Netgate SG-1000 microFirewall

Author Topic: Lost IPv6 connectivity from hosts  (Read 1300 times)

0 Members and 1 Guest are viewing this topic.

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 559
  • Karma: +74/-4
    • View Profile
Lost IPv6 connectivity from hosts
« on: March 02, 2016, 07:07:03 am »
So here's a chain of events from last night that seems to have earned me a loss of IPv6 connectivity from my hosts.

1. Opened interface settings for GUEST (OPT1/igb2) network.
2. Changed no setting (though I could've easily just changed something simple like speed/duplex).
3. Saved, then applied, the settings for the interface.
4. Dashboard showed no IPv6 address for GUEST interface.
5. In interface settings, disabled GUEST interface, saved/applied, then re-enabled the interface, saved/applied.
6. Dashboard shows GUEST interface with IPv4 and IPv6 addresses. WAN and LAN show both addresses as well.
7. Host on LAN network is now observed as only browsing to IPv4 addresses for dual-stack sites.
8. Try pinging dual-stack host from LAN network, IPv4 responds, IPv6 does not.
9. Reboot pfSense.
10. Still no IPv6 on LAN. Try host on GUEST, no IPv6 there either.
11. It's late, I go to sleep.
12. 6 hours later, tried connecting from different host on LAN, hoping something might have worked itself out overnight... still no IPv6 connectivity.
13. I can ping IPv6 from pfSense, even from LAN interface (didn't try from GUEST), so routing seems to be fine.

WAN requests and receives a /60 from ISP via DHCP-PD.
LAN interface is configured to track WAN, using prefix ID 0. LAN RA is managed, DHCPv6 configured (::1000-::1FFF).
GUEST interface is configured to track WAN, using prefix ID 5. GUEST RA is assisted, DHCPv6 configured (::1000-::1FFF).

Possible radvd issue? I didn't see anything unusual in the Services widget... maybe its config got borked somehow?

Separately, the fact that after making a change (or not) to interface settings in step 2 and applying them in step 3 caused the IPv6 address to disappear from an interface seems unusual. I think that should be checked out as well, but after figuring out what has caused both of my networks to lose IPv6 connectivity.

Any chance someone could try and duplicate this and see if it happens for them? :)

Offline cmb

  • Hero Member
  • *****
  • Posts: 11228
  • Karma: +894/-7
    • View Profile
    • Chris Buechler
Re: Lost IPv6 connectivity from hosts
« Reply #1 on: March 02, 2016, 05:43:04 pm »
Save and apply changes on interfaces.php for a track6 interface does indeed remove the IPv6 IP from that interface. A save and apply on the interface it's tracking brings it back. Definitely an issue there, looking into it.

Always comes back fine after a reboot though, and after a save and apply on the WAN it's tracking.

When you're in a circumstance where Status>Interfaces shows IPv6 IPs on your LAN/GUEST but your LAN hosts have no v6, is radvd running? Does your /var/etc/radvd.conf contain entries for both interfaces?

Offline cmb

  • Hero Member
  • *****
  • Posts: 11228
  • Karma: +894/-7
    • View Profile
    • Chris Buechler
Re: Lost IPv6 connectivity from hosts
« Reply #2 on: March 02, 2016, 08:35:41 pm »
https://redmine.pfsense.org/issues/5945
that much should be fixed.

The rest, not seeing any apparent issues.

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 559
  • Karma: +74/-4
    • View Profile
Re: Lost IPv6 connectivity from hosts
« Reply #3 on: March 02, 2016, 10:29:40 pm »
Something must've fixed itself today while I was at work, as IPv6 is working great now. But I'm glad to see a ticket on the IPv6 loss on interface setting change.

radvd was working just fine last night when I didn't have IPv6 connectivity... it was started and running according to the Services widget on the dashboard. Both interfaces are certainly in the radvd.conf now, don't know if they were last night or this morning though.

Offline cmb

  • Hero Member
  • *****
  • Posts: 11228
  • Karma: +894/-7
    • View Profile
    • Chris Buechler
Re: Lost IPv6 connectivity from hosts
« Reply #4 on: March 02, 2016, 10:54:45 pm »
Not seeing any issues outside of the one thing I fixed there earlier.

You know if the hosts had an IPv6 IP on them at the time it wasn't working? If so, what did a traceroute6 from a client to something on the Internet look like?

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 559
  • Karma: +74/-4
    • View Profile
Re: Lost IPv6 connectivity from hosts
« Reply #5 on: March 02, 2016, 11:01:23 pm »
On the LAN, the hosts did, yes... it would've been from DHCPv6 though, as the LAN RA is managed.

On GUEST, the one host I have connected to that network also had an address, and it was also DHCPv6, though the RA on that network is Assisted.

I might try and see if I can break it again tomorrow... though with your fixing the interface setting address loss issue, that might be harder now. :)

Offline cmb

  • Hero Member
  • *****
  • Posts: 11228
  • Karma: +894/-7
    • View Profile
    • Chris Buechler
Re: Lost IPv6 connectivity from hosts
« Reply #6 on: March 03, 2016, 01:40:25 am »
Yeah I'm wondering if the fact the IP was disappearing off the interface made the clients deprecate that IPv6 subnet, and some clients don't recover from that circumstance without a reboot. Not entirely sure whether it's still the case on Windows today, but it used to be and was something I saw at least semi-recently. Other OSes might have similar issues in such circumstances.

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 559
  • Karma: +74/-4
    • View Profile
Re: Lost IPv6 connectivity from hosts
« Reply #7 on: March 03, 2016, 03:23:44 pm »
So... I updated to the latest snap when I got home... And here's the sequence of events...

1. pfSense booted, IPv6 addresses appeared for all interfaces on console
2. Logged into GUI, IPv6 addresses appeared for all interfaces in the widget FOR A MOMENT
3. IPv6 addresses then disappeared from the interfaces, and all IPv6 connectivity was lost.

I focused on something else first (DHCPv6), then when I was done with that, went back to the dashboard and the IPv6 addresses reappeared for the interfaces. However, I still don't have any IPv6 connectivity. radvd is running.

Just now, I went back to my GUI tab, went to go ping my dual-stack VPS, and it didn't ping IPv6 on either the WAN or LAN interfaces. I went back to the dashboard again, and now the IPv6 addresses are gone from the interfaces.

edit to add: It looks like I'm seeing constant system log entries regarding interfaces and IP addresses...
Code: [Select]
Mar 3 16:31:45 php-fpm 74061 /rc.newwanipv6: rc.newwanipv6: Info: starting on igb0.
Mar 3 16:31:45 php-fpm 74061 /rc.newwanipv6: rc.newwanipv6: No IPv6 address found for interface WAN [wan].
Mar 3 16:31:56 php-fpm 74061 /rc.newwanipv6: rc.newwanipv6: Info: starting on igb0.
Mar 3 16:31:56 php-fpm 74061 /rc.newwanipv6: rc.newwanipv6: on (IP address: 2001:558:xxxx:xx:xxxx:xxxx:2057:e7e7) (interface: wan) (real interface: igb0).
Mar 3 16:32:05 php-fpm 74061 /rc.newwanipv6: ROUTING: setting default route to 73.148.12.1
Mar 3 16:32:05 php-fpm 74061 /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::xxx:xxff:fexx:xxxx%igb0
Mar 3 16:32:05 php-fpm 74061 /rc.newwanipv6: Removing static route for monitor 68.86.175.41 and adding a new route through 73.148.12.1
Mar 3 16:32:05 php-fpm 74061 /rc.newwanipv6: Removing static route for monitor 2001:558:182:57::1 and adding a new route through fe80::xxx:xxff:fexx:xxxx
Mar 3 16:32:05 check_reload_status Reloading filter
Mar 3 16:32:05 php-fpm 25759 /rc.newwanipv6: rc.newwanipv6: Info: starting on igb0.
Mar 3 16:32:05 php-fpm 25759 /rc.newwanipv6: rc.newwanipv6: No IPv6 address found for interface WAN [wan].
Mar 3 16:32:06 xinetd 32378 Starting reconfiguration
Mar 3 16:32:06 xinetd 32378 Swapping defaults
Mar 3 16:32:06 xinetd 32378 readjusting service 6969-udp
Mar 3 16:32:06 xinetd 32378 Reconfigured: new=0 old=1 dropped=0 (services)
Mar 3 16:32:07 check_reload_status updating dyndns WAN_DHCP6
Mar 3 16:32:07 check_reload_status Restarting ipsec tunnels
Mar 3 16:32:07 check_reload_status Restarting OpenVPN tunnels/interfaces
Mar 3 16:32:07 check_reload_status Reloading filter
Mar 3 16:32:08 php-fpm 61771 /rc.dyndns.update: phpDynDNS (home.domain.com): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
Mar 3 16:32:08 xinetd 32378 Starting reconfiguration
Mar 3 16:32:08 xinetd 32378 Swapping defaults
Mar 3 16:32:08 xinetd 32378 readjusting service 6969-udp
Mar 3 16:32:08 xinetd 32378 Reconfigured: new=0 old=1 dropped=0 (services)
Mar 3 16:32:10 php-fpm 61771 /rc.dyndns.update: Dynamic DNS (home.domain.com) There was an error trying to determine the public IP for interface - wan (igb0 ).
« Last Edit: March 03, 2016, 03:35:25 pm by virgiliomi »

Offline cmb

  • Hero Member
  • *****
  • Posts: 11228
  • Karma: +894/-7
    • View Profile
    • Chris Buechler
Re: Lost IPv6 connectivity from hosts
« Reply #8 on: March 03, 2016, 03:38:17 pm »
gitsync after upgrading to the latest snapshot, I ended up having to revert back the earlier change in this thread.

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 559
  • Karma: +74/-4
    • View Profile
Re: Lost IPv6 connectivity from hosts
« Reply #9 on: March 03, 2016, 03:53:56 pm »
IPv6 addresses have returned after the Gitsync... then I had to save/apply on WAN before anything actually worked.