dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
37

whfsdude
Premium Member
join:2003-04-05
Washington, DC

whfsdude to JoelC707

Premium Member

to JoelC707

Re: [IPv6] Seeing two different LAN side ranges

Looking at the screenshot, you've got addresses on your LAN outside of your routed /64. That could be the problem.

2601:0:ac40:9::/64 - Assigning via PD (according to your screenshot).

Yet you have a secondary address (2601:0:ac40:1a::/64) assigned on your PC outside of that /64.

Reboot the Windows machine and see if you still get that second incorrect address.

OT/Addressing DNS: To my knowledge RDNSS isn't supported via Windows and isn't configured on pfsense (so you can't push DNS via RA). You'll want to use "assisted" and setup DHCPv6 to push DNS in the future. I've had mixed success with DHCPv6 being started after a change so if you do DHCPv6 config changes, you'll want to reboot pfsense.
JoelC707
Premium Member
join:2002-07-09
Lanett, AL

JoelC707

Premium Member

That's the thing, I've gotten both the "9" and "1a" range on the LAN side so I wasn't sure which one it was supposed to be. Based on your pings below (and the fact pfSense picks ::1 from the "9" subnet, versus a random address from "1a" subnet), I think "9" is the one it should be.

I can't modify the DHCP6/RA server settings in pfSense since it isn't configured with a static address, so I assume any addresses my desktops are getting are being sent via an auto-configured RA mode in pfSense or via Comcast.

whfsdude
Premium Member
join:2003-04-05
Washington, DC

whfsdude

Premium Member

said by JoelC707:

That's the thing, I've gotten both the "9" and "1a" range on the LAN side so I wasn't sure which one it was supposed to be. Based on your pings below (and the fact pfSense picks ::1 from the "9" subnet, versus a random address from "1a" subnet), I think "9" is the one it should be.

Set the LAN interface to the "track" interface setting and reboot the router. That should take care of the "1a" subnet problem.
JoelC707
Premium Member
join:2002-07-09
Lanett, AL

JoelC707

Premium Member

Rebooted desktop, that cleared all old "1a" addresses out. Interestingly, according to Windows, I have Internet connectivity via IPv6 now (previously it showed "no internet access") so it must be able to resolve whatever test address it uses.

WAN: DHCP6, PD Size None
LAN: Track Interface, WAN, 0 - has a the "9" address again.

Outbound "any any" rule via IPv6 and I even put it at the top of the list above all IPv4 rules just for the hell of it. Still being told I don't have IPv6 and can't ping Google's IPv6 DNS from my desktop (pfSense on the other hand, still CAN ping Google's IPv6 DNS).

Grrr..... must be some bug in the traceroute function of pfSense. Every time I do a traceroute there it locks up the GUI. Option 11 on console doesn't solve it either (reset webconfigurator), have to reboot. I'll upload screenshots as soon as I'm back up (and who knows, it may fix it, though I've rebooted before with no fix).
JoelC707

JoelC707

Premium Member

Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
So option 11 worked this time. I'd rather not reboot pfSense if I can get away with it but if I have to I will.

Only showing 2601:0:ac:9:: addresses now. Still no IPv6 access to the internet from the desktop (other systems on my network are exhibiting the same behavior). I do have a Bellsouth DSL circuit and am using a MultiWAN for IPv4 as the outbound rules will show. I don't see why it would but would that cause any issues?
JoelC707

JoelC707

Premium Member

Changed WAN prefix delegation from none to 64 and noticed my browsing was sluggish. Back when I was using a HE tunnel I would notice that if my IPv6 connectivity went down for some reason (browsers tend to prefer IPv6 IIRC and it would take time to fail out IPv6 and go back to IPv4). I refreshed the Google test page and it says I have IPv6 connectivity. Ran a ping test and still no go.

Reset the WAN interface PD to None to try and recreate the old settings, now it doesn't matter if I set it to None or 64 but I still can't get IPv6 connectivity (though it appears my browsing speed has returned to normal).

Looks like it was partially working for less than a minute. I don't know if me changing the PD setting fixed it this time or not (and if it did, why didn't setting it back to 64 "re-fix" it?).

whfsdude
Premium Member
join:2003-04-05
Washington, DC

whfsdude to JoelC707

Premium Member

to JoelC707
said by JoelC707:

WAN: DHCP6, PD Size None
LAN: Track Interface, WAN, 0 - has a the "9" address again.

I am still going through the updates (stepped away for xmas dinner).

DHCP6 prefix size has to be set to /64. That would explain the oddness you were seeing when you tried to set the prefix id on the LAN interface.

Also one thing to keep in mind is that almost any v6 interface change in pfsense requires a reboot to work properly. I haven't poked around too much at the internals but I think it has to do with spawning the WIDE (yes they're using that) DHCP6 client/server.
JoelC707
Premium Member
join:2002-07-09
Lanett, AL

JoelC707

Premium Member

No worries on any delay. I know it's Christmas. For that matter, thank you for even taking time to help me today (and that also goes for everyone else who has replied). We do most of our Christmas stuff on Christmas Eve because others in the family usually go do things at their respective churches in Christmas Day so it's usually a full day for them.

I thought I read somewhere in one of the early replies to set the WAN PD size to None instead of 64. I've tried both and neither seems to be the "fix". Currently it is set for 64 PD. I'll see if I can get an opening to reboot pfSense, Netflix is being used right now LOL.

whfsdude
Premium Member
join:2003-04-05
Washington, DC

whfsdude

Premium Member

said by JoelC707:

I thought I read somewhere in one of the early replies to set the WAN PD size to None instead of 64. I've tried both and neither seems to be the "fix". Currently it is set for 64 PD. I'll see if I can get an opening to reboot pfSense, Netflix is being used right now LOL.

Just wait until the next Amazon outage (should be shortly)

Prefix Delegation Size is what your DHCP6 client requests for any routed prefixes. This is done WAN always.

When you do a "Track Interface", all you're specifying to pfsense is to say "I want to use a routed subnet." Prefix ID 0 is just "give me the 0th (first) subnet you have." Since it's a /64, you just have one subnet to play with.
JoelC707
Premium Member
join:2002-07-09
Lanett, AL

JoelC707

Premium Member

said by whfsdude:

Just wait until the next Amazon outage (should be shortly)

I assume you mean Netflix? Funny you mention that though, they had some funky outage last night. Our 4 year old fell asleep at 8-9 or so and woke up at about 11. Couldn't get her to go back to sleep till after 2 (and we didn't want to go to sleep until she did, just in case lol). Netflix on the TV kept failing to connect.

Tried their support page and found this Mortal Kombat style combo code (no kidding, check it for yourself: »support.netflix.com/en/n ··· sc.tab=0. Then click the first link for the Smart TV) to disconnect and reconnect the TV to Netflix. Got it disconnected but it still wouldn't communicate to reconnect. Then the "my account" page kept throwing up an error (Netflix error, not browsing error). Surprisingly I could watch stuff from my computer so we just watched it that way.

whfsdude
Premium Member
join:2003-04-05
Washington, DC

whfsdude

Premium Member

said by JoelC707:

I assume you mean Netflix? Funny you mention that though, they had some funky outage last night. Our 4 year old fell asleep at 8-9 or so and woke up at about 11. Couldn't get her to go back to sleep till after 2 (and we didn't want to go to sleep until she did, just in case lol). Netflix on the TV kept failing to connect.

Yeah - bit me as I was trying to watch Arrested Development last night. It was related to the Amazon AWS' elastic load balancer. Netflix uses Amazon for everything but the actual streaming part of their service. Browsing and selecting movies is done via AWS instances.

»gigaom.com/video/netflix ··· mas-eve/
JoelC707
Premium Member
join:2002-07-09
Lanett, AL

JoelC707

Premium Member

Interesting info. I never knew Netflix used Amazon's services for their infrastructure. Makes sense the actual streaming would still come from Netflix since Amazon has a competing product but there's nothing stopping Netflix or another provider from leveraging Amazon's massive server infrastructure.