pfSense Gold Subscription

Author Topic: Odd IPv6 Issue  (Read 362 times)

0 Members and 1 Guest are viewing this topic.

Offline jamesonp

  • Jr. Member
  • **
  • Posts: 65
  • Karma: +7/-0
    • View Profile
Odd IPv6 Issue
« on: November 27, 2017, 04:49:34 pm »
I have Time Warner (now Spectrum).  The WAN interface has the DHCP6 option set for IPv6 Config Type and I have it set to request a /56 delegation size.  The WAN interface is assigned 2606:yyyy:xxxx:x:xxxx:xxxx:xxx:xxxx from TW.

I have four different VLANs which I've set the IPv6 config type to track the WAN interface.  Each of the four VLANs has a different prefix ID (0-3) and obtain a different IPv6 /64 range starting with 2606:yyyy.  I have the RA daemon for each VLAN set to advertise as Unmanaged with the router priority set as high.

Now here's the odd part.  IPv6 only works for a short time on each of the clients PCs when running an "ipconfig /renew6" as seen in this short video:

https://streamable.com/uksmx

Windows Firewall is off for testing purposes in the above video.

Now similarly, upon disconnecting an Android phone from the wireless and reconnecting it, the IPv6 works for a short time before reverting back to IPv4.

I can't for the life of me figure out what would be causing this behavior!  Thank you for your help.

Offline JKnott

  • Hero Member
  • *****
  • Posts: 984
  • Karma: +36/-4
    • View Profile
Re: Odd IPv6 Issue
« Reply #1 on: November 27, 2017, 05:37:22 pm »
Does pfSense maintain an IPv6 address?

BTW, why don't people ever have even issues?   ;)

Offline jamesonp

  • Jr. Member
  • **
  • Posts: 65
  • Karma: +7/-0
    • View Profile
Re: Odd IPv6 Issue
« Reply #2 on: November 27, 2017, 07:30:22 pm »
It does maintain an IP and can ping ipv6.google.com

Offline pmisch

  • Jr. Member
  • **
  • Posts: 89
  • Karma: +1/-0
    • View Profile
Re: Odd IPv6 Issue
« Reply #3 on: November 28, 2017, 11:41:56 am »
Might be a good idea to sniff with wireshark and have look at what messages you see from your router (router advertisements or answers to router discoveries). You might want to filter for ICMP6 packages.
Did you set the router lifetime in the RA settings on the firewall?

Offline jamesonp

  • Jr. Member
  • **
  • Posts: 65
  • Karma: +7/-0
    • View Profile
Re: Odd IPv6 Issue
« Reply #4 on: November 30, 2017, 02:24:33 am »
Might be a good idea to sniff with wireshark and have look at what messages you see from your router (router advertisements or answers to router discoveries). You might want to filter for ICMP6 packages.
Did you set the router lifetime in the RA settings on the firewall?

I changed the router lifetime to 1800 and still no change.  I ran Wireshark and didn't see anything abnormal with the RA messages.  Although I am new at reading these.  Maybe you could have a look:


RA

Code: [Select]
Frame 118915: 246 bytes on wire (1968 bits), 246 bytes captured (1968 bits) on interface 0
Ethernet II, Src: AdiEngin_xx:xx:xx (xx:xx:xx:xx:xx:xx), Dst: AsustekC_39:04:98 (xx:xx:xx:xx:xx:xx)
Internet Protocol Version 6, Src: fe80::1:1, Dst: fe80::e899:1dd9:b899:72ae
    0110 .... = Version: 6
    .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
    .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
    Payload Length: 192
    Next Header: ICMPv6 (58)
    Hop Limit: 255
    Source: fe80::1:1
    Destination: fe80::e899:1dd9:b899:72ae
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x6d13 [correct]
    [Checksum Status: Good]
    Cur hop limit: 64
    Flags: 0x08, Prf (Default Router Preference): High
    Router lifetime (s): 1800
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Prefix information : 2606:6000:xxxx:xxxx::/64)
        Type: Prefix information (3)
        Length: 4 (32 bytes)
        Prefix Length: 64
        Flag: 0xe0, On-link flag(L), Autonomous address-configuration flag(A), Router address flag(R)
        Valid Lifetime: 86400
        Preferred Lifetime: 14400
        Reserved
        Prefix: 2606:6000:xxxx:xxxx::
    ICMPv6 Option (Route Information : Medium ::/0)
        Type: Route Information (24)
        Length: 3 (24 bytes)
        Prefix Length: 0
        Flag: 0x00, Route Preference: Medium
        Route Lifetime: 60
        Prefix: ::
    ICMPv6 Option (Recursive DNS Server 2001:4860:4860::8888 2001:4860:4860::8844)
        Type: Recursive DNS Server (25)
        Length: 5 (40 bytes)
        Reserved
        Lifetime: 20
        Recursive DNS Servers: 2001:4860:4860::8888
        Recursive DNS Servers: 2001:4860:4860::8844
    ICMPv6 Option (DNS Search List Option home.internal.yyyy.com home.internal.yyyy.com)
        Type: DNS Search List Option (31)
        Length: 8 (64 bytes)
        Reserved
        Lifetime: 20
        Domain Names: home.internal.yyyy.com
        Domain Names: home.internal.yyyy.com
    ICMPv6 Option (MTU : 1500)
        Type: MTU (5)
        Length: 1 (8 bytes)
        Reserved
        MTU: 1500
    ICMPv6 Option (Source link-layer address : xx:xx:xx:xx:xx:xx)
        Type: Source link-layer address (1)
        Length: 1 (8 bytes)
        Link-layer address: AdiEngin_xx:xx:xx (xx:xx:xx:xx:xx:xx)

Offline jamesonp

  • Jr. Member
  • **
  • Posts: 65
  • Karma: +7/-0
    • View Profile
Re: Odd IPv6 Issue
« Reply #5 on: November 30, 2017, 02:53:37 am »
So I think I've identified the issue but I don't have any clue what would be causing it.  When I do an ipconfig /renew6, the default gateway of fe80::1:1%2 is added.  After approximately 1 minute, the default gateway is dropped and only the IPv4 gateway remains.

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2157
  • Karma: +166/-9
    • View Profile
Re: Odd IPv6 Issue
« Reply #6 on: November 30, 2017, 06:58:21 pm »
Just a wild shot : your device can actually "ICMP" pfSense ? (I guess without it a IPV6 ping reply  it will drop the gateway ...)

Offline jamesonp

  • Jr. Member
  • **
  • Posts: 65
  • Karma: +7/-0
    • View Profile
Re: Odd IPv6 Issue
« Reply #7 on: November 30, 2017, 11:40:16 pm »
Just a wild shot : your device can actually "ICMP" pfSense ? (I guess without it a IPV6 ping reply  it will drop the gateway ...)

The fe80::1:1 still is pingable and so is the actual IPv6 address after the fe80::1:1 gateway is dropped...I have no idea what the issue is!!!

Offline jamesonp

  • Jr. Member
  • **
  • Posts: 65
  • Karma: +7/-0
    • View Profile
Re: Odd IPv6 Issue
« Reply #8 on: December 02, 2017, 09:48:02 pm »
I keep getting this when starting radvd:

Code: [Select]
[Dec 02 19:44:36] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10
[Dec 02 19:44:36] radvd (87691): igb1.10 is up
[Dec 02 19:44:36] radvd (87691): igb1.10 is running
[Dec 02 19:44:36] radvd (87691): igb1.10 supports multicast
[Dec 02 19:44:36] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10
[Dec 02 19:44:36] radvd (87691): igb1.10 is up
[Dec 02 19:44:36] radvd (87691): igb1.10 is running
[Dec 02 19:44:36] radvd (87691): igb1.10 supports multicast
[Dec 02 19:44:36] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:44:39] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:44:42] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:44:45] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:44:48] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:44:51] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:44:52] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10
[Dec 02 19:44:52] radvd (87691): igb1.10 is up
[Dec 02 19:44:52] radvd (87691): igb1.10 is running
[Dec 02 19:44:52] radvd (87691): igb1.10 supports multicast
[Dec 02 19:44:54] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:44:57] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:00] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:06] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:08] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10
[Dec 02 19:45:08] radvd (87691): igb1.10 is up
[Dec 02 19:45:08] radvd (87691): igb1.10 is running
[Dec 02 19:45:08] radvd (87691): igb1.10 supports multicast
[Dec 02 19:45:09] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:12] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:15] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:18] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:21] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:24] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:27] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:30] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:33] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:36] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:36] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10
[Dec 02 19:45:36] radvd (87691): igb1.10 is up
[Dec 02 19:45:36] radvd (87691): igb1.10 is running
[Dec 02 19:45:36] radvd (87691): igb1.10 supports multicast
[Dec 02 19:45:39] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:41] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10
[Dec 02 19:45:41] radvd (87691): igb1.10 is up
[Dec 02 19:45:41] radvd (87691): igb1.10 is running
[Dec 02 19:45:41] radvd (87691): igb1.10 supports multicast
[Dec 02 19:45:42] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:45] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:48] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:51] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:53] radvd (87691): ioctl(SIOCGIFFLAGS) succeeded on igb1.10
[Dec 02 19:45:53] radvd (87691): igb1.10 is up
[Dec 02 19:45:53] radvd (87691): igb1.10 is running
[Dec 02 19:45:53] radvd (87691): igb1.10 supports multicast
[Dec 02 19:45:54] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:45:57] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:46:00] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1

Everytime I do a manual /renew6, the logs show:

Code: [Select]
[Dec 02 19:45:53] radvd (87691): igb1.10 is up
[Dec 02 19:45:53] radvd (87691): igb1.10 is running
[Dec 02 19:45:53] radvd (87691): igb1.10 supports multicast

Followed by this over and over again until the new /renew6:

Code: [Select]
[Dec 02 19:46:15] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:46:18] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:46:21] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:46:24] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1
[Dec 02 19:46:27] radvd (87691): igb0 received icmpv6 RS/RA packet on an unknown interface with index 1

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 545
  • Karma: +53/-2
    • View Profile
Re: Odd IPv6 Issue
« Reply #9 on: December 03, 2017, 04:04:27 am »
How is RADVD set up?
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline jamesonp

  • Jr. Member
  • **
  • Posts: 65
  • Karma: +7/-0
    • View Profile
Re: Odd IPv6 Issue
« Reply #10 on: December 07, 2017, 02:52:57 am »
Thanks for the replies.  The issue ended up being a bug with IGMP snooping on my Ubiquiti Edgeswitch.  Disabling IGMP snooping on the specific VLAN with unmanaged RAs set allowed the RAs to be broadcasted to the clients.