| reply to plencnerb
Re: [IPv6] Issues with IPv6 and pfsense [SOLVED] This is an update to the post I made ~20 minutes ago. That post is still in limbo, so I hope that both posts either are approved at the same time, or in the proper sequence so that this post makes sense.
The problem with my WNR1000v2-VC just occurred, so I will post some screen shots of what I see so that you can look at the similar status pages in pFsense to see if your problem is similar.
IPv6 status from several days ago
.png/thumb.jpg "Click for full size")
IPv6 status showing dual WAN IP addresses
IPv6 status after reboot
|
|
 plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | That is interesting.
I'm not seeing the dual WAN IPv6 IP's like you posted in your screen shot, but I did notice that the last part is different with my IPv6 IP.
I have no idea what you call each section, but the first 4 items are the same, but the last 4 are different.
Yet, my router, and cable modem have not been rebooted since I noted what my IPv6 IP address was.
Below is what I'm talking about.
My IPv6 IP, on 12/12/2012 around 12:30 PM
2001:558:6033:ad:7d1b:4b65:f6a7:4462
PFSense is now showing this
2001:558:6033:ad:149f:8627:2f1:9d33
The part after the :ad: is what has changed.
Is that what you are talking about?
It only takes a few minutes to reboot my router, so I may go ahead and do that this morning and report back.
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
| said by plencnerb:That is interesting.
I'm not seeing the dual WAN IPv6 IP's like you posted in your screen shot, but I did notice that the last part is different with my IPv6 IP.
I have no idea what you call each section, but the first 4 items are the same, but the last 4 are different.
Yet, my router, and cable modem have not been rebooted since I noted what my IPv6 IP address was.
Below is what I'm talking about.
My IPv6 IP, on 12/12/2012 around 12:30 PM
2001:558:6033:ad:7d1b:4b65:f6a7:4462
PFSense is now showing this
2001:558:6033:ad:149f:8627:2f1:9d33
The part after the :ad: is what has changed.
Is that what you are talking about?
It only takes a few minutes to reboot my router, so I may go ahead and do that this morning and report back.
--Brian
Yes, that is what I was talking about. I don't always see the dual WAN IPv6 assignments showing in the GUI status page either (but I suspect it is there but just not showing). Sometimes it also manifests itself as two LAN IPv6 addresses with the PD portion changed, but the DUID (the last part of the IPv6 address) not changed.
In either case I think what has happened is that the DHCP6 has assigned a new IP address, but the old IPv6 address is also still assigned. I think that this is happening in my Netgear router because it is getting a /64 WAN assignment when it should be getting a /128, but there is no configuration setting that I can make to change that. I noticed that in one of your pfsense screen shots that you also were getting a /64 WAN assignment, so if you can change that in the pfsense config, you may be able to prevent this from happening again. |
|
|
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | 
#1 | 
#2 | | |
said by IPv6_NOT :I think that this is happening in my Netgear router because it is getting a /64 WAN assignment when it should be getting a /128, but there is no configuration setting that I can make to change that. I noticed that in one of your pfsense screen shots that you also were getting a /64 WAN assignment, so if you can change that in the pfsense config, you may be able to prevent this from happening again.
Are you talking about the section that I posted above in pic #1? That section is on the WAN interface configuration.
If so, the values that I can select there are shown in pic #2. Does not look like I have the option to set that to be /128, unless I'm looking in the wrong spot.
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
| said by plencnerb:Are you talking about the section that I posted above in pic #1? That section is on the WAN interface configuration.
If so, the values that I can select there are shown in pic #2. Does not look like I have the option to set that to be /128, unless I'm looking in the wrong spot.
--Brian
I am not very familiar with pfsense, but everything I have seen in this and other forums discussing how Comcast assigns IPv6 addresses has implied that a standalone PC or a router WAN interface should receive a /128 IPv6 address beginning with 2001:558:xxxx:yy.
I don't have access to the hidden OpenWRT configuration in my Comcast supplied Netgear router and the only workable WAN options I have available are "Auto Detect" and "DHCP", and both give me a /64 IP address assignment. I know someone with a D-Link router, and that router does not explicitly have a selection choice for the WAN IP address allocation size either, but his router does get a /128 from Comcast, and his router's WAN IPv6 address is stable.
If you can't manually select a /128 preference for the WAN allocation size in pfsense, perhaps selecting "None" might work? |
|
 graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | reply to plencnerb
Any relation with what is going on here to this thread?
»[IPv6] Seeing two different LAN side ranges |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | I've seen that thread, but I do need to take the time to sit down and read it fully to see if I'm having the same issues.
The one thing I did see so far in that thread appears to be a disagreement on the WAN DHCPv6 Prefix Delegation size. whfsdude  indicates that it should be set as /64 to work correctly. Which, for me that is what I had, and it did work.
However, you ( graysonf ) have a different view, in that the setting should be set to "None", which would imply that it will pull a /128 from Comcast. You have it set that way (I'm guessing) and it also appears to work. I have to step out for a few hours, but when I get home, I'll play with that and see if it makes a difference.
In the meantime, if I look at my dashboard, something has gone south, as the status of the gateway "WAN_DHCP6" is now showing "Unknown". I know when everything was working, it did show "Online", with a proper IPv6 IP in the gateway box.
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | I suggested "None" because /128 is not a choice. I don't run pfsense here, I run m0n0wall instead. And I get a /128 on WAN and there is nothing to specify other than DHCP on WAN - there is no list of subnet mask choices.
I may flash a copy of pfsense to a spare CF and try it here to see what happens.
I do recall another thread along these lines and the way it turned out NetDog (I think) got involved and solved it. The cause was some type of misconfiguration by Comcast for that particular customer. |
|
| said by graysonf:I suggested "None" because /128 is not a choice. I don't run pfsense here, I run m0n0wall instead. And I get a /128 on WAN and there is nothing to specify other than DHCP on WAN - there is no list of subnet mask choices.
I may flash a copy of pfsense to a spare CF and try it here to see what happens.
I do recall another thread along these lines and the way it turned out NetDog (I think) got involved and solved it. The cause was some type of misconfiguration by Comcast for that particular customer.
In NetDog's sticky thread: »[IPv6] Troubleshooting Comcast IPv6 (Start Here) he seems to agree that a router's WAN should get a /128 allocation:
Since NetDog does IPv6 support for Comcast, one would hope that his opinion is based on facts. |
|
 whfsdudePremium
join:2003-04-05
Washington, DC
 ·T-Mobile US
1 edit | said by IPv6_NOT :http://www.dslreports.com/forum/r27782156-IPv6-Troubleshooting-Comcast-IPv6-Start-Here- he seems to agree that a router's WAN should get a /128 allocation
He's talking about allocation, not subnet. If you had a /128 subnet, you wouldn't be able to reach the gateway (it's just a single addressed network).
pfsense very clearly asks for the subnet which is why you give it a "/64."
If you do not believe that it's in a /64, pcap the RA.
fwiw, I ran pfsense on Comcast's network using '64' on-link and '64' for the PD prefix up until I had my new service installed (which is static).
Edit: Clearly failed to read "allocation"  IPv6_NOT is correct and we're pretty much saying the same thing. |
|
| said by whfsdude:said by IPv6_NOT :http://www.dslreports.com/forum/r27782156-IPv6-Troubleshooting-Comcast-IPv6-Start-Here- he seems to agree that a router's WAN should get a /128 allocation
He's talking about allocation, not subnet. If you had a /128 subnet, you wouldn't be able to reach the gateway (it's just a single addressed network). pfsense very clearly asks for the subnet which is why you give it a "/64." If you do not believe that it's in a /64, pcap the RA. fwiw, I ran pfsense on Comcast's network using '64' on-link and '64' for the PD prefix up until I had my new service installed (which is static). You may want to find your reading glasses and look at my posts in this thread again. I don't think you will find that I have used the phrase "/128 subnet" in any of those posts. In fact the portion of my last post that you quoted clearly says "/128 allocation"
I don't know if the current beta release(s) of pfsense has a configuration option to specify a requested allocation size for the WAN interface, but if it receives a /64 allocation, I think that the problem the OP is seeing will continue (just as it continues to happen on my Netgear router which also receives a /64 allocation on its WAN interface). We are talking about the router's WAN interface, not its LAn interface which indeed should have a /64 allocation and subnet. |
|
whfsdudePremium
join:2003-04-05
Washington, DC Reviews:
·T-Mobile US
| said by IPv6_NOT :I don't know if the current beta release(s) of pfsense has a configuration option to specify a requested allocation size for the WAN interface, but if it receives a /64 allocation, I think that the problem the OP is seeing will continue (just as it continues to happen on my Netgear router which also receives a /64 allocation on its WAN interface). We are talking about the router's WAN interface, not its LAn interface which indeed should have a /64 allocation and subnet.
When set to DHCP6, pfsenses assumes asking for a /128 allocation. The question in the LAN thread (»[IPv6] Seeing two different LAN side ranges) was addressed that it is showing /64 for the WAN subnet, which is correct.
The PD size was asked again in this thread, but yes that should be set to /64 as well. In pfsense you specify the PD size on the WAN page. LAN interfaces are then set as track interfaces. |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | All,
Thanks for the clarification. As I'm still learning about IPv6, I got confused when I saw the note about /128. Seeing in pfsense I could only configure the size to be /64, I thought they were the same thing.
So, is it safe to assume that my configuration, as it was setup back in December, is still valid?
If it is, then how do we go about getting it to work again? I could reboot the modem, and my pfsense box, and that will probably fix things. However, how long will that fix last? Is there something else that is not configured correctly on my end that caused this? Or, is it something on Comcast's end that has broke, and someone who works for Comcast needs to fix something.
I'm willing to post any configuration, screen shot, or test anything I need to try to figure out what has stopped working. Just let me know what someone needs me to do, I'll do it.
Thanks in advance for any help that can be offered.
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | reply to plencnerb
I flashed the latest pfsense snapshot (pfSense-2.1-BETA1-512mb-i386-nanobsd-20130103-0639) to CF and tried it.
I left it entirely in the default configuration which aligns with the configuration others have tried here. It would not assign an IPv6 address to my Windows 7 machine which is set for DHCPv6.
The only way I could get IPv6 working was to statically assign an IPv6 address, gateway, and DNS server to my Windows 7 machine.
I'm back on m0n0wall which works fine with Comcast IPv6 DHCP-PD. The only odd thing is that its system log is flooded with RAs on the WAN interface. |
|
whfsdudePremium
join:2003-04-05
Washington, DC Reviews:
·T-Mobile US
| I left it entirely in the default configuration which aligns with the configuration others have tried here. It would not assign an IPv6 address to my Windows 7 machine which is set for DHCPv6.
|
|
graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | That's the way it came up here. |
|
whfsdudePremium
join:2003-04-05
Washington, DC Reviews:
·T-Mobile US
| said by graysonf:That's the way it came up here.
Oh awesome! Clearly there are some major code changes underway. Last time I tossed on a blank config was August. |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2 | Ok, so any thoughts on my issue? Should I reboot and see what happens?
Or, should I download and install the latest build, and see what that does?
Or, is there a setting that I need to modify?
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | See: »forum.pfsense.org/index.php/topi···sg306484 |
|
plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2
1 edit | Thanks!
Looks like I need to get a updated beta build of the 2.1 client.
I'll work on doing that this afternoon.
Once everything has been done, I'll test again and report back.
Edit: The post over there says to get one with a date of Jan 6th or later. Today is only the 5th! So, I have to wait a day I guess. No big deal. Now I have a project for tomorrow.
--Brian
--
============================
--Brian Plencner
E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail |
|
.png "Click for full size")
