US Cable Support > Comcast HSI > [IPv6] Seeing two different LAN side ranges

reply to whfsdude

Re: [IPv6] Seeing two different LAN side ranges

reply to JoelC707
Ping me if you need any help on this thread.. working on some other router vendor issues right now taking up a lot of my time.

Thanks! I've been burning a bunch of DVDs for a friend that's supposed to come over later today so that's been taking up all my time today. I'm going to try upgrading the firewall soon (probably this evening). If that doesn't solve it, I've got existing plans to take my network down for some local server maintenance over the weekend and will lump a rebuild of the firewall from scratch into that

OK, pfSense is now at the Dec 26 12:02:01 EST release. I have yet another IPv6 subnet again. The console still shows the old "19" address I had last (though I'm sure if I do something to make it refresh it will update). The dashboard and SSH show 2601:0:ac00:5c::1 for LAN side. My PC on the other hand, even after a reboot and release/renew is hanging on to the old "19" addresses for dear life.

So how do I get it to actually let go of the old addresses and pick up the new ones? Is it supposed to change this often?

What OS is your PC?

Windows 7 x64. I see now there's release6 and renew6 but those (like regular release/renew) only appear to work for DHCP and not RA assigned addresses. I also just tried disabling/enabling the adapter with no luck.

reply to JoelC707
I'm on a mobile device at the moment so I will keep this short.

Your PD prefix should remain constant unless the DUID changes or you move to a different CMTS (unlikely). The DUID is based off the MAC address of the primary interface unless manually specified. So it's likely pfsense's internals did something and the DUID changed.

Keep in mind the DUID is usually a per OS thing (not per nic).

OT-protip: Windows admins, change DUID if you image as you don't want multiple DUIDs that are the same on the network.

reply to JoelC707
7x64 here too, among others.

I would reset the Windows 7 IPv6 configuration to see if that helps.

From a command prompt with admin privileges:

netsh interface ipv6 reset

Then run ipconfig /all and post the results.

Windows has what are called Temporary IPv6 addresses which change with every reboot or restart of the network. I find them annoying because they are the source address of your connection. I prefer a more static IPv6 address. See here if you want to disable that:

»blackundertone.wordpress.com/201···dresses/

reply to JoelC707

reply to whfsdude
No idea how I would change the DUID (though I can certainly look it up), and even so I can't see why it would change. I am spoofing the WAN MAC to maintain my original IPv4 address after I changed hardware for the firewall a while ago. Maybe somehow the real MAC is coming though but even still, there's only one real and one spoofed MAC so I should theoretically only see two different PD prefixes? This makes the fourth PD prefix I've seen in just two days.

reply to graysonf

reply to whfsdude
I've run the ipv6 reset commands and also disabled the temp address generation and it wants a reboot. Be right back...

reply to JoelC707

reply to JoelC707
»forum.pfsense.org/index.php?topic=54210.0

reply to whfsdude
Still have a "19" address on my desktop.

Given the Bellsouth circuit is PPPoE, doesn't pfSense "transform" or something that interface or something? After all it's "name" is "pppoe0" now, not xl0 like the actual adapter is. Maybe it's basing it off that instead?

I've run Wireshark before but it's been a while. I believe pfSense has support for mirroring an interface for packet capture and so should my switches. If you want me to capture anything let me know what you want captured, from where (what ports mirrored, if any) and what you want me to "do" while it is capturing.

reply to JoelC707
You only have 'DHCP6' set on the 'Comcast/WAN' int, correct?

You should be getting only one /64 on the LAN.

reply to JoelC707
Probably not that helpful at all on my part but the screenshot you provided of the interfaces looks good.

I really think the next course of action is grab some pcaps via the web interface when you're trying to browse/access v6. Packet captures from both the WAN and LAN ints would be super helpful.

Ideally you can put them on »www.cloudshark.org/ if you don't mind a few prying eyes.

reply to JoelC707
I see the problem (oh how pcaps make things easier)! See the RA, notice it has the different prefix "19" on the 48th nibble. It's coming from the LAN int so clearly there is a config not showing in the pfsense GUI that needs to be blown away.

»willscorner.net/t/ra.png