US Cable Support > Comcast HSI > [IPv6] Seeing two different LAN side ranges

reply to JoelC707

Re: [IPv6] Seeing two different LAN side ranges

Will do in a few, thanks!

reply to whfsdude
WTF? OK, did as you instructed and upon reboot the second time I'm watching the console screen behind me and I see the following address on LAN 2601:0:ac40:1d::1. I immediately refresh the web gui page and get to the console (mere seconds after successful boot), and I see a different address. The address displayed on the webgui is "1e", not "1d".

My desktop still has the old "19" address but now also has a "1d" address too. I've run a reset on it and will reboot in a minute and provide new screenshots and such of what I'm seeing now.

reply to JoelC707
Well that is no good :-/ We did manage to get somewhere tonight. We know pfsense is advertising the wrong prefix but don't know why.

Next thing is to look at the raw config files and see what pfsense is really doing. I will dig up those locations for you tomorrow (need to catch some sleep).

If anyone else wants to jump in - dhcp6 config locations and rtavd or radvd config location on pfsense would be awesome.

reply to JoelC707
You might want to pm NetDog as well to get a second opinion. He'll love the pcaps.

reply to whfsdude
I suspect it might have something to do with the changing prefix. It's advertising the first prefix and whatever does that advertising doesn't realize it's changing. This of course wouldn't be an issue if it didn't change lol. Yeah, I'm heading to bed too. Thanks for your help.

reply to whfsdude
I think most of the configs in pfsense are in /var/etc

reply to whfsdude

dhclient6-script 1

dhclient6-script 2

dhclient6-script 3

dhclient6-script 4

radvd-conf

pfSense ifconfig

reply to JoelC707
Alright update time. I've spent nearly the entire day renumbering my LAN and getting all of my local servers to cooperate again. I noticed something interesting though during this process. I discovered I only had the "1e" address on several systems, not both "1e" and "1d". Sure enough, a few systems could obtain 10/10 on test-ipv6.com. It's been flaky though, like right now I'm done with everything but my desktop won't pass the test yet I can ping whfsdude 's server just fine.

For clarification, I have done nothing regarding this issue since grabbing the config file screenshots on the 27th. All the renumbering today was IPv4 and was local only. And even then it wasn't technically renumbering because I didn't change the subnet, just reordered everything into a logical order and logged it all in Excel instead of having stuff on random addresses.

I have not talked with NetDog since then either so I do not know if they uncovered something or maybe the old PD finally expired and I'll be back at square one next time I reboot the firewall. Either way, it looks like I'm making some progress somehow lol. And for now, I am going to head to bed.

reply to JoelC707
I will be around for most of tomorrow. If you're free we can hammer through this.

reply to NetDog
Quick update, asked JoelC707 via email for the device and firmware version. I need to recreate this in the LAB we are seeing odd things in the sniffer traces.

See this on the pfsense forum: »forum.pfsense.org/index.php/topi···sg306484

reply to JoelC707
Alright update time. Finally able to update to a newer release (I'm on Jan 12 00:36:42 release) and see what I get. I'm seeing a /128 on the WAN side now (not that I think that really mattered). I'm seeing a different PD subnet on LAN and somewhat annoyingly it didn't assign itself the ::1 address, it assigned one based on the MAC address.

whfsdude if you want to login to SSH/web and poke around, everything is still up and running as before.

One of my VM workstations is seeing the new and old subnet but has the old pfsense address for DNS. I haven't rebooted it yet or anything but it's looking better. Gonna reboot that VM system again and see what happens. If I can get it to go online with an IPv6 address I'll reboot pfsense and see what happens there.

Rebooted VM workstation and I see only the new subnet: 2601:0:ac00:3e:: and can get 10/10 on testipv6.com. Reboot pfsense and I maintained the same PD subnet, the LAN address has gone to ::1 (not that big of a deal, it's just easier to remember) and I still am able to surf and get 10/10 using IPv6 on the VM workstation. So far so good. I dare say it might be solved

Anyone want screenshots of anything?