dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
28450

plencnerb
Premium Member
join:2000-09-25
53403-1242

1 recommendation

plencnerb to voiptalk

Premium Member

to voiptalk

Re: [IPv6] pfSense - Anybody else having issues?

said by voiptalk:

radvd needs to be running and should require no action on your part to enable or start it. On some of the March builds, radvd tends to die and disappear completely from the services menu. There is a mention about that on the pfsense forum thread; that problem was thought to have been fixed.

I did see you mention that in the thread over at the pfSense forums. I also agree with you that this does not appear to be a Comcast issue, but an issue with pfSense.

What I will probably do is give it a week or so, and then download a Beta at that point, and see if that service is running, or if that problem has been fixed. IPv6 for me is not that critical, so not having it working is not that big of a deal. However, I do enjoy pfSense, and if there is a way for me to help test/debug/validate things along the way, I'm more then welcome to help do so.

Thanks,

--Brian

camper
just visiting this planet
Premium Member
join:2010-03-21
Bethel, CT

camper to graysonf

Premium Member

to graysonf
said by graysonf:

... we would have to patch rtadvd to silence this message if using dhcp-pd etc, by adding some flags etc.

From that it sounds like using DHCP-PD negates the need to listen for and process RA on the WAN interface.

If that is correct, then just patching out the line in the source code that logs the RA packet should suffice.

If that is not correct, then there's a problem in OpenBSD (and, from the reply you received, it sounds like FreeBSD as well). The sysctl.conf file of OpenBSD allows for packet forwarding (i.e., acting as a router) or accepting RA packets, but not both.


net.inet6.ip6.forwarding=1       # 1=Permit forwarding (routing) of IPv6 packets
net.inet6.ip6.accept_rtadv=0     # 1=Permit IPv6 autoconf (forwarding must be 0)

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

graysonf

MVM

I'm not sure which case is applicable. But if there is a sysctl.conf file on m0n0wall I am unable to find it.

camper
just visiting this planet
Premium Member
join:2010-03-21
Bethel, CT

camper

Premium Member

It would be in /etc if it existed. My FreeBSD servers do not have a /etc/sysctl.conf since most of the boot-time configuration is done via /etc/rc.conf

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

graysonf

MVM

Not in /etc and there is no /etc/rc.conf

m0n0wall is unusual as it is configured with php scripts as opposed to shell code.

camper
just visiting this planet
Premium Member
join:2010-03-21
Bethel, CT

camper to graysonf

Premium Member

to graysonf
Try running this command at the command line:

  sysctl net.inet6.ip6

That prints out all the IPv6 sysctl variables. Among them you'll see:

  net.inet6.ip6.forwarding: 0
  net.inet6.ip6.accept_rtadv: 0

Those values from my server indicate that the box does not do any routing and that it does not accept RA messages (it's IPv6 address and route are statically configured in rc.conf).

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

graysonf

MVM

$ sysctl net.inet6.ip6
net.inet6.ip6.forwarding: 1
net.inet6.ip6.redirect: 1
net.inet6.ip6.hlim: 64
net.inet6.ip6.maxfragpackets: 1872
net.inet6.ip6.accept_rtadv: 1
net.inet6.ip6.keepfaith: 0
net.inet6.ip6.log_interval: 5
net.inet6.ip6.hdrnestlimit: 15
net.inet6.ip6.dad_count: 1
net.inet6.ip6.auto_flowlabel: 1
net.inet6.ip6.defmcasthlim: 1
net.inet6.ip6.gifhlim: 30
net.inet6.ip6.kame_version: FreeBSD
net.inet6.ip6.use_deprecated: 1
net.inet6.ip6.rr_prune: 5
net.inet6.ip6.v6only: 1
net.inet6.ip6.rtexpire: 3600
net.inet6.ip6.rtminexpire: 10
net.inet6.ip6.rtmaxcache: 128
net.inet6.ip6.use_tempaddr: 0
net.inet6.ip6.temppltime: 86400
net.inet6.ip6.tempvltime: 604800
net.inet6.ip6.auto_linklocal: 1
net.inet6.ip6.prefer_tempaddr: 0
net.inet6.ip6.use_defaultzone: 0
net.inet6.ip6.maxfrags: 1872
net.inet6.ip6.mcast_pmtu: 0
net.inet6.ip6.stealth: 0
net.inet6.ip6.no_radr: 0
net.inet6.ip6.norbit_raif: 0
net.inet6.ip6.rfc6204w3: 1
net.inet6.ip6.mcast.loop: 1
net.inet6.ip6.mcast.maxsocksrc: 128
net.inet6.ip6.mcast.maxgrpsrc: 512

camper
just visiting this planet
Premium Member
join:2010-03-21
Bethel, CT

camper

Premium Member

said by graysonf:

$ sysctl net.inet6.ip6
net.inet6.ip6.forwarding: 1
net.inet6.ip6.accept_rtadv: 1

So it looks like the FreeBSD in your firewall can be a router (forwarding) and also accept RA packets.

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

graysonf

MVM

Yes it's pretty flexible.

camper
just visiting this planet
Premium Member
join:2010-03-21
Bethel, CT

camper

Premium Member

If OpenBSD continues to have issues with concurrent rtadvd and routing , I'll switch over to FreeBSD for the firewall / router here.

plencnerb
Premium Member
join:2000-09-25
53403-1242

plencnerb to voiptalk

Premium Member

to voiptalk
voiptalk See Profile,

I wanted to update this thread to see if you had any more information from the pfSense team about the issue and bug that you reported to them.

In looking at your post at the pfSense forum
»forum.pfsense.org/index. ··· 6.0.html
it has been at least 12 days since the last update to the thread.

So, just looking to see if there is any updates. I'm still running the following version

2.1-BETA1 (i386)
built on Fri Mar 22 22:56:56 EDT 2013
FreeBSD 8.3-RELEASE-p6

With the issues that you had reported, I did not see a need to update to a newer beta, unless the problems has been resolved.

Thanks in advance,

--Brian
voiptalk
join:2010-04-10
Gainesville, VA
MikroTik RB750G
Cisco DPC3941

1 edit

voiptalk

Member

said by plencnerb:

voiptalk See Profile,

I wanted to update this thread to see if you had any more information from the pfSense team about the issue and bug that you reported to them.

No. I watch the changes checked in daily and there hasn't been a single one related to this. As you can see in the bug, others have confirmed that this is an issue.

For myself, I have reverted back to a Hurricane Electric tunnel. Not only is it rock-solid with lower latency than native IPv6 from Comcast (the HE tunnel end point is right there with Akamai and Google in Ashburn, VA) , but it comes with static IPv6 addressing. With Comcast I get a new LAN prefix each time I reboot. So, taking a break until the pfSense dev's check in something worthwhile.

plencnerb
Premium Member
join:2000-09-25
53403-1242

plencnerb

Premium Member

Thanks for the update. I'll just continue to run what I have until an update comes from pfSense as well.

I like the product, and it has a ton of features in it. So, I'm not ready to switch it out for something else at this point yet.

--Brian

camper
just visiting this planet
Premium Member
join:2010-03-21
Bethel, CT

camper to voiptalk

Premium Member

to voiptalk
said by voiptalk:

...With Comcast I get a new LAN prefix each time I reboot. ...

 
Oh well... looks like I'll need to write an IPv6 dynamic DNS script.....
voiptalk
join:2010-04-10
Gainesville, VA
MikroTik RB750G
Cisco DPC3941

voiptalk to plencnerb

Member

to plencnerb
said by plencnerb:

voiptalk See Profile,

I wanted to update this thread to see if you had any more information from the pfSense team about the issue and bug that you reported to them.

Development has requested that we test with tomorrow's (May 9) snapshot.

I'm won't be able to upgrade to that for a while, so hopefully Brian or somebody can and report back.

plencnerb
Premium Member
join:2000-09-25
53403-1242

plencnerb

Premium Member

Click for full size
said by voiptalk:

said by plencnerb:

voiptalk See Profile,

I wanted to update this thread to see if you had any more information from the pfSense team about the issue and bug that you reported to them.

Development has requested that we test with tomorrow's (May 9) snapshot.

I'm won't be able to upgrade to that for a while, so hopefully Brian or somebody can and report back.

I should be able to upgrade to that snapshot tomorrow night.

My question is, which May 9th snapshot do I want? When I look at the list, there is one that comes out early (5 AM), and one that comes out later (5 PM).

If you look at the above picture, the red arrows show the two ISO Live installer Images for today.

Just asking, as I want to make sure I grab the right build.

Thanks,

--Brian
voiptalk
join:2010-04-10
Gainesville, VA

voiptalk

Member


Based on the commit time of the changes, they should be in the May 9th AM build.

plencnerb
Premium Member
join:2000-09-25
53403-1242

plencnerb

Premium Member

Sounds good. I'll download it tomorrow, and install that and then report how things go.

If there are any special things I should look for, let me know. I'll see what I can do and post screen shots if there is something special that you (or anyone else) would be interested in seeing.

--Brian
plencnerb

plencnerb

Premium Member

Just wanted to give a quick update. I have downloaded and burned to CD the following file

pfSense-LiveCD-2.1-BETA1-i386-20130509-0705.iso.gz

Date/time stamp: 09-May-2013 07:34
File Size: 85M

At some point today, I'll be doing a fresh install of that version of pfSense and pass along any information that I can.

Again, if there is something specific that you would like to see, let me know.

Thanks,

--Brian
voiptalk
join:2010-04-10
Gainesville, VA
MikroTik RB750G
Cisco DPC3941

voiptalk

Member

said by plencnerb:

Again, if there is something specific that you would like to see, let me know.

Thanks. Main things to watch for:

1) Does radvd start by itself. There had been an issue where it had to be started manually, after initial boot.

2) More important ... Is the LAN IPv6 address still there at the 2-day and 4-day uptime mark. pfSense had not been renewing properly (DHCP-PD) and the LAN IPv6 address was removed.

plencnerb
Premium Member
join:2000-09-25
53403-1242

2 edits

plencnerb

Premium Member

Click for full size
#1
Click for full size
#2

List of Services
  
Ok, maybe I did something wrong. Maybe I downloaded the wrong beta build (too soon?), or something else went south..... Ahh the joy's of running beta software! :D

As I said in my post this morning, I went ahead and downloaded, unzipped, and burned to cd the iso image contained in this file "pfSense-LiveCD-2.1-BETA1-i386-20130509-0705.iso.gz".

I went through the install process (yes, did a new install not an upgrade), and things are now running.

However, a few things stand out that make me wonder if I should wait and get the later build that will come out tonight.

If you look at the first picture, it shows what my current build of the beta is, as well as what the "new" or current version is.

My version is 2.1-BETA1 Built On: Thu May 9 07:05:02 EDT 2013

The "new" version is
2.1-BETA1 built on Thu May 9 07:05:58 EDT 2013

Notice that the only difference between the two builds is the new one has a build date/time that is 56 seconds later. I did go and look at the snapshot download page
http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/i386/pfSense_HEAD/livecd_installer/?C=M;O=D
 

to see if there was a newer one then the one I downloaded this morning. So far, that is not the case. Makes me wonder where I can download that version from.

Thing #2

If you look at picture #2, it shows my interface status for both the WAN and LAN.

Missing from the WAN interface (rl0) is
• IPv6 address:
• Subnet mask IPv6: 128

I figured I needed to reboot everything, so I halted pfSense, powered off my desktop, and powered off my modem (even pulled the battery). I then powered things back up one at a time (Modem, pfSense, desktop), but that did not change anything. Running a test for IPv6 returns that I don't have one.

Thing #3

I don't see the "radvd" service listed. The last picture (List of Services) shows what services I have. Unless "radvd" shows up and something else, then I don't have it running or listed.

So, is this because I downloaded the wrong beta build? Should I try to "upgrade" to the one that was build 56 seconds later? Or, should I just wait for the nightly update and try that?

Anything else people would like to see?

--Brian

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by plencnerb:

I don't see the "radvd" service listed. The last picture (List of Services) shows what services I have. Unless "radvd" shows up and something else, then I don't have it running or listed.

My guess would be that the "DHCPv6 Server/RA" entry in your services list would be the equivalent of the radvd service. Your implementation probably runs a combination DHCPv6 server and RA server.
voiptalk
join:2010-04-10
Gainesville, VA
MikroTik RB750G
Cisco DPC3941

2 edits

voiptalk to plencnerb

Member

to plencnerb
Click for full size
said by plencnerb:

Thing #3
I don't see the "radvd" service listed. The last picture (List of Services) shows what services I have. Unless "radvd" shows up and something else, then I don't have it running or listed.

It only appears under Status: Services

If you haven't acquired IPv6 addressing, it may not be called.
said by plencnerb:

If you look at the first picture, it shows what my current build of the beta is, as well as what the "new" or current version is.

My version is 2.1-BETA1 Built On: Thu May 9 07:05:02 EDT 2013

The "new" version is
2.1-BETA1 built on Thu May 9 07:05:58 EDT 2013

You are ok. The installer image, that you downloaded, and the update image are built and moved to the repository at different times. But, it's all the same underlying code.
said by plencnerb:

Thing #2

If you look at picture #2, it shows my interface status for both the WAN and LAN.

Missing from the WAN interface (rl0) is
• IPv6 address:
• Subnet mask IPv6: 128

I figured I needed to reboot everything, so I halted pfSense, powered off my desktop, and powered off my modem (even pulled the battery). I then powered things back up one at a time (Modem, pfSense, desktop), but that did not change anything. Running a test for IPv6 returns that I don't have one.

Look in the system log. Do you have "client6_recvadvert: XID mismatch" messages?

I was able to get around to installing the same build you have and all is working fine.

plencnerb
Premium Member
join:2000-09-25
53403-1242

plencnerb

Premium Member

Click for full size
#1
Click for full size
#2
said by voiptalk:

It only appears under Status: Services
If you haven't acquired IPv6 addressing, it may not be called.

Sounds like you are correct here. If you look at my first screen shot, I don't see that service. Knowing that I did not get an IPv6 IP, something is still not right on my end (or maybe Comcast's...), so I won't worry about that quite yet.
said by voiptalk:

You are ok. The installer image, that you downloaded, and the update image are built and moved to the repository at different times. But, it's all the same underlying code.

Ok I can see that. The updated timestamp then would have come during the move process. I thought about that after I posted it, and now I see that is the case.
said by voiptalk:

Look in the system log. Do you have "client6_recvadvert: XID mismatch" messages?

See Picture #2. I highlighted one of two messages like that. So, I am getting that message.
said by voiptalk:

I was able to get around to installing the same build you have and all is working fine.

That's good! Hopefully in 2-4 days when your DHCP lease tries to renew, you don't loose your IPv6 IP again.

So, that makes me wonder what is going on with my system....I suppose I could remove pfSense again just to make sure all is well on Comcast's side. It probably is, but it would seem odd to me that pfSense is not able to pull an IPv6 IP from Comcast, even after doing a full shutdown / reset of the modem.

--Brian
voiptalk
join:2010-04-10
Gainesville, VA
MikroTik RB750G
Cisco DPC3941

1 edit

voiptalk

Member

The ""client6_recvadvert: XID mismatch" has been rather problematic and aggravating. If you do a packet capture, you can see it's the DHCPv6 client and Comcast DHCP server "arguing" with each other.

When I first upgraded to this build, I could not pull IPv6 addressing and was seeing that message constantly. I did the whole power-cycle process (pfSense and Cable Modem) and was then able to get IPv6 addressing. However, I was still seeing this periodically.

I then did the whole power-cycle process again and it cleared up and I've been stable.

Perhaps NetDog could shed some light on what that is. It's some interaction between the CPE (pfSense), the cable modem and the Comcast DHCP servers. (Just powercycling the cable modem will almost always clear this up.)

plencnerb
Premium Member
join:2000-09-25
53403-1242

plencnerb

Premium Member

said by voiptalk:

The ""client6_recvadvert: XID mismatch" has been rather problematic and aggravating. If you do a packet capture, you can see it's the DHCPv6 client and Comcast DHCP server "arguing" with each other.

When I first upgraded to this build, I could not pull IPv6 addressing and was seeing that message constantly. I did the whole power-cycle process (pfSense and Cable Modem) and was then able to get IPv6 addressing. However, I was still seeing this periodically.

I then did the whole power-cycle process again and it cleared up and I've been stable.

Perhaps NetDog could shed some light on what that is. It's some interaction between the CPE (pfSense), the cable modem and the Comcast DHCP servers. (Just powercycling the cable modem will almost always clear this up.)

Well, it cannot hurt to power everything off and try again. In that process, I will do a quick check just to make sure IPv6 is indeed working for me yet with my Cable Modem and my desktop, just to rule that out. It will probably work, but I want to make sure.

I'll save the ipconfig/all text when I do that, just for reference.

Once I get things back, I'll post my results.

--Brian
plencnerb

plencnerb

Premium Member

Click for full size
Picture #1
Click for full size
Picture #2
I went ahead and powered everything off, and did a test with my desktop directly connected to my cable modem.

IPv6 does work in that case, as can be seen by the following items.

Picture #1: Shows the results of the web page
http://www.test-ipv6.com/
 

Picture #2: Shows the results of the IPv6 Comcast speed test page. Since it came up, it helps show that I have a valid IPv6 IP, which was 2001:558:6033:ad:7cfd:3112:b37e:49c2

The code below is the full text from doing the command ipconfig / all at the command prompt.

ipconfig /all
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : BRIAN-DESKTOP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.il.comcast.net.
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : hsd1.il.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F4-6D-04-F0-32-43
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:558:6033:ad:7cfd:3112:b37e:49c2(Preferred)
   Lease Obtained. . . . . . . . . . : Thursday, May 9, 2013 7:39:24 PM
   Lease Expires . . . . . . . . . . : Monday, May 13, 2013 7:39:23 PM
   Link-local IPv6 Address . . . . . : fe80::f892:3ec0:1564:4848%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 98.227.144.178(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Lease Obtained. . . . . . . . . . : Thursday, May 9, 2013 7:39:25 PM
   Lease Expires . . . . . . . . . . : Thursday, May 9, 2013 8:39:25 PM
   Default Gateway . . . . . . . . . : fe80::201:5cff:fe3d:4e41%11
                                       98.227.144.1
   DHCP Server . . . . . . . . . . . : 69.252.202.7
   DHCPv6 IAID . . . . . . . . . . . : 267676932
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-EA-12-87-F4-6D-04-F0-32-43
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1498:ff3:9d1c:6f4d(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1498:ff3:9d1c:6f4d%13(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.hsd1.il.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.il.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
 

So, I know that IPv6 is working in my area (as it always has been). The problem then, is with pfSense.

So, I then powered off my desktop, powered off my cable modem (which, btw, is an Arris TM722G). By "powered off" my cable modem I did the following things
• Unplugged all items from the back (power cord, lan cable, coax, phone lines)
• pulled the battery
• Waited 2 minutes
• put battery back in
• reconnected phone line, lan cable, coax, and power cord.

Once the modem was up, I then powered up my pfSense box, and then my desktop.

While I do have an internet connection, pfSense is still not able to pull an IPv6 IP from Comcast.

Below is the last 50 system log entries, if that helps any
Last 50 system log entries
May 9 19:53:00 check_reload_status: Linkup starting xl0
May 9 19:53:00 kernel: xl0: link state changed to DOWN
May 9 19:53:00 php: : Resyncing OpenVPN instances.
May 9 19:53:00 kernel: pflog0: promiscuous mode enabled
May 9 19:53:00 php: : Could not find IPv6 gateway for interface(wan).
May 9 19:53:01 dhcp6c[19738]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
May 9 19:53:01 dhcp6c[19738]: client6_init: failed initialize control message authentication
May 9 19:53:01 dhcp6c[19738]: client6_init: skip opening control port
May 9 19:53:02 kernel: xl0: link state changed to UP
May 9 19:53:02 check_reload_status: Linkup starting xl0
May 9 19:53:03 php: : rc.newwanipv6: Informational is starting rl0.
May 9 19:53:05 php: : ROUTING: setting default route to 24.13.16.1
May 9 19:53:05 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe3d:4e41%rl0
May 9 19:53:07 check_reload_status: Updating all dyndns
May 9 19:53:08 php: : rc.newwanipv6: on (IP address: 2001:558:6033:ad:790c:ef9c:8c90:62cf) (interface: wan) (real interface: rl0).
May 9 19:53:10 php: : The command 'route change -host -inet6 2001:558:feed::1 fe80::201:5cff:fe3d:4e41' returned exit code '127', the output was ''
May 9 19:53:10 php: : The command 'route change -host -inet6 2001:558:feed::2 fe80::201:5cff:fe3d:4e41' returned exit code '127', the output was ''
May 9 19:53:10 php: : ROUTING: setting default route to 24.13.16.1
May 9 19:53:10 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe3d:4e41%rl0
May 9 19:53:10 php: : rc.newwanip: Informational is starting rl0.
May 9 19:53:10 php: : rc.newwanip: on (IP address: 24.13.17.39) (interface: wan) (real interface: rl0).
May 9 19:53:11 php: : The command 'route change -host -inet6 2001:558:feed::1 fe80::201:5cff:fe3d:4e41' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change host 2001:558:feed::1: gateway fe80::201:5cff:fe3d:4e41: Network is unreachable'
May 9 19:53:11 php: : The command '/sbin/ifconfig rl0 inet6 2001:558:6033:ad:1921:8898:ab5b:c666 delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
May 9 19:53:11 check_reload_status: Reloading filter
May 9 19:53:11 php: : The command 'route change -host -inet6 2001:558:feed::2 fe80::201:5cff:fe3d:4e41' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change host 2001:558:feed::2: gateway fe80::201:5cff:fe3d:4e41: Network is unreachable'
May 9 19:53:11 php: : Accept router advertisements on interface rl0
May 9 19:53:11 php: : ROUTING: setting default route to 24.13.16.1
May 9 19:53:11 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe3d:4e41%rl0
May 9 19:53:14 php: : Creating rrd update script
May 9 19:53:14 syslogd: exiting on signal 15
May 9 19:53:14 syslogd: kernel boot file is /boot/kernel/kernel
May 9 19:53:15 dhcp6c[60403]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
May 9 19:53:15 dhcp6c[60403]: client6_init: failed initialize control message authentication
May 9 19:53:15 dhcp6c[60403]: client6_init: skip opening control port
May 9 19:53:15 php: : Restarting/Starting all packages.
May 9 19:53:16 php: : Resyncing OpenVPN instances for interface WAN.
May 9 19:53:16 php: : Creating rrd update script
May 9 19:53:16 php: : pfSense package system has detected an ip change 2001:558:6033:ad:1921:8898:ab5b:c666 -> 2001:558:6033:ad:790c:ef9c:8c90:62cf ... Restarting packages.
May 9 19:53:16 check_reload_status: Starting packages
May 9 19:53:17 login: login on ttyv0 as root
May 9 19:53:17 sshlockout[90197]: sshlockout/webConfigurator v3.0 starting up
May 9 19:53:18 php: : Resyncing OpenVPN instances for interface WAN.
May 9 19:53:18 php: : Creating rrd update script
May 9 19:53:20 php: : pfSense package system has detected an ip change 24.13.17.39 -> 24.13.17.39 ... Restarting packages.
May 9 19:53:21 php: : Restarting/Starting all packages.
May 9 19:53:44 dhcp6c[20026]: client6_timo: no responses were received
May 9 19:53:46 dhcp6c[20026]: client6_timo: no responses were received
May 9 19:53:46 dhcp6c[20026]: check_exit: exiting
May 9 19:54:35 php: /index.php: Successful login for user 'admin' from: 192.168.1.103
May 9 19:54:35 php: /index.php: Successful login for user 'admin' from: 192.168.1.103
 

Some of the log messages that I am seeing worry me a bit. The ones I'm talking about are below

 19:53:11 php: : The command 'route change -host -inet6 2001:558:feed::1 fe80::201:5cff:fe3d:4e41' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change host 2001:558:feed::1: gateway fe80::201:5cff:fe3d:4e41: Network is unreachable'
May 9 19:53:11 php: : The command '/sbin/ifconfig rl0 inet6 2001:558:6033:ad:1921:8898:ab5b:c666 delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
May 9 19:53:11 check_reload_status: Reloading filter
May 9 19:53:11 php: : The command 'route change -host -inet6 2001:558:feed::2 fe80::201:5cff:fe3d:4e41' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change host 2001:558:feed::2: gateway fe80::201:5cff:fe3d:4e41: Network is unreachable'
May 9 19:53:11 php: : Accept router advertisements on interface rl0
May 9 19:53:11 php: : ROUTING: setting default route to 24.13.16.1
May 9 19:53:11 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe3d:4e41%rl0
May 9 19:53:14 php: : Creating rrd update script
May 9 19:53:14 syslogd: exiting on signal 15
 
 

So, I don't know if those messages, or any others are anything to worry about or not.

When I did the last install, I made a note of what changes I made from a "default" install. Those changes are below

Change #1: Modify the default login password of the admin account to something else.

Change #2: Modify the dashboard screen to include the following items: "Interfaces", "System Information", "Gateways", "SMART Status" and "Interface Statistics"

Change #3: Modify the General Setup Options outlined below
System Menu --> General Setup
Host Name: pfsense

Domain: localdomain

DNS Server 2001:558:feed::1 using gateway WAN_DHCP6 - wan - fe80:201:5cff:fe3d:4ef1

DNS Server 2001:558:feed::2 using gateway WAN_DHCP6 - wan - fe80:201:5cff:fe3d:4ef1

Time Zone: Use America/Chicago

Change #4: Add a WAN Rule for IPv6
Firewall Menu, then Rules, then WAN
Action: Pass
Disabled: unchecked
Interface: WAN
TCP/IP Version: IPv6
Protocol: TCP
Source: No changes
Destination: No changes
Destination port range: No changes
Log: Unchecked
Description: Added to allow IPv6

Thoughts as to why I can no longer pull an IPv6 IP from pfSense? If more info is needed, let me know.

Thanks,

--Brian
voiptalk
join:2010-04-10
Gainesville, VA
MikroTik RB750G
Cisco DPC3941

voiptalk

Member

Wow .. not sure what is going on there.

Just to verify the basics, against my working installation.

1) Interfaces: WAN
DHCPv6 Prefix Delegation size: 64
(I think it was defaulted to 0)

2) Interfaces: LAN
IPv6 Configuration Type: Track Interface
Track Interface: WAN

3) Remove the DNS servers from General Setup and try again. It looks like when they are added, it triggers some additional activity. Eliminate that for now. Also, there should be no need to statically configure DNS servers that are already being learned from DHCPv6.

* I highly recommend removing that firewall rule. It's not needed and is defeating the firewall, leaving you open to the outside. Established connections are permitted by the default rules. That rule is permitting connections directly to the WAN interface.

Other than that, I would move to an earlier build and try to get back to a known working configuration.

plencnerb
Premium Member
join:2000-09-25
53403-1242

1 edit

plencnerb

Premium Member

I verified / changed the things that you said, and its still not working for IPv6. I did see that it did pull all of the DNS Servers without me doing that step.

And by not working, when I try to go to the test ipv6 web page, it comes back with 0/10. I also don't see an actual IPv6 IP or Subnet mask of 128 on the Interface Status for the WAN side of things.

So, I'll either try to re-install the same build and not make the same changes, in case something did get messed up, or I will try an earlier one just to see if I can get IPv6 working again.

--Brian
plencnerb

1 recommendation

plencnerb

Premium Member

Well, I went ahead and loaded the May 9th morning build, and this time, it looks like it worked. I think my issue last time was that I did not let the web interface wizard finish, as well as the changes that I had made.

I am seeing the "radvd" service, and its running. I do have a IPv6 IP, and both test sites, as well as Comcast's IPv6 speedtest site all load without problem.

So, now I'll see what happens in 3-4 days when the DHCP lease expires, and pfSense goes to renew it.



--Brian