Netgate Store

Author Topic: IPv6 with track interface on LAN stopped working  (Read 371 times)

0 Members and 1 Guest are viewing this topic.

Offline mgittelman

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
IPv6 with track interface on LAN stopped working
« on: January 24, 2018, 10:46:50 am »
I built a new pfsense vm in vmware, got it working with WAN set to /56 and LAN set to track interface.  Everything worked great for a few weeks, until I decided to play around with more features like ramdisk.  After restarting pfsense for the 2nd time (after unchecking ramdisk again when I realized it was pointless) my LAN IPv6 address has disappeared.  I can ping out via ipv6 from the WAN, but of course none of the clients.  WAN connection only works when set to /56 so I think that's correct.  I tried restarting multiple times, disabling ipv6 completely for a day and letting it sit, then enabling again.

Per my ISP I have the following information, which seems to indicate and issue with pfsense:

"Your WAN address would be a /64 address.  The range for the delegated prefixes are:
2604:5500:c078:8100:: /56 and 2604:5500:c078:bf00:: /56  - For LAN addresses.

Here are the advertisements that are being sent out from the DHCPv6 server to you.  Note the Dynamic User ID that contains your MAC address.

Advertise NA: address 2604:5500:c078:8000::140 to client with duid 00:01:00:01:21:df:35:00:00:0c:29:4e:f2:c2 iaid = 0 valid for 31536000 seconds

Advertise PD: address 2604:5500:c078:bd00::/56 to client with duid 00:01:00:01:21:df:35:00:00:0c:29:4e:f2:c2 iaid = 0 valid for 31536000 seconds

SSH@core.410townsend#sho ipv6 neigh | i 294e.f2cc

285   2604:5500:c078:8000:20c:29ff:xxx:xxx  723  000c.294e.f2cc REACH  7     2/2                       1

387   fe80::20c:29ff:fe4e:f2cc                723  000c.294e.f2cc STALE  10    2/2                       1


Getting this in DHCP log on bootup:

Jan 24 10:00:48   dhcp6c   28299   Sending Solicit
Jan 24 10:00:44   dhcp6c   28299   Sending Solicit
Jan 24 10:00:42   dhcp6c   28299   Sending Solicit
Jan 24 10:00:41   dhcp6c   28299   Sending Solicit
Jan 24 10:00:40   dhcp6c   27988   skip opening control port
Jan 24 10:00:40   dhcp6c   27988   failed initialize control message authentication
Jan 24 10:00:40   dhcp6c   27988   failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory

Also, contents of /var/etc/dhcp6c_wan.conf are:

interface vmx1 {
   send ia-na 0;   # request stateful address
   send ia-pd 0;   # request prefix delegation
   request domain-name-servers;
   request domain-name;
   script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };

Per this thread:  https://www.reddit.com/r/PFSENSE/comments/68bj9e/most_dhcpv6_options_ignored/

Is that conf file supposed to be getting updated when I set LAN to track interface?
« Last Edit: January 24, 2018, 01:10:10 pm by mgittelman »

Offline mgittelman

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: IPv6 with track interface on LAN stopped working
« Reply #1 on: January 29, 2018, 11:05:36 am »
Noticed in the logs when I boot up, I'm getting the following every two minutes but then it stops after a while:

dhcp6c   27601   Sending Solicit


I assume this is pfsense asking for a prefix delegation from dhcp6?

If anyone has any thoughts would love to hear it.  ISP has been trying to work with me - they even rebuilt the ipv6 settings for my local switch which seemed to get me an address for a couple minutes, but then disappeared.

Offline mgittelman

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: IPv6 with track interface on LAN stopped working
« Reply #2 on: January 31, 2018, 10:34:24 pm »
Just in case it helps someone who might be able to help me, I'll include more info from my ISP since they've been nice enough to look pretty deeply into this for me:

Below I found a reference to a Release message from the Requesting Router.  I do not have specifics on what the Requesting Router returns when it uses the delegation (binding state active).

In referencing the RFC 3633 - IPv6 Prefix Options for DHCPv6 -  https://tools.ietf.org/html/rfc3633#section-10    Page 12;  3rd paragraph states:

"The requesting router uses a Release message to return a delegated prefix to a delegating router. The prefixes to be released MUST be included in the IA_PDs."

===========================================
 
I guess I had the LAN MAC already.  It is part of the DUID.  I have also included other information from the DHCPv6 server.  The advertisements and the binding state.  Currently the only binding state your PD has is RELEASED

Sho ipv6 neighbor
3     2604:5500:c078:8000:20c:29ff:fe4e:f2cc  723  000c.294e.f2cc STALE  2     2/2                       1
4     fe80::20c:29ff:fe4e:f2cc                             723  000c.294e.f2cc REACH  20    2/2                       1
====
From the DHCPv6 Server Logs:  (Same advertisements as previously are still being advertised.)
NA - Neighborhood Advertisement
PD - Prefix Delegation
 
Jan 31 18:51:46 dhcpv6-sf dhcpd[489]: Advertise NA: address 2604:5500:c078:8000::107 to client with duid 00:01:00:01:21:fa:d7:dc:00:0c:29:4e:f2:c2 iaid = 0 valid for 31536000 seconds

Jan 31 18:51:46 dhcpv6-sf dhcpd[489]: Advertise PD: address 2604:5500:c078:bd00::/56 to client with duid 00:01:00:01:21:fa:d7:dc:00:0c:29:4e:f2:c2 iaid = 0 valid for 31536000 seconds

Here is the Prefix Delegation Lease

ia-pd "\000\000\000\000\000\001\000\001!\372\327\334\000\014)N\362\302" {
  cltt 1 2018/01/29 04:16:58;
  iaprefix 2604:5500:c078:bd00::/56 {
    binding state released;
    preferred-life 19710000;
    max-life 31536000;
    ends 2 2019/01/29 04:13:38;
  }
}

The binding state is either active or released
===========================================

SO I also found this in the dhcpd6.leases file

If I search for the Network portion (What I placed in BOLD) of the Neighborhood Advertisement (NA) 2604:5500:c078:8000::107  The results are below:

ia-na "\245K\006@\000\003\000\001\220r@\006K\245" {
  cltt 1 2018/01/15 02:03:51;
  iaaddr 2604:5500:c078:8000::200 {
    binding state active;
    preferred-life 7200;
    max-life 31536000;
    ends 2 2019/01/15 02:03:51;
  }
}
--
ia-na "\000\000\000\000\000\001\000\001!\372\327\334\000\014)N\362\302" {
  cltt 1 2018/01/29 04:16:56;
  iaaddr 2604:5500:c078:8000::107 {
    binding state released;
    preferred-life 19710000;
    max-life 31536000;
    ends 2 2019/01/29 04:13:38;
  }
}

Notice that there are two listings.  The first is the announcment ending in ::200 and the second ending in ::107 which is advertised to your DUID 00:01:00:01:21:fa:d7:dc:00:0c:29:4e:f2:c2

According to all these findings.  The DHCPv6 server is announcing the delegations properly.  But it seems your router is not acknowledging (making the binding state active).  Notice the other delegation is active.