dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
20554
share rss forum feed


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3

2 edits
reply to voiptalk

Re: [IPv6] pfSense - Anybody else having issues?

Click for full size
#1
Click for full size
#2

List of Services
  
Ok, maybe I did something wrong. Maybe I downloaded the wrong beta build (too soon?), or something else went south..... Ahh the joy's of running beta software! :D

As I said in my post this morning, I went ahead and downloaded, unzipped, and burned to cd the iso image contained in this file "pfSense-LiveCD-2.1-BETA1-i386-20130509-0705.iso.gz".

I went through the install process (yes, did a new install not an upgrade), and things are now running.

However, a few things stand out that make me wonder if I should wait and get the later build that will come out tonight.

If you look at the first picture, it shows what my current build of the beta is, as well as what the "new" or current version is.

My version is 2.1-BETA1 Built On: Thu May 9 07:05:02 EDT 2013

The "new" version is
2.1-BETA1 built on Thu May 9 07:05:58 EDT 2013

Notice that the only difference between the two builds is the new one has a build date/time that is 56 seconds later. I did go and look at the snapshot download page
http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/i386/pfSense_HEAD/livecd_installer/?C=M;O=D
 

to see if there was a newer one then the one I downloaded this morning. So far, that is not the case. Makes me wonder where I can download that version from.

Thing #2

If you look at picture #2, it shows my interface status for both the WAN and LAN.

Missing from the WAN interface (rl0) is
• IPv6 address:
• Subnet mask IPv6: 128

I figured I needed to reboot everything, so I halted pfSense, powered off my desktop, and powered off my modem (even pulled the battery). I then powered things back up one at a time (Modem, pfSense, desktop), but that did not change anything. Running a test for IPv6 returns that I don't have one.

Thing #3

I don't see the "radvd" service listed. The last picture (List of Services) shows what services I have. Unless "radvd" shows up and something else, then I don't have it running or listed.

So, is this because I downloaded the wrong beta build? Should I try to "upgrade" to the one that was build 56 seconds later? Or, should I just wait for the nightly update and try that?

Anything else people would like to see?

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
said by plencnerb:

I don't see the "radvd" service listed. The last picture (List of Services) shows what services I have. Unless "radvd" shows up and something else, then I don't have it running or listed.

My guess would be that the "DHCPv6 Server/RA" entry in your services list would be the equivalent of the radvd service. Your implementation probably runs a combination DHCPv6 server and RA server.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

voiptalk

join:2010-04-10
Gainesville, VA

2 edits
reply to plencnerb
Click for full size
said by plencnerb:

Thing #3
I don't see the "radvd" service listed. The last picture (List of Services) shows what services I have. Unless "radvd" shows up and something else, then I don't have it running or listed.

It only appears under Status: Services

If you haven't acquired IPv6 addressing, it may not be called.

said by plencnerb:

If you look at the first picture, it shows what my current build of the beta is, as well as what the "new" or current version is.

My version is 2.1-BETA1 Built On: Thu May 9 07:05:02 EDT 2013

The "new" version is
2.1-BETA1 built on Thu May 9 07:05:58 EDT 2013

You are ok. The installer image, that you downloaded, and the update image are built and moved to the repository at different times. But, it's all the same underlying code.

said by plencnerb:

Thing #2

If you look at picture #2, it shows my interface status for both the WAN and LAN.

Missing from the WAN interface (rl0) is
• IPv6 address:
• Subnet mask IPv6: 128

I figured I needed to reboot everything, so I halted pfSense, powered off my desktop, and powered off my modem (even pulled the battery). I then powered things back up one at a time (Modem, pfSense, desktop), but that did not change anything. Running a test for IPv6 returns that I don't have one.

Look in the system log. Do you have "client6_recvadvert: XID mismatch" messages?

I was able to get around to installing the same build you have and all is working fine.


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
Click for full size
#1
Click for full size
#2
said by voiptalk:

It only appears under Status: Services
If you haven't acquired IPv6 addressing, it may not be called.

Sounds like you are correct here. If you look at my first screen shot, I don't see that service. Knowing that I did not get an IPv6 IP, something is still not right on my end (or maybe Comcast's...), so I won't worry about that quite yet.

said by voiptalk:

You are ok. The installer image, that you downloaded, and the update image are built and moved to the repository at different times. But, it's all the same underlying code.

Ok I can see that. The updated timestamp then would have come during the move process. I thought about that after I posted it, and now I see that is the case.

said by voiptalk:

Look in the system log. Do you have "client6_recvadvert: XID mismatch" messages?

See Picture #2. I highlighted one of two messages like that. So, I am getting that message.

said by voiptalk:

I was able to get around to installing the same build you have and all is working fine.

That's good! Hopefully in 2-4 days when your DHCP lease tries to renew, you don't loose your IPv6 IP again.

So, that makes me wonder what is going on with my system....I suppose I could remove pfSense again just to make sure all is well on Comcast's side. It probably is, but it would seem odd to me that pfSense is not able to pull an IPv6 IP from Comcast, even after doing a full shutdown / reset of the modem.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail

voiptalk

join:2010-04-10
Gainesville, VA

1 edit
The ""client6_recvadvert: XID mismatch" has been rather problematic and aggravating. If you do a packet capture, you can see it's the DHCPv6 client and Comcast DHCP server "arguing" with each other.

When I first upgraded to this build, I could not pull IPv6 addressing and was seeing that message constantly. I did the whole power-cycle process (pfSense and Cable Modem) and was then able to get IPv6 addressing. However, I was still seeing this periodically.

I then did the whole power-cycle process again and it cleared up and I've been stable.

Perhaps NetDog could shed some light on what that is. It's some interaction between the CPE (pfSense), the cable modem and the Comcast DHCP servers. (Just powercycling the cable modem will almost always clear this up.)


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
said by voiptalk:

The ""client6_recvadvert: XID mismatch" has been rather problematic and aggravating. If you do a packet capture, you can see it's the DHCPv6 client and Comcast DHCP server "arguing" with each other.

When I first upgraded to this build, I could not pull IPv6 addressing and was seeing that message constantly. I did the whole power-cycle process (pfSense and Cable Modem) and was then able to get IPv6 addressing. However, I was still seeing this periodically.

I then did the whole power-cycle process again and it cleared up and I've been stable.

Perhaps NetDog could shed some light on what that is. It's some interaction between the CPE (pfSense), the cable modem and the Comcast DHCP servers. (Just powercycling the cable modem will almost always clear this up.)

Well, it cannot hurt to power everything off and try again. In that process, I will do a quick check just to make sure IPv6 is indeed working for me yet with my Cable Modem and my desktop, just to rule that out. It will probably work, but I want to make sure.

I'll save the ipconfig/all text when I do that, just for reference.

Once I get things back, I'll post my results.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
Click for full size
Picture #1
Click for full size
Picture #2
I went ahead and powered everything off, and did a test with my desktop directly connected to my cable modem.

IPv6 does work in that case, as can be seen by the following items.

Picture #1: Shows the results of the web page
http://www.test-ipv6.com/
 

Picture #2: Shows the results of the IPv6 Comcast speed test page. Since it came up, it helps show that I have a valid IPv6 IP, which was 2001:558:6033:ad:7cfd:3112:b37e:49c2

The code below is the full text from doing the command ipconfig / all at the command prompt.

ipconfig /all
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : BRIAN-DESKTOP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.il.comcast.net.
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : hsd1.il.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F4-6D-04-F0-32-43
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:558:6033:ad:7cfd:3112:b37e:49c2(Preferred)
   Lease Obtained. . . . . . . . . . : Thursday, May 9, 2013 7:39:24 PM
   Lease Expires . . . . . . . . . . : Monday, May 13, 2013 7:39:23 PM
   Link-local IPv6 Address . . . . . : fe80::f892:3ec0:1564:4848%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 98.227.144.178(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Lease Obtained. . . . . . . . . . : Thursday, May 9, 2013 7:39:25 PM
   Lease Expires . . . . . . . . . . : Thursday, May 9, 2013 8:39:25 PM
   Default Gateway . . . . . . . . . : fe80::201:5cff:fe3d:4e41%11
                                       98.227.144.1
   DHCP Server . . . . . . . . . . . : 69.252.202.7
   DHCPv6 IAID . . . . . . . . . . . : 267676932
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-EA-12-87-F4-6D-04-F0-32-43
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1498:ff3:9d1c:6f4d(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1498:ff3:9d1c:6f4d%13(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.hsd1.il.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.il.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
 

So, I know that IPv6 is working in my area (as it always has been). The problem then, is with pfSense.

So, I then powered off my desktop, powered off my cable modem (which, btw, is an Arris TM722G). By "powered off" my cable modem I did the following things
• Unplugged all items from the back (power cord, lan cable, coax, phone lines)
• pulled the battery
• Waited 2 minutes
• put battery back in
• reconnected phone line, lan cable, coax, and power cord.

Once the modem was up, I then powered up my pfSense box, and then my desktop.

While I do have an internet connection, pfSense is still not able to pull an IPv6 IP from Comcast.

Below is the last 50 system log entries, if that helps any
Last 50 system log entries
May 9 19:53:00 check_reload_status: Linkup starting xl0
May 9 19:53:00 kernel: xl0: link state changed to DOWN
May 9 19:53:00 php: : Resyncing OpenVPN instances.
May 9 19:53:00 kernel: pflog0: promiscuous mode enabled
May 9 19:53:00 php: : Could not find IPv6 gateway for interface(wan).
May 9 19:53:01 dhcp6c[19738]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
May 9 19:53:01 dhcp6c[19738]: client6_init: failed initialize control message authentication
May 9 19:53:01 dhcp6c[19738]: client6_init: skip opening control port
May 9 19:53:02 kernel: xl0: link state changed to UP
May 9 19:53:02 check_reload_status: Linkup starting xl0
May 9 19:53:03 php: : rc.newwanipv6: Informational is starting rl0.
May 9 19:53:05 php: : ROUTING: setting default route to 24.13.16.1
May 9 19:53:05 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe3d:4e41%rl0
May 9 19:53:07 check_reload_status: Updating all dyndns
May 9 19:53:08 php: : rc.newwanipv6: on (IP address: 2001:558:6033:ad:790c:ef9c:8c90:62cf) (interface: wan) (real interface: rl0).
May 9 19:53:10 php: : The command 'route change -host -inet6 2001:558:feed::1 fe80::201:5cff:fe3d:4e41' returned exit code '127', the output was ''
May 9 19:53:10 php: : The command 'route change -host -inet6 2001:558:feed::2 fe80::201:5cff:fe3d:4e41' returned exit code '127', the output was ''
May 9 19:53:10 php: : ROUTING: setting default route to 24.13.16.1
May 9 19:53:10 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe3d:4e41%rl0
May 9 19:53:10 php: : rc.newwanip: Informational is starting rl0.
May 9 19:53:10 php: : rc.newwanip: on (IP address: 24.13.17.39) (interface: wan) (real interface: rl0).
May 9 19:53:11 php: : The command 'route change -host -inet6 2001:558:feed::1 fe80::201:5cff:fe3d:4e41' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change host 2001:558:feed::1: gateway fe80::201:5cff:fe3d:4e41: Network is unreachable'
May 9 19:53:11 php: : The command '/sbin/ifconfig rl0 inet6 2001:558:6033:ad:1921:8898:ab5b:c666 delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
May 9 19:53:11 check_reload_status: Reloading filter
May 9 19:53:11 php: : The command 'route change -host -inet6 2001:558:feed::2 fe80::201:5cff:fe3d:4e41' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change host 2001:558:feed::2: gateway fe80::201:5cff:fe3d:4e41: Network is unreachable'
May 9 19:53:11 php: : Accept router advertisements on interface rl0
May 9 19:53:11 php: : ROUTING: setting default route to 24.13.16.1
May 9 19:53:11 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe3d:4e41%rl0
May 9 19:53:14 php: : Creating rrd update script
May 9 19:53:14 syslogd: exiting on signal 15
May 9 19:53:14 syslogd: kernel boot file is /boot/kernel/kernel
May 9 19:53:15 dhcp6c[60403]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
May 9 19:53:15 dhcp6c[60403]: client6_init: failed initialize control message authentication
May 9 19:53:15 dhcp6c[60403]: client6_init: skip opening control port
May 9 19:53:15 php: : Restarting/Starting all packages.
May 9 19:53:16 php: : Resyncing OpenVPN instances for interface WAN.
May 9 19:53:16 php: : Creating rrd update script
May 9 19:53:16 php: : pfSense package system has detected an ip change 2001:558:6033:ad:1921:8898:ab5b:c666 -> 2001:558:6033:ad:790c:ef9c:8c90:62cf ... Restarting packages.
May 9 19:53:16 check_reload_status: Starting packages
May 9 19:53:17 login: login on ttyv0 as root
May 9 19:53:17 sshlockout[90197]: sshlockout/webConfigurator v3.0 starting up
May 9 19:53:18 php: : Resyncing OpenVPN instances for interface WAN.
May 9 19:53:18 php: : Creating rrd update script
May 9 19:53:20 php: : pfSense package system has detected an ip change 24.13.17.39 -> 24.13.17.39 ... Restarting packages.
May 9 19:53:21 php: : Restarting/Starting all packages.
May 9 19:53:44 dhcp6c[20026]: client6_timo: no responses were received
May 9 19:53:46 dhcp6c[20026]: client6_timo: no responses were received
May 9 19:53:46 dhcp6c[20026]: check_exit: exiting
May 9 19:54:35 php: /index.php: Successful login for user 'admin' from: 192.168.1.103
May 9 19:54:35 php: /index.php: Successful login for user 'admin' from: 192.168.1.103
 

Some of the log messages that I am seeing worry me a bit. The ones I'm talking about are below

 19:53:11 php: : The command 'route change -host -inet6 2001:558:feed::1 fe80::201:5cff:fe3d:4e41' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change host 2001:558:feed::1: gateway fe80::201:5cff:fe3d:4e41: Network is unreachable'
May 9 19:53:11 php: : The command '/sbin/ifconfig rl0 inet6 2001:558:6033:ad:1921:8898:ab5b:c666 delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
May 9 19:53:11 check_reload_status: Reloading filter
May 9 19:53:11 php: : The command 'route change -host -inet6 2001:558:feed::2 fe80::201:5cff:fe3d:4e41' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change host 2001:558:feed::2: gateway fe80::201:5cff:fe3d:4e41: Network is unreachable'
May 9 19:53:11 php: : Accept router advertisements on interface rl0
May 9 19:53:11 php: : ROUTING: setting default route to 24.13.16.1
May 9 19:53:11 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe3d:4e41%rl0
May 9 19:53:14 php: : Creating rrd update script
May 9 19:53:14 syslogd: exiting on signal 15
 
 

So, I don't know if those messages, or any others are anything to worry about or not.

When I did the last install, I made a note of what changes I made from a "default" install. Those changes are below

Change #1: Modify the default login password of the admin account to something else.

Change #2: Modify the dashboard screen to include the following items: "Interfaces", "System Information", "Gateways", "SMART Status" and "Interface Statistics"

Change #3: Modify the General Setup Options outlined below
System Menu --> General Setup
Host Name: pfsense

Domain: localdomain

DNS Server 2001:558:feed::1 using gateway WAN_DHCP6 - wan - fe80:201:5cff:fe3d:4ef1

DNS Server 2001:558:feed::2 using gateway WAN_DHCP6 - wan - fe80:201:5cff:fe3d:4ef1

Time Zone: Use America/Chicago

Change #4: Add a WAN Rule for IPv6
Firewall Menu, then Rules, then WAN
Action: Pass
Disabled: unchecked
Interface: WAN
TCP/IP Version: IPv6
Protocol: TCP
Source: No changes
Destination: No changes
Destination port range: No changes
Log: Unchecked
Description: Added to allow IPv6

Thoughts as to why I can no longer pull an IPv6 IP from pfSense? If more info is needed, let me know.

Thanks,

--Brian

--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail

voiptalk

join:2010-04-10
Gainesville, VA
Wow .. not sure what is going on there.

Just to verify the basics, against my working installation.

1) Interfaces: WAN
DHCPv6 Prefix Delegation size: 64
(I think it was defaulted to 0)

2) Interfaces: LAN
IPv6 Configuration Type: Track Interface
Track Interface: WAN

3) Remove the DNS servers from General Setup and try again. It looks like when they are added, it triggers some additional activity. Eliminate that for now. Also, there should be no need to statically configure DNS servers that are already being learned from DHCPv6.

* I highly recommend removing that firewall rule. It's not needed and is defeating the firewall, leaving you open to the outside. Established connections are permitted by the default rules. That rule is permitting connections directly to the WAN interface.

Other than that, I would move to an earlier build and try to get back to a known working configuration.


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3

1 edit
I verified / changed the things that you said, and its still not working for IPv6. I did see that it did pull all of the DNS Servers without me doing that step.

And by not working, when I try to go to the test ipv6 web page, it comes back with 0/10. I also don't see an actual IPv6 IP or Subnet mask of 128 on the Interface Status for the WAN side of things.

So, I'll either try to re-install the same build and not make the same changes, in case something did get messed up, or I will try an earlier one just to see if I can get IPv6 working again.

--Brian


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3

1 recommendation

Well, I went ahead and loaded the May 9th morning build, and this time, it looks like it worked. I think my issue last time was that I did not let the web interface wizard finish, as well as the changes that I had made.

I am seeing the "radvd" service, and its running. I do have a IPv6 IP, and both test sites, as well as Comcast's IPv6 speedtest site all load without problem.

So, now I'll see what happens in 3-4 days when the DHCP lease expires, and pfSense goes to renew it.



--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


NetDog
Premium,VIP
join:2002-03-04
Parker, CO
kudos:80
said by plencnerb:

So, now I'll see what happens in 3-4 days when the DHCP lease expires, and pfSense goes to renew it.

--Brian

Brian,

Please save all your logs and data that you can so if your prefix changes I will compare the data with our logs..
--
Comcaster.. Network Engineer with NETO


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
NetDog,

How would be the best way to do that?

--Brian


NetDog
Premium,VIP
join:2002-03-04
Parker, CO
kudos:80
I am sure pfSense has a way to do that, but I am not sure..
--
Comcaster.. Network Engineer with NETO


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
Yes, I think there is a way too, I just don't know.

I know from the web side of things, you can see the last 50 system log entries. Beyond that, I would think that if I went into the console side of things, I should be able to run some command or copy some file(s) from inside of the FreeBSD environment to get whatever logs you may need.

I know that during the next few days, I won't manually clear any logs to help save whatever data there may be.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
One way to preserve the pfSense logs is to enable syslog reporting to an external syslog daemon. Here is a link to instructions for the pfSense side of setting that up: »doc.pfsense.org/index.php/Copyin···h_Syslog

Most (if not all) *nix distributions have a built-in syslog daemon, and there are several available for the Windows environment. I run 3cdaemon on my Windows server to collect log data from my routers. This program used to be available directly from 3com, but since the HP assimilation, that is no longer the case. It does still seem to be available from »www.oldversion.com/windows/3com-daemon-2r10
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

voiptalk

join:2010-04-10
Gainesville, VA
reply to voiptalk
The latest builds do not resolve the problem. When the 4 day lease expires, pfsense looses all the IPv6 addressing. I updated the bug.

NetDog. I had emailed you packet captured showing why the prefix changes a couple of weeks ago.


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
said by voiptalk:

The latest builds do not resolve the problem. When the 4 day lease expires, pfsense looses all the IPv6 addressing. I updated the bug.

NetDog. I had emailed you packet captured showing why the prefix changes a couple of weeks ago.

I wanted to also say that I saw the problem when I got home from work this evening.

I have not had time to do a full investigation, but the few quick things that I did notice.

1) "radvd" service is now MIA from the list.
2) WAN interface no longer shows anything to do with IPv6 (except the IPv6 Link Local and Gateway IPv6)
3) IPv6 Test sites fail with 0/10
4) Comcast's IPv6 Speedtest site fails to load
5) Uptime of pfSense as of this post is 4 Days 04 Hours 07 Minutes 31 Seconds

If there are any logs or other information that may be needed, please let me know (as well as where they are at, or how to get them), and I'll pass them on to anyone who may need them.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail

voiptalk

join:2010-04-10
Gainesville, VA
reply to voiptalk
The powers that run pfSense have made the call to move from Beta to RC status (a 'short' RC cycle, at that). At this point, I think it would be helpful for all to provide feedback on the pfSense forum that they are seeing this problem. I just can't imaging going to Release status while this problem exists. If they get a better sense of how many people this is affecting, perhaps more attention will be put on fixing it.

Add your comments here: »forum.pfsense.org/index.php/topi···6.0.html

For reference, here is the bug: »redmine.pfsense.org/issues/2919


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
Maybe the pfsense guys should talk to the m0n0wall guys - they have this working fine for quite some time. There is some system log flooding related to this, but it doesn't break anything and they know how to fix it.


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3

1 recommendation

reply to voiptalk
I went ahead and registered over at the pfSense forums, and will be adding a post to that thread here this morning.

I agree with you on this. This is a "big" issue in my eyes, and needs to be fixed before this version moves from beta to RC. One of the reasons people produce and run beta versions is to discover, and hopefully fix, any major bugs that come up. Sure, you may not find every single bug, but the ones that are reported by the end user base should be addressed and resolved before moving onto the next stage of the development life cycle.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
Just a quick update....

I wanted to try to get IPv6 working again for me, and I have been unsuccessful. I've rebooted everything multiple times, and I've even re-installed pfSense.....all to no avail.

So, not sure what is going on now, but for the life of me, I cannot get pfSense to pull an IPv6 IP from Comcast. I did verify that IPv6 is still working, if I plug my desktop directly into my cable modem and reboot both of them. Put pfSense into the mix, and no IPv6.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail

voiptalk

join:2010-04-10
Gainesville, VA

1 edit
Are you getting that xid mismatch error?

From what I've seen pfSense is just becoming more problematic, not better. The Canadian folks on 6RD are having problems, the folks on Comcast and Deutsche Telecom can't keep DHCP-PD addresses.

Anyway, when I've had a problem getting an address, I:
1) Power off both the CM and pfs.
2) Turn on the CM and wait until it syncs.
3) Fire up pfs .. and it will get the IPv6 addressing.

--

For me, I've switched over to m0n0wall, just for testing. I want to see it properly renew the lease after 4 days. On day 1.5 right now!

However, getting 190+ RA syslogs every 10 minutes is outright bizarre! Mr. Grayson, any word on getting that chatter suppressed?


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
While I'm not seeing the xid mismatch error (at least not in the last 50 log entries), I am seeing this

May 29 23:05:17 php: : rc.newwanipv6: Failed to update wan IPv6, restarting...
 

and a few of these

May 29 18:05:25 dhcp6c[95678]: check_exit: exiting
May 29 18:05:26 dhcp6c[17992]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
May 29 18:05:26 dhcp6c[17992]: client6_init: failed initialize control message authentication
May 29 18:05:26 dhcp6c[17992]: client6_init: skip opening control port
May 29 23:05:27 check_reload_status: updating dyndns wan
 

What I don't get is that even after a full power off of my Cable Modem, and a full re-install of the same version that was working, I cannot get pfSense to pull an IPv6 IP on the WAN side. As far as what version, I'm still running

2.1-BETA1 (i386)
built on Thu May 9 07:05:02 EDT 2013
FreeBSD 8.3-RELEASE-p8

Which as I said back on the 9th of May, did work for 4 days.

I also want to point out that the ""radvd" service is missing again for me, even after a re-install of pfSense.

--Brian

--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail

voiptalk

join:2010-04-10
Gainesville, VA
reply to graysonf
said by graysonf:

Maybe the pfsense guys should talk to the m0n0wall guys - they have this working fine for quite some time. There is some system log flooding related to this, but it doesn't break anything and they know how to fix it.

That's sounding like a very good idea! I have been running m0n0wall (1.8.1b540) and it does not have the renewal problem that pfSense has.

I hope the system log flooding fix is incorporated in a build. It would be really nice to get rid of all that useless chatter.

I also stumbled onto the problem of enabling Traffic Shaping kills IPv6. On the forum, first reports of this go back to 2010!

There doesn't appear to be a lot of active development going on at m0n0wall. But, at least the basic functionality seems to to be solid.


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
Reviews:
·Comcast
On 1.8.x, if the shaper is enabled while trying to configure for IPv6 it prevents IPv6 from working. But if the shaper is disabled, then IPv6 configured, and then the shaper is re-enabled, then all is well. Note that the shaper is for IPv4 only at this point in time.

Development seems to come in spurts with glaring bugs fixed almost immediately and lesser ones fixed in groups.


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
reply to voiptalk
Well, I've been following along over at the pfSense forum, and noticed that a few more changes have been made to try to correct this issue. I have not seen a solid answer to the effect of "Its fixed", but I did want to update my version from the May 9th build to something a bit more current.

I'll probably do that today. Has anyone here who is running pfSense upgraded to a newer beta build, and had any success?

Once I get things upgraded, I'll make a new post showing things, and if IPv6 is working or not.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail

voiptalk

join:2010-04-10
Gainesville, VA
Negative. The more "fixes" they put in, the worse it gets. At least before you could get IPv6 addressing and it would stick for 4 days. Then it would disappear; do a reboot and be back in service.

Now, if you are lucky enough to have it actually get an address, it can disappear within an hour or so.

My solution ..... run m0n0wall.

I'll keep trying pfSense periodically because it has the features I want and use. But, Requirement #1 is to be able to get and maintain IPv6 addresses ... and it's just not there right now.


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
Thanks for the heads up.

I've no urgent need for running IPv6, so I'm going to hold out with the version of pfSense that I'm currently running, and see if things get fixed.

--Brian


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
reply to voiptalk
I wanted to update this thread, as it appears more people are having some luck with IPv6 with some of the newer June builds.

While I have downloaded the 6-22-2013 build, I have not installed it yet. If I get the chance this weekend, I will do it and report how it goes.

--Brian


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
reply to voiptalk
I wanted to post another update to this thread.

I'm now running the following

Version 2.1-RC0 (i386)
built on Mon Jul 8 21:26:14 EDT 2013
FreeBSD 8.3-RELEASE-p8

From what I have read on the pfSense forum, it appears that most (if not all) of the IPv6 issues have been resolved. So far, things appear to be working the way they should be, meaning

• pfSense shows that my WAN IPv6 IP is 2001:558:6033:ad:....
As far as I know, this is a valid DHCPv6 IP from Comcast.

• IPv6 Test sites (example www.test-ipv6.com) return a 10/10 result

• IPv6 only sites (example ipv6.speedtest.comcast.net) load without issue

• Comcast's IPv6 Information Center site (www.comcast6.net) loads and shows the following information

Your IP address is 2601:d:4c00:ca:1118:.......
Congrats! You are using IPv6 on the Comcast Cable network.

• The Service "radvd" is running on pfSense

As I said, so far things "look good". The big test will be when the DHCPv6 lease expires, and if things continue to run.

I'll report back in a few days and let everyone know how things are going. If anyone needs any more specific information, just ask, and I'll be happy to share it.

Thanks,

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail