Comcast XFINITY → [IPv6] pfSense - Anybody else having issues?

Brian,

Please save all your logs and data that you can so if your prefix changes I will compare the data with our logs..

NetDog,

How would be the best way to do that?

--Brian

I am sure pfSense has a way to do that, but I am not sure..

Yes, I think there is a way too, I just don't know.

I know from the web side of things, you can see the last 50 system log entries. Beyond that, I would think that if I went into the console side of things, I should be able to run some command or copy some file(s) from inside of the FreeBSD environment to get whatever logs you may need.

I know that during the next few days, I won't manually clear any logs to help save whatever data there may be.

--Brian

One way to preserve the pfSense logs is to enable syslog reporting to an external syslog daemon. Here is a link to instructions for the pfSense side of setting that up: »doc.pfsense.org/index.ph ··· h_Syslog

Most (if not all) *nix distributions have a built-in syslog daemon, and there are several available for the Windows environment. I run 3cdaemon on my Windows server to collect log data from my routers. This program used to be available directly from 3com, but since the HP assimilation, that is no longer the case. It does still seem to be available from »www.oldversion.com/windo ··· mon-2r10

The latest builds do not resolve the problem. When the 4 day lease expires, pfsense looses all the IPv6 addressing. I updated the bug.

NetDog. I had emailed you packet captured showing why the prefix changes a couple of weeks ago.

I wanted to also say that I saw the problem when I got home from work this evening.

I have not had time to do a full investigation, but the few quick things that I did notice.

1) "radvd" service is now MIA from the list.
2) WAN interface no longer shows anything to do with IPv6 (except the IPv6 Link Local and Gateway IPv6)
3) IPv6 Test sites fail with 0/10
4) Comcast's IPv6 Speedtest site fails to load
5) Uptime of pfSense as of this post is 4 Days 04 Hours 07 Minutes 31 Seconds

If there are any logs or other information that may be needed, please let me know (as well as where they are at, or how to get them), and I'll pass them on to anyone who may need them.

--Brian

The powers that run pfSense have made the call to move from Beta to RC status (a 'short' RC cycle, at that). At this point, I think it would be helpful for all to provide feedback on the pfSense forum that they are seeing this problem. I just can't imaging going to Release status while this problem exists. If they get a better sense of how many people this is affecting, perhaps more attention will be put on fixing it.

Add your comments here: »forum.pfsense.org/index. ··· 6.0.html

For reference, here is the bug: »redmine.pfsense.org/issues/2919

Maybe the pfsense guys should talk to the m0n0wall guys - they have this working fine for quite some time. There is some system log flooding related to this, but it doesn't break anything and they know how to fix it.

I went ahead and registered over at the pfSense forums, and will be adding a post to that thread here this morning.

I agree with you on this. This is a "big" issue in my eyes, and needs to be fixed before this version moves from beta to RC. One of the reasons people produce and run beta versions is to discover, and hopefully fix, any major bugs that come up. Sure, you may not find every single bug, but the ones that are reported by the end user base should be addressed and resolved before moving onto the next stage of the development life cycle.

--Brian

Just a quick update....

I wanted to try to get IPv6 working again for me, and I have been unsuccessful. I've rebooted everything multiple times, and I've even re-installed pfSense.....all to no avail.

So, not sure what is going on now, but for the life of me, I cannot get pfSense to pull an IPv6 IP from Comcast. I did verify that IPv6 is still working, if I plug my desktop directly into my cable modem and reboot both of them. Put pfSense into the mix, and no IPv6.

--Brian

Are you getting that xid mismatch error?

From what I've seen pfSense is just becoming more problematic, not better. The Canadian folks on 6RD are having problems, the folks on Comcast and Deutsche Telecom can't keep DHCP-PD addresses.

Anyway, when I've had a problem getting an address, I:
1) Power off both the CM and pfs.
2) Turn on the CM and wait until it syncs.
3) Fire up pfs .. and it will get the IPv6 addressing.

--

For me, I've switched over to m0n0wall, just for testing. I want to see it properly renew the lease after 4 days. On day 1.5 right now!

However, getting 190+ RA syslogs every 10 minutes is outright bizarre! Mr. Grayson, any word on getting that chatter suppressed?

While I'm not seeing the xid mismatch error (at least not in the last 50 log entries), I am seeing this

May 29 23:05:17 php: : rc.newwanipv6: Failed to update wan IPv6, restarting...
 

and a few of these

May 29 18:05:25 dhcp6c[95678]: check_exit: exiting
May 29 18:05:26 dhcp6c[17992]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
May 29 18:05:26 dhcp6c[17992]: client6_init: failed initialize control message authentication
May 29 18:05:26 dhcp6c[17992]: client6_init: skip opening control port
May 29 23:05:27 check_reload_status: updating dyndns wan
 

What I don't get is that even after a full power off of my Cable Modem, and a full re-install of the same version that was working, I cannot get pfSense to pull an IPv6 IP on the WAN side. As far as what version, I'm still running

2.1-BETA1 (i386)
built on Thu May 9 07:05:02 EDT 2013
FreeBSD 8.3-RELEASE-p8

Which as I said back on the 9th of May, did work for 4 days.

I also want to point out that the ""radvd" service is missing again for me, even after a re-install of pfSense.

--Brian

That's sounding like a very good idea! I have been running m0n0wall (1.8.1b540) and it does not have the renewal problem that pfSense has.

I hope the system log flooding fix is incorporated in a build. It would be really nice to get rid of all that useless chatter.

I also stumbled onto the problem of enabling Traffic Shaping kills IPv6. On the forum, first reports of this go back to 2010!

There doesn't appear to be a lot of active development going on at m0n0wall. But, at least the basic functionality seems to to be solid.

On 1.8.x, if the shaper is enabled while trying to configure for IPv6 it prevents IPv6 from working. But if the shaper is disabled, then IPv6 configured, and then the shaper is re-enabled, then all is well. Note that the shaper is for IPv4 only at this point in time.

Development seems to come in spurts with glaring bugs fixed almost immediately and lesser ones fixed in groups.

Well, I've been following along over at the pfSense forum, and noticed that a few more changes have been made to try to correct this issue. I have not seen a solid answer to the effect of "Its fixed", but I did want to update my version from the May 9th build to something a bit more current.

I'll probably do that today. Has anyone here who is running pfSense upgraded to a newer beta build, and had any success?

Once I get things upgraded, I'll make a new post showing things, and if IPv6 is working or not.

--Brian

Negative. The more "fixes" they put in, the worse it gets. At least before you could get IPv6 addressing and it would stick for 4 days. Then it would disappear; do a reboot and be back in service.

Now, if you are lucky enough to have it actually get an address, it can disappear within an hour or so.

My solution ..... run m0n0wall.

I'll keep trying pfSense periodically because it has the features I want and use. But, Requirement #1 is to be able to get and maintain IPv6 addresses ... and it's just not there right now.

Thanks for the heads up.

I've no urgent need for running IPv6, so I'm going to hold out with the version of pfSense that I'm currently running, and see if things get fixed.

--Brian

I wanted to update this thread, as it appears more people are having some luck with IPv6 with some of the newer June builds.

While I have downloaded the 6-22-2013 build, I have not installed it yet. If I get the chance this weekend, I will do it and report how it goes.

--Brian

I wanted to post another update to this thread.

I'm now running the following

Version 2.1-RC0 (i386)
built on Mon Jul 8 21:26:14 EDT 2013
FreeBSD 8.3-RELEASE-p8

From what I have read on the pfSense forum, it appears that most (if not all) of the IPv6 issues have been resolved. So far, things appear to be working the way they should be, meaning

• pfSense shows that my WAN IPv6 IP is 2001:558:6033:ad:....
As far as I know, this is a valid DHCPv6 IP from Comcast.

• IPv6 Test sites (example www.test-ipv6.com) return a 10/10 result

• IPv6 only sites (example ipv6.speedtest.comcast.net) load without issue

• Comcast's IPv6 Information Center site (www.comcast6.net) loads and shows the following information

Your IP address is 2601:d:4c00:ca:1118:.......
Congrats! You are using IPv6 on the Comcast Cable network.

• The Service "radvd" is running on pfSense

As I said, so far things "look good". The big test will be when the DHCPv6 lease expires, and if things continue to run.

I'll report back in a few days and let everyone know how things are going. If anyone needs any more specific information, just ask, and I'll be happy to share it.

Thanks,

--Brian

Well, looks like there are still issues with pfSense yet.

As you can see from the above picture, I have lost my IPv6 IP. Uptime is just over 5 days.

Everything that I mentioned in my post on the 9th of July being "good" as far as IPv6 goes, is now "bad".

• No IPv6 IP on the WAN side
• IPv6 Test sites return 0/10
• IPv6 only sites fail to load
• Comcast's IPv6 Information Center sites shows the following information

quote:

---

Your IP address is 24.13.17.39
Your CMTS is ready for IPv6. Please check this website for modem support.
- See more at: »www.comcast6.net/#sthash ··· Phf.dpuf

---

• The Service "radvd" is no longer listed in pfSense.



I do know that nothing did reboot. Uptime on the modem is just a bit longer (2 or 3 minutes) then pfSense. My desktop has also not been rebooted either.

I'm also going to update the thread over at the pfSense forum as well.

If anyone here would like more information, let me know and I'll be happy to get it and post it.

Thanks,

--Brian

Clear /etc/bogonsv6 and see if it comes back. You may have to reboot.

(I made the same comment to your post on the pfsense forum. Please reply over there, too. Thx)

Ok riddle me this batman.....

You all saw the screen shot that I posted on the 14th.

When I went into pfSense this morning to enable SSH (per voiptalk 's post on the pfSense Forum), I was very surprised when I saw that my main screen now looks like the above picture.

Notice that I now see IPv6 Information under both the WAN and LAN Interface section. The service "Radvd" shows up again in the services status.

I then went and did a quick test at a test IPv6 site (www.test-ipv6.com) and it came back with 10/10.

Has my computer been rebooted? No
Has pfSense been rebooted? No
Has my modem been rebooted? No

Did I do anything? No!



While its still a mystery that it stopped working, it is even more a mystery now that it started up again without any action on my part.

Thoughts?

--Brian

Well, it looks like whatever is going on with my IPv6 IP is a constant. Woke up this morning, and noticed that I again don't have an IPv6 IP in pfSense.

Yet, I've made no modifications, modem and pfSense have not been rebooted.

So, I'm going to just let things be, and see if it comes back on its own like it did last time.

Uptime for pfSense is currently at 9 Days 15 Hours 48 Minutes 25 Seconds.

--Brian

Thanks for keeping us updated. I was going to upgrade from a Feb Beta build, but looks like I'm just going to wait. Hopefully the team can get it sorted out.

No problem. Always glad to help out with things like this. The thing that gets me is that after some point, it does start working again, and it puzzles me as to what that is.

I don't know much about FreeBSD, so its not like I can just start opening up logs and such and go oh hey..this is why its doing it. Hopefully someone else that knows FreeBSD more, or is more familiar with pfSense will be able to shed some light on this.

--Brian

pfsense is built on FreeBSD, not OpenBSD.

My bad! Got the letters wrong!

I am really surprised this is not fixed by now. Are there no pfsense developers that have Comcast service?

m0n0wall, also FreeBSD based has had this working for quite some time, and most of the developers are in Europe.

I have been using it without problems for a couple of weeks not. Previously I couldn't get it to work at all. I've gone 5 to 7 days without loss of IPv6 with builds the last couple of weeks. It may not be totally fixed for some but it's finally working for me.

I'm using 2.1-RC0 (i386) built on Tue Jul 16 16:31:10 EDT 2013 now and it's been up for 2 Days 21 Hours 07 Minutes 01 Seconds at present. I am able to reboot and it still maintains Ipv6 connectivity.

If you haven't given it a try for a while it might be worth giving it a shot now.