dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
19180
share rss forum feed

voiptalk

join:2010-04-10
Gainesville, VA

[IPv6] pfSense - Anybody else having issues?

I have been using pfSense for the past couple of weeks and have seen multiple issues with IPv6. These problems are in my thread on the pfSense forums: »forum.pfsense.org/index.php/topi···6.0.html

While some of these have been resolved, the latest problem is that when the IPv6 DHCP lease expires after 4 days, pfSense does not renew and all the IPv6 addressing goes away.

So, the ask is:

1) If you are also seeing issues, please add your observations to the thread on the pfSense forum. Even a "me too" would be helpful.

2) If you are not having any issues with IPv6 on Comcast, please post here what version you are using.

I am currently on:

2.1-BETA1 (amd64)
built on Thu Mar 21 17:04:35 EDT 2013

Thanks!



NetDog
Premium,VIP
join:2002-03-04
Parker, CO
kudos:77

1 recommendation

I am going to get a router and test this out.. I have heard of other having issues with pfSense as well with the renew.



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
reply to voiptalk

I'll have to register over at the PFSense forum, but I did want to make a note that I'm having the same issue.

Things work well for a few days, and then they stop working. I'm on a day newer version then you are, and I'm seeing the problem.

However, I will say things are getting better for PFSense. I had a version from January, and when this would happen, the Interface screen would loose the IPv6 IP info on both the LAN and WAN side. What I mean is, the 128 and 64 delegation would go away, and it would not show the IPv6 IP information.

Now with the newer beta build, I don't loose that, but I do loose my IPv6 IP. Sites like the Comcast's Speedtest site for IPv6 no longer load, and the test sites for IPv6 indicate that I don't have an IPv6 IP.

Reboot my pfsense box, and all is well again for a few days. I never made a note to see how long it did last, but 4 days does sound about right.

If there is anything that I can do to help troubleshoot this issue, just let me know and I'll be happy to do so.

Thanks,

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
reply to voiptalk


Picture #1

Picture #2
 
I wanted to elaborate on what I posted the other day, with a few pictures. Looking at them, I don't know if this is a pfsense issue, or a comcast issue.

Picture #1 shows the WAN interface (rl0) status. As you can see, I am getting the proper IPv6 IP information from Comcast.

However, if you look at Picture #2, it just lists the "IPv6 Link Local" in regards to anything with IPv6.

This then translates to the following when I issue the command "ipconfig/all"

ipconfig /all
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : BRIAN-DESKTOP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : localdomain
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : localdomain
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F4-6D-04-F0-32-43
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4520:5e06:efce:b317%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, March 29, 2013 8:39:08 AM
   Lease Expires . . . . . . . . . . : Friday, March 29, 2013 10:39:08 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 267676932
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-C3-D2-F8-F4-6D-04-F0-32-43
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 12:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3c42:1660:3f57:fe98(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3c42:1660:3f57:fe98%14(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Reusable ISATAP Interface {52E17EE8-7DB7-4ED2-9FF3-BFD5BD6D86AD}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : localdomain
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
 

Since I don't have a "real" IPv6 IP on my desktop (even after a reboot of my desktop, but not PFSense), I tend to believe this is a PFSense issue. The IPv6 Test site returns 0/10 and Comcast's speed test site fail to load at this point. I know why, as I don't appear to have a valid IPv6 IP on my desktop.

I know if I reboot PFSense, then everything will be fine again.

So, not sure if this is the same problem; Meaning this is what happens when the IPv6 DHCP lease expires after 4 days, pfSense does not renew and all the IPv6 addressing goes away, or if this is something different.

Finally, I do want to add that my uptime on the PFSense box is about 5 and 1/2 days.

--Brian

--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

1 recommendation

You probably want to disable Toredo on your Windows LAN machine(s).

On Win 7, these are the commands I run one time from a command box with admin rights:

netsh interface ipv6 reset
netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent

The above results in a persistent IPv6 address based on the MAC address of the adapter.

As an aside, m0n0wall 1.8.1b, the basis for pfsense, works fine with Comcast IPv6 with the exception of some system log flooding with RAs.



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3

When I run the first command, I get an error. Is that normal?

Microsoft Windows [Version 6.2.9200]
(c) 2012 Microsoft Corporation. All rights reserved.
 
C:\Windows\system32>netsh interface ipv6 reset
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
C:\Windows\system32>
 

--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

What version of Windows is that? Doesn't look like Win 7 to me.

Are you running in an admin enabled command box?



SHoTTa35

@kfvaluation.com

6.2.9200 = Windows 8.



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
reply to graysonf

Version of Windows is Windows 8 Pro with Media Center, x64.

I did run the command box as the local administrator (right-clicked on the icon in the all apps screen, and selected "Run As Administrator".

They probably don't work the same as they do in Windows 7. Not to mention, I think I may have an other issue going on with my Windows 8 install (was actually thinking of re-installing, or even going back to Windows 7). So, it may not be a Comcast problem, or even a PFSense problem. I'll have to do more testing to verify.

However, the OP's issue still stands with me. Every 4 to 5 days I would loose my IPv6 IP, and have to reboot PFSense to get things working again.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3

1 recommendation

reply to voiptalk

I did some testing this morning, and from what I have been able to determine, my version of PFSense is having issues with IPv6. If I remove PFSense, and plug my desktop directly into my cable modem, I get a 2001:: IPv6 IP from Comcast, and everything works the way its suppose to. If I go back to PFSense, I don't get an IPv6 IP on my desktop at all, and IPv6 only sites (like the comcast IPv6 speed test site) don't load.

So, I'll look up upgrade PFSense to the most recent beta, and see if that solves the issue for me.

However, I believe the OP's issue still stands, as far as after 4 or 5 days (lease time of the IPv6 IP from Comcast), that it is not able to renew itself without any issues.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail



acosgrove

join:2013-03-30
Woodstock, GA

Hello...

I got Comcast to assign my /128 to the WAN and /64 to the LAN but had to convert LAN to static so I could turn on DHCPv6. My other machines now receive an IP but nothing seems to route. Additionally no one can ping either my outside interface or my inside /64 interface. However I am able to ping google and other sites.

When I tested a traceroute from »mebsd.com/ipv6-ping-and-traceroute it seems to be routing loop so not sure what to do next.

Any input welcome.

*** Welcome to pfSense 2.1-BETA1-nanobsd (amd64) on pfSense ***

WAN (wan) -> vr0_vlan10 -> v4/DHCP4: 50.155.47.132/21
v6/DHCP6: 2001:558:6011:78:616b:b3af:1348:d0c3/128

LAN (lan) -> vr0_vlan20 -> v4: 192.168.1.1/24
v6/DHCP6: 2601:0:bc00:c7:20f:eaff:fe37:782d/64

$ ping6 -c 10 -s 56 2001:558:6011:78:616b:b3af:1348:d0c3
PING6(104=40+8+56 bytes) 2001:4d48:1337:5afe::2 --> 2001:558:6011:78:616b:b3af:1348:d0c3

--- 2001:558:6011:78:616b:b3af:1348:d0c3 ping6 statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss
$
$ traceroute6 -a -q 3 -w 3 -m 30 2001:558:6011:78:616b:b3af:1348:d0c3
1 [AS8468] 2001:4d48:1337:5afe::1 0.400 ms 0.374 ms 0.211 ms
2 * * *
3 * * *
4 * * *
5 [AS6453] 2001:5a0:c00:100::3e 4.448 ms 4.449 ms 4.425 ms
6 [AS6453] ix-0-1-0.512.mcore3.LDN-London.ipv6.as6453.net 14.414 ms 80.665 ms 13.322 ms
7 [AS6453] if-0-0-0.core4.LDN-London.ipv6.as6453.net 4.890 ms 4.897 ms 4.891 ms
8 [AS6453] if-ae6.1506.tcore2.L78-London.ipv6.as6453.net 4.891 ms 4.902 ms 4.891 ms
9 [AS6453] if-ae11.2.tcore1.NTO-NewYork.ipv6.as6453.net 74.622 ms 75.100 ms 74.903 ms
10 [AS6453] 2001:5a0:a00:200::56 82.422 ms
[AS6453] 2001:5a0:a00:200::12 79.947 ms
[AS6453] 2001:5a0:a00:200::e 76.352 ms
11 [AS7922] pos-1-12-0-0-cr01.newyork.ny.ibone.comcast.net 75.409 ms 88.041 ms 83.672 ms
12 [AS7922] he-0-2-0-0-cr01.350ecermak.il.ibone.comcast.net 105.075 ms 107.866 ms 107.853 ms
13 [AS7922] so-7-1-0-0-ar01.d1stonemtn.ga.atlanta.comcast.net 120.173 ms 123.299 ms 129.386 ms
14 [AS7922] xe-11-3-0-0-sur01.y3canton.ga.atlanta.comcast.net 117.372 ms 127.057 ms 134.526 ms
15 [AS7922] 2001:558:142:ff::2 130.003 ms 147.025 ms
15 [AS7922] 2001:558:142:ff::2 130.003 ms 147.025 ms 129.610 ms
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * *
$

$ traceroute6 -a -q 3 -w 3 -m 30 2601:0:bc00:c7:20f:eaff:fe37:782d
1 [AS8468] 2001:4d48:1337:5afe::1 0.370 ms 0.381 ms 0.212 ms
2 * * *
3 * * *
4 * *
5 [AS6453] 2001:5a0:c00:100::3e 4.469 ms 4.430 ms 4.422 ms
6 [AS6453] ix-0-1-0.512.mcore3.LDN-London.ipv6.as6453.net 71.503 ms 124.049 ms 238.309 ms
7 [AS6453] if-xe-1-2-2.0.tcore1.L78-London.ipv6.as6453.net 4.581 ms 4.656 ms 4.755 ms
8 [AS6453] if-ae2.2.tcore2.L78-London.ipv6.as6453.net 4.754 ms 9.139 ms 4.609 ms
9 [AS6453] if-ae11.2.tcore1.NTO-NewYork.ipv6.as6453.net 74.781 ms 74.640 ms
10 [AS6453] 2001:5a0:a00:200::36 75.416 ms
[AS6453] 2001:5a0:a00:200::56 77.231 ms 76.039 ms
11 [AS7922] pos-1-8-0-0-cr01.newyork.ny.ibone.comcast.net 76.018 ms 78.687 ms 78.685 ms
12 [AS7922] he-0-1-0-0-cr01.350ecermak.il.ibone.comcast.net 96.913 ms 98.361 ms 96.083 ms
13 [AS7922] so-7-0-0-0-ar01.d1stonemtn.ga.atlanta.comcast.net 115.196 ms 115.201 ms 116.118 ms
14 [AS7922] xe-11-3-0-0-sur01.y3canton.ga.atlanta.comcast.net 117.327 ms 153.101 ms 117.223 ms
15 [AS7922] 2001:558:142:ff::2 132.855 ms 132.031 ms 130.002 ms
16 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 110.657 ms 109.127 ms 109.234 ms
17 [AS7922] 2001:558:142:ff::2 134.843 ms 131.974 ms 123.762 ms
18 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 109.407 ms
19 [AS7922] 2001:558:142:ff::2 129.284 ms 131.372 ms 129.220 ms
20 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 109.102 ms 109.469 ms 126.109 ms
21 [AS7922] 2001:558:142:ff::2 134.795 ms 133.494 ms 120.490 ms
22 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 109.256 ms 110.285 ms 110.985 ms
23 [AS7922] 2001:558:142:ff::2 131.721 ms 129.932 ms 129.378 ms
24 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 109.411 ms 110.004 ms 119.560 ms
25 [AS7922] 2001:558:142:ff::2 129.222 ms 135.209 ms
26 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 109.737 ms 109.547 ms 132.980 ms
27 [AS7922] 2001:558:142:ff::2 130.786 ms 132.171 ms 129.845 ms
28 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 110.757 ms 110.834 ms 110.818 ms
29 [AS7922] 2001:558:142:ff::2 138.587 ms 120.725 ms 133.901 ms
30 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 109.564 ms
$



acosgrove

join:2013-03-30
Woodstock, GA
reply to voiptalk

Sorry if this is spamming, my previous post didn't seem to make it.

I was able to get /64 assigned to my inside LAN interface but had to switch to static in pfsense so it would hand out IPs to my network, However I seem to be having a routing problem. Traceroutes seem to show a routing loop. Would this be a result of pfsense not sending RAs correctly?

*** Welcome to pfSense 2.1-BETA1-nanobsd (amd64) on pfSense ***

WAN (wan) -> vr0_vlan10 -> v4/DHCP4: 50.155.47.132/21
v6/DHCP6: 2001:558:6011:78:616b:b3af:1348:d0c3/128
LAN (lan) -> vr0_vlan20 -> v4: 192.168.1.1/24
v6/DHCP6: 2601:0:bc00:c7:20f:eaff:fe37:782d/64

$ ping6 -c 10 -s 56 2001:558:6011:78:616b:b3af:1348:d0c3
PING6(104=40+8+56 bytes) 2001:4d48:1337:5afe::2 --> 2001:558:6011:78:616b:b3af:1348:d0c3

--- 2001:558:6011:78:616b:b3af:1348:d0c3 ping6 statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss
$
$ traceroute6 -a -q 3 -w 3 -m 30 2001:558:6011:78:616b:b3af:1348:d0c3
1 [AS8468] 2001:4d48:1337:5afe::1 0.400 ms 0.374 ms 0.211 ms
2 * * *
3 * * *
4 * * *
5 [AS6453] 2001:5a0:c00:100::3e 4.448 ms 4.449 ms 4.425 ms
6 [AS6453] ix-0-1-0.512.mcore3.LDN-London.ipv6.as6453.net 14.414 ms 80.665 ms 13.322 ms
7 [AS6453] if-0-0-0.core4.LDN-London.ipv6.as6453.net 4.890 ms 4.897 ms 4.891 ms
8 [AS6453] if-ae6.1506.tcore2.L78-London.ipv6.as6453.net 4.891 ms 4.902 ms 4.891 ms
9 [AS6453] if-ae11.2.tcore1.NTO-NewYork.ipv6.as6453.net 74.622 ms 75.100 ms 74.903 ms
10 [AS6453] 2001:5a0:a00:200::56 82.422 ms
[AS6453] 2001:5a0:a00:200::12 79.947 ms
[AS6453] 2001:5a0:a00:200::e 76.352 ms
11 [AS7922] pos-1-12-0-0-cr01.newyork.ny.ibone.comcast.net 75.409 ms 88.041 ms 83.672 ms
12 [AS7922] he-0-2-0-0-cr01.350ecermak.il.ibone.comcast.net 105.075 ms 107.866 ms 107.853 ms
13 [AS7922] so-7-1-0-0-ar01.d1stonemtn.ga.atlanta.comcast.net 120.173 ms 123.299 ms 129.386 ms
14 [AS7922] xe-11-3-0-0-sur01.y3canton.ga.atlanta.comcast.net 117.372 ms 127.057 ms 134.526 ms
15 [AS7922] 2001:558:142:ff::2 130.003 ms 147.025 ms
15 [AS7922] 2001:558:142:ff::2 130.003 ms 147.025 ms 129.610 ms
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * *
$

Assigned - 2601:0:bc00:c7:20f:eaff:fe37:782d/64

$ traceroute6 -a -q 3 -w 3 -m 30 2601:0:bc00:c7:20f:eaff:fe37:782d
1 [AS8468] 2001:4d48:1337:5afe::1 0.370 ms 0.381 ms 0.212 ms
2 * * *
3 * * *
4 * *
5 [AS6453] 2001:5a0:c00:100::3e 4.469 ms 4.430 ms 4.422 ms
6 [AS6453] ix-0-1-0.512.mcore3.LDN-London.ipv6.as6453.net 71.503 ms 124.049 ms 238.309 ms
7 [AS6453] if-xe-1-2-2.0.tcore1.L78-London.ipv6.as6453.net 4.581 ms 4.656 ms 4.755 ms
8 [AS6453] if-ae2.2.tcore2.L78-London.ipv6.as6453.net 4.754 ms 9.139 ms 4.609 ms
9 [AS6453] if-ae11.2.tcore1.NTO-NewYork.ipv6.as6453.net 74.781 ms 74.640 ms
10 [AS6453] 2001:5a0:a00:200::36 75.416 ms
[AS6453] 2001:5a0:a00:200::56 77.231 ms 76.039 ms
11 [AS7922] pos-1-8-0-0-cr01.newyork.ny.ibone.comcast.net 76.018 ms 78.687 ms 78.685 ms
12 [AS7922] he-0-1-0-0-cr01.350ecermak.il.ibone.comcast.net 96.913 ms 98.361 ms 96.083 ms
13 [AS7922] so-7-0-0-0-ar01.d1stonemtn.ga.atlanta.comcast.net 115.196 ms 115.201 ms 116.118 ms
14 [AS7922] xe-11-3-0-0-sur01.y3canton.ga.atlanta.comcast.net 117.327 ms 153.101 ms 117.223 ms
15 [AS7922] 2001:558:142:ff::2 132.855 ms 132.031 ms 130.002 ms
16 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 110.657 ms 109.127 ms 109.234 ms
17 [AS7922] 2001:558:142:ff::2 134.843 ms 131.974 ms 123.762 ms
18 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 109.407 ms
19 [AS7922] 2001:558:142:ff::2 129.284 ms 131.372 ms 129.220 ms
20 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 109.102 ms 109.469 ms 126.109 ms
21 [AS7922] 2001:558:142:ff::2 134.795 ms 133.494 ms 120.490 ms
22 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 109.256 ms 110.285 ms 110.985 ms
23 [AS7922] 2001:558:142:ff::2 131.721 ms 129.932 ms 129.378 ms
24 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 109.411 ms 110.004 ms 119.560 ms
25 [AS7922] 2001:558:142:ff::2 129.222 ms 135.209 ms
26 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 109.737 ms 109.547 ms 132.980 ms
27 [AS7922] 2001:558:142:ff::2 130.786 ms 132.171 ms 129.845 ms
28 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 110.757 ms 110.834 ms 110.818 ms
29 [AS7922] 2001:558:142:ff::2 138.587 ms 120.725 ms 133.901 ms
30 [AS7922] xe-0-3-0-32767-sur01.y3canton.ga.atlanta.comcast.net 109.564 ms
$

Thanks and happy Easter


voiptalk

join:2010-04-10
Gainesville, VA

1 edit

said by acosgrove:

I was able to get /64 assigned to my inside LAN interface but had to switch to static in pfsense so it would hand out IPs to my network, However I seem to be having a routing problem. Traceroutes seem to show a routing loop. Would this be a result of pfsense not sending RAs correctly?

In a DHCP-PD configuration, pfSense does not hand out IPv6 addresses for the LAN machines via the DHCPv6 server. There is no pool created from the assigned prefix.

RA advertises the assigned prefix and the hosts auto-config.

If you have taken that prefix and made it a static in the DHCPv6 server, I would strongly advise against that. The PD usually changes after you apply an update, or sometimes after just a reboot. If you are static, you will be dead in the water (for IPv6) once the CMTS withdraws that route.


acosgrove

join:2013-03-30
Woodstock, GA

said by voiptalk:

In a DHCP-PD configuration, pfSense does not hand out IPv6 addresses for the LAN machines via the DHCPv6 server. There is no pool created from the assigned prefix.

RA advertises the assigned prefix and the hosts auto-config.

If you have taken that prefix and made it a static in the DHCPv6 server, I would strongly advise against that. The PD usually changes after you apply an update, or sometimes after just a reboot. If you are static, you will be dead in the water (for IPv6) once the CMTS withdraws that route.

Ok so I reverted back to DHCP-PD but the hosts on the LAN are not autoconfiguring. If I statically assign the IPs then the traceroute web page tool is able to ping and tr but going to test-ipv6.com still fails and ping6 google.com doesn't return.

Not sure where I'm failing to understand the setup

Has someone wrote a detailed guide on this yet? My google searched are not turning up much.

Thanks.


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3

said by acosgrove:

Has someone wrote a detailed guide on this yet? My google searched are not turning up much.

Thanks.

It may not be a detailed guide, but its the steps I went though to get PFSense working (at one point), on whatever beta version I have listed in this thread.

»[IPv6] Issues with IPv6 and pfsense [SOLVED]

So, feel free to read that and see if you can get things going.

I *think* there is an issue with the build that I'm currently running (2.1-BETA1 (i386) built on Fri Mar 22 22:56:56 EDT 2013, FreeBSD 8.3-RELEASE-p6) where I'm not able to get an IPv6 IP on my desktop on the LAN side of things, even thought it should be working.

Knowing its beta, and things change daily, you have to be willing to accept the risks with that.

Hope that helps,

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail

voiptalk

join:2010-04-10
Gainesville, VA

Once again at exactly 4 days, pfSense lost all it's IPv6 addressing.

I was running a packet capture on the WAN during the renewal period.

What I see is two different responses coming from Comcast (two different server ID's). One is replying with the expected addressing response, the other has different addressing (for both the PD and WAN).

At this time, pfSense logs:

dhcp6c[29310]: client6_timo: all information to be updated was canceled

So, I think it doesn't like the two different responses and just throws everything away.

I'll work with NetDog (check you PM) and see what he thinks.



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3

voiptalk See Profile,

Are you still running the same version of PFSense Beta that you mentioned at the start of this thread? Since I'm also running PFSense (a day newer version), I figured it would help as far as testing goes if multiple people were on the same version. I could downgrade to the version you're running, or maybe we both upgrade to a newer beta build, and go from there to help troubleshoot this issue.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


voiptalk

join:2010-04-10
Gainesville, VA

I'm currently on:

2.1-BETA1 (amd64)
built on Thu Mar 28 00:48:35 EDT 2013

I did a total reinstall with that build.

There haven't been any IPv6 changes checked in since then.

I've been seeing various IPv6 problems since I started using pfSense in February. Ermal (pfsense dev) made a lot of changes in mid-March, but still problematic.



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3

I went ahead and downloaded the ISO Installer CD for the x86 version from that same day. I should be able to do a total reinstall on that version tonight, and then I'll let you know how it goes.

--Brian


darkcrucible

join:2007-06-07
kudos:1
reply to voiptalk

I posted in the same pfsense forums thread since I've been having these issues too. For me the snapshots were working well early-mid February. These latest snapshots are making me feel like the status of native IPv6 support has become pre-alpha.

After all of this trouble I think I'm going to switch to my backup router (TomatoUSB based) until pfsense 2.1 has a release candidate or something.



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

FWIW, m0n0wall, the basis for pfsense works fine with Comcast IPv6 with the exception of some log flooding.


voiptalk

join:2010-04-10
Gainesville, VA
reply to voiptalk

I took a closer look at the packet capture at the time the lease expired. Comcast appears to be replying properly, but pfSense is not binding.

I have filed bug: »redmine.pfsense.org/issues/2919



acosgrove

join:2013-03-30
Woodstock, GA
reply to voiptalk

said by voiptalk:

I'm currently on:

2.1-BETA1 (amd64)
built on Thu Mar 28 00:48:35 EDT 2013

I think I found my issue... the radvd process is not running. I can make the config file by hand (which says is auto-generated but is not) and start the daemon. I get my prefix handed to my network but the default route seems to be wrong/missing.

I've downloaded the 2g nanobsd image dated Mar 30

2.1-BETA1 (amd64)
built on Sat Mar 30 03:13:18 EDT 2013
FreeBSD 8.3-RELEASE-p6

Going to try a regular hdd install

voiptalk

join:2010-04-10
Gainesville, VA

Ya, that radvd bug was introduced about 2 weeks ago. I always have to start it manually.

I have never seen radvd.conf come up empty, but others have reported it.

pfSense 2.1 Beta is supposed to be close to RC status, but IPv6 is still very much a problem.



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3

I will agree that PFSense 2.1 beta builds back in December and January were stable (as far as a beta release go) in regards to IPv6.

Then, sometime in Feb / March, things took a bit of a dive so to speak, and now we have these issues.

So, now I'm trying to figure out what beta version I should go with...the one that voiptalk See Profile is running, which is from 3/28, or the one that acosgrove See Profile just downloaded and will be installing, which is from 03/30.

Just trying to get on the same page as everyone else, again to see if this is a PFSense issue, or a Comcast issue. Of course, based on what voiptalk See Profile said, it appears to be a pfSense issue, and not a Comcast one.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail



acosgrove

join:2013-03-30
Woodstock, GA

1 edit
reply to graysonf

I switched over to m0n0wall and everything except v6 routing was working properly.

I think I may have a Comcast issue at this point. I opened an HE tunnel account and am now happily connecting to v6 sites. Is there someone in particular I should ask to review on the Comcast end?

I'll keep an eye out for an RC since I like the additional features and packages pfSense supports. Until then I'm sticking with m0n0.


voiptalk

join:2010-04-10
Gainesville, VA
reply to plencnerb

said by plencnerb:

Then, sometime in Feb / March, things took a bit of a dive so to speak, and now we have these issues.

I've been trying to piece that aspect together. pfSense developers were using the WIDE DHCP client, then changed [back] to ISC. I wasn't using it while WIDE was in use.

said by acosgrove:

I opened an HE tunnel account and am now happily connecting to v6 sites.

I am very very close to going back to HE. I've invested way too much time on issue.


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
reply to acosgrove

Are you using m0n0 1.34 or 1.8.1?

I know 1.8.8 works with Comcast native IPv6. If it doesn't for you then it's misconfigured on your end, misconfigured on Comcast's end, or not deployed in your area yet.

There is someone from Comcast here can help you. I don't recall his name but he will probably see see this and add to the thread. He will want your cable modem MAC address first, so have that available.



acosgrove

join:2013-03-30
Woodstock, GA

I'm using 1.3.4 -- I'm pretty sure it's deployed in my area, the CMTS does hand me a /128 and a /64. Configuration-wise I'm willing to bet 90% my fault.



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

You could post screenshots of your configuration pages.

But upgrading to 1.8.1 if possible would be a good idea since there are more users of that version.