pass) 0/2277 In/out packets (block) 0/0 In/out errors 0/8 Collisions 0 Bridge (bridge0) learning WLAN_GUEST Interface (opt3, ath0_wlan1) Status up MAC Address 06:f0:21:0a:71:1f IPv4 Address 172.16.19.254 Subnet mask IPv4 255.255.255.0 IPv6 Link Local fe80::1:1%ath0_wlan1 MTU 1500 Media autoselect mode 11ng <hostap>Channel 5 SSID SKULL-Guest In/out packets 0/503 In/out packets (pass) 0/503 In/out packets (block) 0/0 In/out errors 0/1 Collisions 0 PIA_VPN Interface (opt4, ovpnc1) Status up MAC Address 00:00:00:00:00:00 IPv4 Address 10.199.1.6 Subnet mask IPv4 255.255.255.255 Gateway IPv4 10.199.1.5 IPv6 Link Local fe80::20d:b9ff:fe33:9c40%ovpnc1 MTU 1500 In/out packets 6342/6354 In/out packets (pass) 6342/6354 In/out packets (block) 82/0 In/out errors 0/0 Collisions 0 WLAN_VPN Interface (opt5, ath0_wlan2) Status up MAC Address 0e:f0:21:0a:71:1f IPv4 Address 172.16.20.254 Subnet mask IPv4 255.255.255.0 IPv6 Link Local fe80::cf0:21ff:fe0a:711f%ath0_wlan2 MTU 1500 Media autoselect mode 11ng <hostap>Channel 5 SSID SKULL-VPN In/out packets 0/0 In/out packets (pass) 0/0 In/out packets (block) 0/0 In/out errors 0/3 Collisions 0 VLAN10_DMZ Interface (opt6, re1_vlan10) Status up MAC Address 00:0d:b9:33:9c:41 IPv4 Address 172.16.50.254 Subnet mask IPv4 255.255.255.0 IPv6 Link Local fe80::20d:b9ff:fe33:9c41%re1_vlan10 MTU 1500 Media 1000baseT <full-duplex>In/out packets 8/4 In/out packets (pass) 8/4 In/out packets (block) 0/0 In/out errors 0/0 Collisions 0 VLAN20_VPN Interface (opt7, re1_vlan20) Status up MAC Address 00:0d:b9:33:9c:41 IPv4 Address 172.16.21.254 Subnet mask IPv4 255.255.255.0 IPv6 Link Local fe80::20d:b9ff:fe33:9c41%re1_vlan20 MTU 1500 Media 1000baseT <full-duplex>In/out packets 10/2 In/out packets (pass) 10/2 In/out packets (block) 0/0 In/out errors 0/0 Collisions 0</full-duplex></full-duplex></hostap></hostap></hostap></full-duplex></full-duplex>
On pfSense 2.2 the IPv6 was just fine on WAN+LAN. Since i updated to version 2.3 the IPv6 Adress on the LAN side is gone.
I want to use IPv6 also on the LAN as before. Is there a way to debug the problem ?
Anyone a hint ?Big Thanks!
Kind regards,
BeNe
-
-
The handful of similar circumstances that have come up after upgrading to 2.3 ended up being unrelated to the upgrade, they lost DHCP6 or PD after renewal. Some buggy firmware's been going around for cable modems on some US ISPs that causes IPv6 breakage. But yours is a much different scenario, that wouldn't be the case for you.
You sure your modem is really still handing out PD?
What dhcp6c logs you have in the DHCP log?
-
@cmb:
Some buggy firmware's been going around for cable modems on some US ISPs that causes IPv6 breakage. But yours is a much different scenario, that wouldn't be the case for you.
Just wanted to point out that only one modem (the Arris SB6183) had an issue with IPv6 that I'm aware of, and the issue was actually resolved late last year. Some US cable ISPs are late to the game in testing/rolling it out because of their less than complete IPv6 systems, but one of them did have it tested and released to customers late last year or very early this year because of the fact that their network is 100% IPv6 capable, including their provisioning systems.
Add in the new "vulnerability" (not really) regarding the reboot/reset buttons in the Arris modem web interface and now those ISP's are having to start their firmware testing process all over to get a new firmware update processed that resolves both issues.
-
I've got the same problem, IPv6 was tracking before the 2.3 update and now it doesn't. I haven't been able to get anything but the WAN to take a address. I've tried restarting the interface and various other things. Not sure what's wrong, but I suspect there is a bug here.
-
I played around with the IPv6 options on the pfSense WAN Interface.
After i enabled "Request only an IPv6 prefix" i got an IPv6 address on the LAN. :)
So the main problem is fixed for me with this option.This was a failed DHCPv6 Log:
May 8 19:56:16 dhcp6c 51008 advertise contains NoAddrsAvail status May 8 19:56:16 dhcp6c 51008 server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1 May 8 19:56:16 dhcp6c 51008 status code: no addresses May 8 19:56:16 dhcp6c 51008 get DHCP option status code, len 33 May 8 19:56:16 dhcp6c 51008 DUID: 00:03:00:01:5c:49:79:98:4e:23 May 8 19:56:16 dhcp6c 51008 get DHCP option server ID, len 10 May 8 19:56:16 dhcp6c 51008 DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40 May 8 19:56:16 dhcp6c 51008 get DHCP option client ID, len 14 May 8 19:56:16 dhcp6c 51008 receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2 May 8 19:56:16 dhcp6c 51008 reset a timer on re2, state=SOLICIT, timeo=4, retrans=17217 May 8 19:56:16 dhcp6c 51008 send solicit to ff02::1:2%re2 May 8 19:56:16 dhcp6c 51008 set IA_PD May 8 19:56:16 dhcp6c 51008 set IA_PD prefix May 8 19:56:16 dhcp6c 51008 set option request (len 4) May 8 19:56:16 dhcp6c 51008 set elapsed time (len 2) May 8 19:56:16 dhcp6c 51008 set identity association May 8 19:56:16 dhcp6c 51008 set client ID (len 14) May 8 19:56:07 dhcp6c 51008 advertise contains NoAddrsAvail status May 8 19:56:07 dhcp6c 51008 server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1 May 8 19:56:07 dhcp6c 51008 status code: no addresses May 8 19:56:07 dhcp6c 51008 get DHCP option status code, len 33 May 8 19:56:07 dhcp6c 51008 DUID: 00:03:00:01:5c:49:79:98:4e:23 May 8 19:56:07 dhcp6c 51008 get DHCP option server ID, len 10 May 8 19:56:07 dhcp6c 51008 DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40 May 8 19:56:07 dhcp6c 51008 get DHCP option client ID, len 14 May 8 19:56:07 dhcp6c 51008 receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2 May 8 19:56:07 dhcp6c 51008 reset a timer on re2, state=SOLICIT, timeo=3, retrans=8905 May 8 19:56:07 dhcp6c 51008 send solicit to ff02::1:2%re2 May 8 19:56:07 dhcp6c 51008 set IA_PD May 8 19:56:07 dhcp6c 51008 set IA_PD prefix May 8 19:56:07 dhcp6c 51008 set option request (len 4) May 8 19:56:07 dhcp6c 51008 set elapsed time (len 2) May 8 19:56:07 dhcp6c 51008 set identity association May 8 19:56:07 dhcp6c 51008 set client ID (len 14) May 8 19:56:03 dhcp6c 51008 advertise contains NoAddrsAvail status May 8 19:56:03 dhcp6c 51008 server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1 May 8 19:56:03 dhcp6c 51008 status code: no addresses May 8 19:56:03 dhcp6c 51008 get DHCP option status code, len 33 May 8 19:56:03 dhcp6c 51008 DUID: 00:03:00:01:5c:49:79:98:4e:23 May 8 19:56:03 dhcp6c 51008 get DHCP option server ID, len 10 May 8 19:56:03 dhcp6c 51008 DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40 May 8 19:56:03 dhcp6c 51008 get DHCP option client ID, len 14 May 8 19:56:03 dhcp6c 51008 receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2 May 8 19:56:03 dhcp6c 51008 reset a timer on re2, state=SOLICIT, timeo=2, retrans=4283 May 8 19:56:03 dhcp6c 51008 send solicit to ff02::1:2%re2 May 8 19:56:03 dhcp6c 51008 set IA_PD May 8 19:56:03 dhcp6c 51008 set IA_PD prefix May 8 19:56:03 dhcp6c 51008 set option request (len 4) May 8 19:56:03 dhcp6c 51008 set elapsed time (len 2) May 8 19:56:03 dhcp6c 51008 set identity association May 8 19:56:03 dhcp6c 51008 set client ID (len 14) May 8 19:56:02 dhcpd Server starting service. May 8 19:56:02 dhcpd Sending on Socket/fallback/fallback-net May 8 19:56:02 dhcpd Sending on BPF/bridge0/02:f4:68:8c:0c:00/172.16.17.0/24 May 8 19:56:02 dhcpd Listening on BPF/bridge0/02:f4:68:8c:0c:00/172.16.17.0/24 May 8 19:56:02 dhcpd Sending on BPF/ath0_wlan1/06:f0:21:0a:71:1f/172.16.19.0/24 May 8 19:56:02 dhcpd Listening on BPF/ath0_wlan1/06:f0:21:0a:71:1f/172.16.19.0/24 May 8 19:56:02 dhcpd Sending on BPF/ath0_wlan2/0e:f0:21:0a:71:1f/172.16.20.0/24 May 8 19:56:02 dhcpd Listening on BPF/ath0_wlan2/0e:f0:21:0a:71:1f/172.16.20.0/24 May 8 19:56:02 dhcpd Sending on BPF/re1_vlan10/00:0d:b9:33:9c:41/172.16.50.0/24 May 8 19:56:02 dhcpd Listening on BPF/re1_vlan10/00:0d:b9:33:9c:41/172.16.50.0/24 May 8 19:56:02 dhcpd Sending on BPF/re1_vlan20/00:0d:b9:33:9c:41/172.16.21.0/24 May 8 19:56:02 dhcpd Listening on BPF/re1_vlan20/00:0d:b9:33:9c:41/172.16.21.0/24 May 8 19:56:02 dhcpd Wrote 173 leases to leases file. May 8 19:56:02 dhcpd Wrote 0 new dynamic host decls to leases file. May 8 19:56:02 dhcpd Wrote 0 deleted host decls to leases file. May 8 19:56:02 dhcpd For info, please visit https://www.isc.org/software/dhcp/ May 8 19:56:02 dhcpd All rights reserved. May 8 19:56:02 dhcpd Copyright 2004-2016 Internet Systems Consortium. May 8 19:56:02 dhcpd Internet Systems Consortium DHCP Server 4.3.3-P1 May 8 19:56:02 dhcpd PID file: /var/run/dhcpd.pid May 8 19:56:02 dhcpd Database file: /var/db/dhcpd.leases May 8 19:56:02 dhcpd Config file: /etc/dhcpd.conf May 8 19:56:02 dhcpd For info, please visit https://www.isc.org/software/dhcp/ May 8 19:56:02 dhcpd All rights reserved. May 8 19:56:02 dhcpd Copyright 2004-2016 Internet Systems Consortium. May 8 19:56:02 dhcpd Internet Systems Consortium DHCP Server 4.3.3-P1 May 8 19:56:01 dhcp6c 51008 advertise contains NoAddrsAvail status May 8 19:56:01 dhcp6c 51008 server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1 May 8 19:56:01 dhcp6c 51008 status code: no addresses May 8 19:56:01 dhcp6c 51008 get DHCP option status code, len 33 May 8 19:56:01 dhcp6c 51008 DUID: 00:03:00:01:5c:49:79:98:4e:23 May 8 19:56:01 dhcp6c 51008 get DHCP option server ID, len 10 May 8 19:56:01 dhcp6c 51008 DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40 May 8 19:56:01 dhcp6c 51008 get DHCP option client ID, len 14 May 8 19:56:01 dhcp6c 51008 receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2 May 8 19:56:01 dhcp6c 51008 reset a timer on re2, state=SOLICIT, timeo=1, retrans=2151 May 8 19:56:01 dhcp6c 51008 send solicit to ff02::1:2%re2 May 8 19:56:01 dhcp6c 51008 set IA_PD May 8 19:56:01 dhcp6c 51008 set IA_PD prefix May 8 19:56:01 dhcp6c 51008 set option request (len 4) May 8 19:56:01 dhcp6c 51008 set elapsed time (len 2) May 8 19:56:01 dhcp6c 51008 set identity association May 8 19:56:01 dhcp6c 51008 set client ID (len 14) May 8 19:55:59 dhcp6c 51008 advertise contains NoAddrsAvail status May 8 19:55:59 dhcp6c 51008 server ID: 00:03:00:01:5c:49:79:98:4e:23, pref=-1 May 8 19:55:59 dhcp6c 51008 status code: no addresses May 8 19:55:59 dhcp6c 51008 get DHCP option status code, len 33 May 8 19:55:59 dhcp6c 51008 DUID: 00:03:00:01:5c:49:79:98:4e:23 May 8 19:55:59 dhcp6c 51008 get DHCP option server ID, len 10 May 8 19:55:59 dhcp6c 51008 DUID: 00:01:00:01:1d:a5:97:c4:00:0d:b9:33:9c:40 May 8 19:55:59 dhcp6c 51008 get DHCP option client ID, len 14 May 8 19:55:59 dhcp6c 51008 receive advertise from fe80::5e49:79ff:fe98:4e23%re2 on re2 May 8 19:55:59 dhcp6c 51008 reset a timer on re2, state=SOLICIT, timeo=0, retrans=1088 May 8 19:55:59 dhcp6c 51008 send solicit to ff02::1:2%re2
Thanks for all your help!
-
Im having now the same Problem.
Im from Germany and i don’t get an IPv6 at the Lan Interface. The Wan gets an IPv6 and the router (of my ISP) tells me it is registered with the ipv4 (Home Network) and ipv6. All on the Wan.
At lan interface i can access the webpage.
I made the wan dhcp6 at the ipv6 configuration type,
Checked only the 2 ticks send ip prefix hint and debug. For the prefix Delegation size I used 64 (cause the router gets an 64 Delegation size).At the lan Interface I made it track interface for the ipv6 configuration type. And choosed at the bottom Wan for the track ipv6 interface and entered 0 for the prefix id.
At dhcpv6 server & ra I disabled the dhcpv6 server and tried all router modes at router advertisements.
I hope someone could help me. It’s really important.