dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4880
share rss forum feed


whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast
reply to JoelC707

Re: [IPv6] Seeing two different LAN side ranges

I would suggest a good way to get rid of this config.

1. Disable v6 on the LAN int, apply.
2. Reboot pfsense.
3. Re-enable v6 on LAN int (the track int, prefix id 0).
4. Reboot once more.

If that doesn't do it, not sure what will.


JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5

Will do in a few, thanks!


JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5
reply to whfsdude

WTF? OK, did as you instructed and upon reboot the second time I'm watching the console screen behind me and I see the following address on LAN 2601:0:ac40:1d::1. I immediately refresh the web gui page and get to the console (mere seconds after successful boot), and I see a different address. The address displayed on the webgui is "1e", not "1d".

My desktop still has the old "19" address but now also has a "1d" address too. I've run a reset on it and will reboot in a minute and provide new screenshots and such of what I'm seeing now.


JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5

 
Click for full size
Click for full size
New screenshots. Desktop now has a "1d" address but that does me no good if the LAN of pfSense has changed to "1e". I even took a pic of the local console just to show I'm not crazy in seeing a "1d" address on LAN lol.

JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5

And packet captures.

LAN: »www.cloudshark.org/captures/5f18cc742aa5
WAN: »www.cloudshark.org/captures/b2bf764663a7

I tried the same ping6 to google.com while the capture was running on each interface. I also set the packet limit to 0 instead of 100.


whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast
reply to JoelC707

Well that is no good :-/ We did manage to get somewhere tonight. We know pfsense is advertising the wrong prefix but don't know why.

Next thing is to look at the raw config files and see what pfsense is really doing. I will dig up those locations for you tomorrow (need to catch some sleep).

If anyone else wants to jump in - dhcp6 config locations and rtavd or radvd config location on pfsense would be awesome.



whfsdude
Premium
join:2003-04-05
Washington, DC
reply to JoelC707

You might want to pm NetDog as well to get a second opinion. He'll love the pcaps.


JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5
reply to whfsdude

I suspect it might have something to do with the changing prefix. It's advertising the first prefix and whatever does that advertising doesn't realize it's changing. This of course wouldn't be an issue if it didn't change lol. Yeah, I'm heading to bed too. Thanks for your help.


Extide

join:2000-06-11
84129
reply to whfsdude

I think most of the configs in pfsense are in /var/etc


JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5

1 edit
reply to whfsdude

Click for full size
dhclient6-script 1
Click for full size
dhclient6-script 2
Click for full size
dhclient6-script 3
Click for full size
dhclient6-script 4
Click for full size
radvd-conf
Click for full size
pfSense ifconfig
OK I found radvd.conf in /var/etc/ and WAN side dhcp6 config files. The dhcp/dhcp6 files basically just define what interface it's on and call a script in /sbin/. I took screen shots of the radvd.conf file and the script file.

Scanning through the script file, I was looking for where it defines things like "old_IPv6" and "new_ipv6" and it references files in /var/db/ so I went and took a look. There are two files of note: bge1_ipv6 and bge1_pd_ipv6. The first file has the 2001: address in it, the second file has the 2601: "1e" address in it.

Edit: adding a SS of ifconfig from SSH. It's showing both the "1d" and "1e" prefixes on bge0 (LAN).

JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5

Click for full size
Adding DHCP6 WAN side leases per request (at least what I think is the requested file). I found this file in the same /var/etc/ that the radvd.conf file is in.

I appear to have also found the DUID in this file too. default-duid "\000\001\000\001\030n\223\263\000\024\"\020\366\233";

JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5
reply to JoelC707

Alright update time. I've spent nearly the entire day renumbering my LAN and getting all of my local servers to cooperate again. I noticed something interesting though during this process. I discovered I only had the "1e" address on several systems, not both "1e" and "1d". Sure enough, a few systems could obtain 10/10 on test-ipv6.com. It's been flaky though, like right now I'm done with everything but my desktop won't pass the test yet I can ping whfsdude See Profile's server just fine.

For clarification, I have done nothing regarding this issue since grabbing the config file screenshots on the 27th. All the renumbering today was IPv4 and was local only. And even then it wasn't technically renumbering because I didn't change the subnet, just reordered everything into a logical order and logged it all in Excel instead of having stuff on random addresses.

I have not talked with NetDog See Profile since then either so I do not know if they uncovered something or maybe the old PD finally expired and I'll be back at square one next time I reboot the firewall. Either way, it looks like I'm making some progress somehow lol. And for now, I am going to head to bed.



whfsdude
Premium
join:2003-04-05
Washington, DC
reply to JoelC707

I will be around for most of tomorrow. If you're free we can hammer through this.



NetDog
Premium,VIP
join:2002-03-04
Parker, CO
kudos:77
Reviews:
·Comcast
reply to NetDog

Quick update, asked JoelC707 See Profile via email for the device and firmware version. I need to recreate this in the LAB we are seeing odd things in the sniffer traces.



whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast

said by NetDog:

Quick update, asked JoelC707 See Profile via email for the device and firmware version. I need to recreate this in the LAB we are seeing odd things in the sniffer traces.

I worked with JoelC707 See Profile last week. I was able to get it working but not post reboot.

1. Turn off v6 on track int (lan int).
2. Turn off dhcp6 on wan.
3. rm the v6 lease file, touch a new one.
4. Enable dhcp6 on wan.
5. Enable PD on track int.

The dhcp6 lease file will now be correct and ra is announced correctly. However, this does not hold across reboot. I am guessing a new DUID is getting created every reboot which is odd. I haven't had time to investigate further.


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:1

See this on the pfsense forum: »forum.pfsense.org/index.php/topi···sg306484


JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5
reply to JoelC707

Alright update time. Finally able to update to a newer release (I'm on Jan 12 00:36:42 release) and see what I get. I'm seeing a /128 on the WAN side now (not that I think that really mattered). I'm seeing a different PD subnet on LAN and somewhat annoyingly it didn't assign itself the ::1 address, it assigned one based on the MAC address.

whfsdude See Profile if you want to login to SSH/web and poke around, everything is still up and running as before.

One of my VM workstations is seeing the new and old subnet but has the old pfsense address for DNS. I haven't rebooted it yet or anything but it's looking better. Gonna reboot that VM system again and see what happens. If I can get it to go online with an IPv6 address I'll reboot pfsense and see what happens there.


JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5

1 recommendation

Rebooted VM workstation and I see only the new subnet: 2601:0:ac00:3e:: and can get 10/10 on testipv6.com. Reboot pfsense and I maintained the same PD subnet, the LAN address has gone to ::1 (not that big of a deal, it's just easier to remember) and I still am able to surf and get 10/10 using IPv6 on the VM workstation. So far so good. I dare say it might be solved

Anyone want screenshots of anything?