US Cable Support > Comcast HSI > [IPv6] Seeing two different LAN side ranges

reply to JoelC707

Re: [IPv6] Seeing two different LAN side ranges

reply to JoelC707
Looking at the screenshot, you've got addresses on your LAN outside of your routed /64. That could be the problem.

2601:0:ac40:9::/64 - Assigning via PD (according to your screenshot).

Yet you have a secondary address (2601:0:ac40:1a::/64) assigned on your PC outside of that /64.

Reboot the Windows machine and see if you still get that second incorrect address.

OT/Addressing DNS: To my knowledge RDNSS isn't supported via Windows and isn't configured on pfsense (so you can't push DNS via RA). You'll want to use "assisted" and setup DHCPv6 to push DNS in the future. I've had mixed success with DHCPv6 being started after a change so if you do DHCPv6 config changes, you'll want to reboot pfsense.

reply to JoelC707

$: ping6 -c 2 2601:0:ac40:9:152d:82e8:ab72:980c
PING6(56=40+8+8 bytes) 2001:559:0:84::2 --> 2601:0:ac40:9:152d:82e8:ab72:980c
16 bytes from 2601:0:ac40:9:152d:82e8:ab72:980c, icmp_seq=0 hlim=55 time=37.416 ms
16 bytes from 2601:0:ac40:9:152d:82e8:ab72:980c, icmp_seq=1 hlim=55 time=54.012 ms
 
--- 2601:0:ac40:9:152d:82e8:ab72:980c ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 37.416/45.714/54.012/8.298 ms
 

$: ping6 -c 2 2601:0:ac40:1a:152d:82e8:ab72:980c
PING6(56=40+8+8 bytes) 2001:559:0:84::2 --> 2601:0:ac40:1a:152d:82e8:ab72:980c
 
--- 2601:0:ac40:1a:152d:82e8:ab72:980c ping6 statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
 

reply to JoelC707
LAN should not be DHCP6. It should be track interface (wan). Prefix id 0.

reply to whfsdude
That's the thing, I've gotten both the "9" and "1a" range on the LAN side so I wasn't sure which one it was supposed to be. Based on your pings below (and the fact pfSense picks ::1 from the "9" subnet, versus a random address from "1a" subnet), I think "9" is the one it should be.

I can't modify the DHCP6/RA server settings in pfSense since it isn't configured with a static address, so I assume any addresses my desktops are getting are being sent via an auto-configured RA mode in pfSense or via Comcast.

Rebooted desktop, that cleared all old "1a" addresses out. Interestingly, according to Windows, I have Internet connectivity via IPv6 now (previously it showed "no internet access") so it must be able to resolve whatever test address it uses.

WAN: DHCP6, PD Size None
LAN: Track Interface, WAN, 0 - has a the "9" address again.

Outbound "any any" rule via IPv6 and I even put it at the top of the list above all IPv4 rules just for the hell of it. Still being told I don't have IPv6 and can't ping Google's IPv6 DNS from my desktop (pfSense on the other hand, still CAN ping Google's IPv6 DNS).

Grrr..... must be some bug in the traceroute function of pfSense. Every time I do a traceroute there it locks up the GUI. Option 11 on console doesn't solve it either (reset webconfigurator), have to reboot. I'll upload screenshots as soon as I'm back up (and who knows, it may fix it, though I've rebooted before with no fix).

Changed WAN prefix delegation from none to 64 and noticed my browsing was sluggish. Back when I was using a HE tunnel I would notice that if my IPv6 connectivity went down for some reason (browsers tend to prefer IPv6 IIRC and it would take time to fail out IPv6 and go back to IPv4). I refreshed the Google test page and it says I have IPv6 connectivity. Ran a ping test and still no go.

Reset the WAN interface PD to None to try and recreate the old settings, now it doesn't matter if I set it to None or 64 but I still can't get IPv6 connectivity (though it appears my browsing speed has returned to normal).

Looks like it was partially working for less than a minute. I don't know if me changing the PD setting fixed it this time or not (and if it did, why didn't setting it back to 64 "re-fix" it?).

reply to JoelC707

reply to JoelC707
Can still ping your desktop.

ping6 -c 2 2601:0:ac40:9:152d:82e8:ab72:980c
PING6(56=40+8+8 bytes) 2001:559:0:84::2 --> 2601:0:ac40:9:152d:82e8:ab72:980c
16 bytes from 2601:0:ac40:9:152d:82e8:ab72:980c, icmp_seq=0 hlim=55 time=40.162 ms
 

ping6 2001:558:6011:58:85e6:fc5d:6999:ebc9
PING6(56=40+8+8 bytes) 2001:559:0:84::2 --> 2001:558:6011:58:85e6:fc5d:6999:ebc9
^C
--- 2001:558:6011:58:85e6:fc5d:6999:ebc9 ping6 statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
 

reply to whfsdude
No worries on any delay. I know it's Christmas. For that matter, thank you for even taking time to help me today (and that also goes for everyone else who has replied). We do most of our Christmas stuff on Christmas Eve because others in the family usually go do things at their respective churches in Christmas Day so it's usually a full day for them.

I thought I read somewhere in one of the early replies to set the WAN PD size to None instead of 64. I've tried both and neither seems to be the "fix". Currently it is set for 64 PD. I'll see if I can get an opening to reboot pfSense, Netflix is being used right now LOL.

reply to JoelC707
Some thoughts of what might be useful in troubleshooting this.

Show routes via the GUI (System > Routing)

Via the CLI:
#look at ND table.
ndp -an

#Do a tcpdump and see if you have outbound traffic leaving the WAN int.

tcpdump -i bge1 -n -v ip6

reply to whfsdude

reply to JoelC707

reply to JoelC707

reply to JoelC707
Success!

16 bytes from 2001:558:6011:58:85e6:fc5d:6999:ebc9, icmp_seq=447 hlim=57 time=21.879 ms

reply to whfsdude

reply to whfsdude

reply to JoelC707