The pfSense Store

Author Topic: Comcast native ipv6 for network devices.  (Read 13473 times)

0 Members and 1 Guest are viewing this topic.

Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #15 on: June 18, 2012, 01:27:06 pm »
Yeah, that screenshot looks healthy.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #16 on: June 19, 2012, 02:51:00 pm »
Yeah more than willing to give access to take a look..  Just PM me when would be good time for you to access, and I can send you the info to remote in.

I have got a comcast guy on another forum checking for sure if should be available in my area.

As to screen shots and what em -- they might of swapped because I was using 2 different vms in testing this.  I had a clean vm that wasn't working and then was playing with it again on my normal vm.  So those 2 vms might be swapped for which em is wan and which is lan, etc.  Would have to double check that.

edit:
So if you see in the screenshots I posted I was getting Ips -- but just couldn't get anywhere, I didn't see a default route for ipv6.  But looking forward to your PM on your schedule - I should be available tonight, few hours from now to switch it over to my clean install with no tunnel setup -- can let you in for sure to take a look.  Would really really appreciate that!

If you have time now I could remotely turn on remote access and let you in to current setup with HE tunnel setup, etc.  And you could play with that.  Don't care too much if you break the tunnel setup.  Doesn't matter if loose the tunnel that is currently setup, would like to go native anyway ;)

edit2:  Got your PM, thanks once I hear back from the comcast guy that its suppose to be there I will let you know.  But what I am thinking is it's not there yet?

So this is my normal vm, I turned off the HE tunnel.  Updated to the latest and greatest snap

2.1-BETA0 (i386)
built on Tue Jun 19 20:53:56 EDT 2012
FreeBSD 8.3-RELEASE-p3

I then run gitsysnc this morning to be sure.  Deleted my HE tunnel stuff, set wan to dhcp6, prefix delegation 64.  Then set Lan to track and 0 for prefix ID.  Rebooted.

As you can see from screenshot I get a /128 and shows a /64 on my lan.. But just don't get a route out on ipv6 -- so I have highlighted that yes my wan is em1, and let a tcpdump -i em1 -vv ip6 run for like 5 minutes or so and just don't see anything!  I should be seeing RA should I not?  There should be some in a 5 minute period I would think ;)

So my guess is something is not turned on at my isp for native to work yet for me.  Once I hear back from the comcast guy on another forum that is checking with my modem mac and still nothing working I will let you know and more than happy to let you in.  Happy to let you in now if you want.



« Last Edit: June 20, 2012, 07:39:16 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #17 on: June 20, 2012, 07:40:23 am »
I edited my last post, but does not seem to have bumped the time on the thread.  So bumpity bump ;)
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html

Offline whfsdude

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #18 on: June 20, 2012, 10:34:47 am »
johnpoz,

Reach out in the Comcast forums on dslreports.com. It looks like they've set up DHCPv6 without RA. Just checking though, you've got a DOCSIS3 modem, right?

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #19 on: June 20, 2012, 10:43:44 am »
Yup SB6120, and have PM out to netdog on that site, he responded already once - but seems I only game him the CMTS-MAC, when he needed the CM-MAC?  So now I have sent him everything I could see from the modem with any sort of mac in it ;)

I thought he would need the CMTS-MAC to see if ipv6 was enabled on my connection, this is what my modem connects too right?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html

Offline whfsdude

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #20 on: June 20, 2012, 11:55:57 am »
Yup SB6120, and have PM out to netdog on that site, he responded already once - but seems I only game him the CMTS-MAC, when he needed the CM-MAC?  So now I have sent him everything I could see from the modem with any sort of mac in it ;)

I thought he would need the CMTS-MAC to see if ipv6 was enabled on my connection, this is what my modem connects too right?

Ha! He actually plucked my IPv6 from a forum posting and looked me up. Told me to kick my modem so I could grab 3 x upstream.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #21 on: June 20, 2012, 01:38:04 pm »
I also posted all my info in the comcast direct forum on that site.

Well post back what I hear, but yeah it seems like just no RAs.  If comcast comes back and says it should be working, I have remote access setup for databeestje already and have PM'd him the info.

I did notice your nick on that forum as well.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #22 on: June 20, 2012, 01:58:42 pm »
Ok databeestje got into my box, and he mentioned that my VM is not set to promiscuous on the switch the pfsense wan interface is connected to. Would block NDS.

So I changed that



But still not working, ran this command

 rtsol -DF em1
checking if em1 is ready...
em1 is ready
set timer for em1 to 0:624884
New timer is 0:00624811
New timer is 0:00004311
timer expiration on em1, state = 1
send RS on em1, whose state is 2
set timer for em1 to 4:0
New timer is 4:00002585
timer expiration on em1, state = 2
send RS on em1, whose state is 2
set timer for em1 to 4:0
New timer is 4:00000173
received RA from fe80::250:56ff:fe00:2 on an unexpected IF(em0)
New timer is 0:00779783
timer expiration on em1, state = 2
send RS on em1, whose state is 2
set timer for em1 to 1:0
New timer is 1:00000259
timer expiration on em1, state = 2
No answer after sending 3 RSs
stop timer for em1
there is no timer

So unless have to restart the esxi box?  To allow the switch setting to take effect, seems like no RAs

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #23 on: June 20, 2012, 03:18:28 pm »
so I heard back from netdog

8m : 2012-06-20 15:33:59 : From NetDog See Profile   delete mark-unread keep
The CMTS your on supports IPv6 and I can see leases going out to other customers on the DHCP server.

but I responded back to him that not seeing any RAs and no default route.

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #24 on: June 20, 2012, 03:41:02 pm »
so I did a gitsync since I saw that wrong RA commit, and then hit save on my wan and its working from the router now.

Internet6:
Destination                       Gateway                       Flags      Netif Expire
default                           fe80::201:5cff:fe31:da01%em1  UGS         em1
::1                               ::1                           UH          lo0
2001:558:6033:12c:585b:3619:66ef:e1b1 link#2                        UHS         lo0
2601:d:8b80:2c::/64               link#1                        U           em0
2601:d:8b80:2c::1                 link#1                        UHS         lo0
2601:d:8b80:2c:250:56ff:fe00:2    link#1                        UHS         lo0
fe80::%em0/64                     link#1                        U           em0
fe80::1:1%em0                     link#1                        UHS         lo0
fe80::250:56ff:fe00:2%em0         link#1                        UHS         lo0
fe80::%em1/64                     link#2                        U           em1
fe80::250:56ff:fe00:1%em1         link#2                        UHS         lo0
fe80::%lo0/64                     link#6                        U           lo0
fe80::1%lo0                       link#6                        UHS         lo0
fe80::%ovpns1/64                  link#10                       U        ovpns1
fe80::250:56ff:fe00:2%ovpns1      link#10                       UHS         lo0
ff01::%em0/32                     fe80::250:56ff:fe00:2%em0     U           em0
ff01::%em1/32                     fe80::250:56ff:fe00:1%em1     U           em1
ff01::%lo0/32                     ::1                           U           lo0
ff01::%ovpns1/32                  fe80::250:56ff:fe00:2%ovpns1  U        ovpns1
ff02::%em0/32                     fe80::250:56ff:fe00:2%em0     U           em0
ff02::%em1/32                     fe80::250:56ff:fe00:1%em1     U           em1
ff02::%lo0/32                     ::1                           U           lo0
ff02::%ovpns1/32                  fe80::250:56ff:fe00:2%ovpns1  U        ovpns1
[2.1-BETA0][admin@pfsense.local.lan]/root(10): ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:558:6033:12c:585b:3619:66ef:e1b1 --> 2607:f8b0:400f:801::1013
16 bytes from 2607:f8b0:400f:801::1013, icmp_seq=0 hlim=55 time=36.524 ms
16 bytes from 2607:f8b0:400f:801::1013, icmp_seq=1 hlim=55 time=36.316 ms
16 bytes from 2607:f8b0:400f:801::1013, icmp_seq=2 hlim=55 time=36.014 ms
16 bytes from 2607:f8b0:400f:801::1013, icmp_seq=3 hlim=55 time=35.045 ms
16 bytes from 2607:f8b0:400f:801::1013, icmp_seq=4 hlim=55 time=35.084 ms
^C
--- ipv6.l.google.com ping6 statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 35.045/35.797/36.524/0.619 ms

[2.1-BETA0][admin@pfsense.local.lan]/root(11): traceroute6 ipv6.google.com
traceroute6 to ipv6.l.google.com (2607:f8b0:400f:801::1013) from 2001:558:6033:12c:585b:3619:66ef:e1b1, 64 hops max, 12 byte packets
 1  * * *
 2  te-1-2-ur07.mtprospect.il.chicago.comcast.net  13.203 ms  10.957 ms  9.458 ms
 3  te-1-2-0-5-ar01.elmhurst.il.chicago.comcast.net  13.770 ms  22.087 ms  26.169 ms
 4  pos-0-7-0-0-cr01.chicago.il.ibone.comcast.net  18.085 ms  18.121 ms  15.739 ms
 5  pos-1-8-0-0-cr01.350ecermak.il.ibone.comcast.net  17.688 ms  17.588 ms  15.752 ms
 6  pos-1-4-0-0-pe01.350ecermak.il.ibone.comcast.net  14.264 ms  13.737 ms  13.539 ms
 7  2001:559::382  14.099 ms  13.056 ms  12.680 ms
 8  2001:4860::1:0:3f7  12.781 ms
    2001:4860::1:0:92e  22.108 ms
    2001:4860::1:0:3f7  13.786 ms
 9  2001:4860::8:0:2fe9  13.781 ms  16.365 ms  13.853 ms
10  2001:4860::8:0:281d  50.876 ms
    2001:4860::8:0:281e  36.705 ms
    2001:4860::8:0:281d  35.046 ms
11  2001:4860::8:0:3426  35.580 ms  37.061 ms  36.148 ms
12  2001:4860::1:0:7a4  36.630 ms  36.996 ms  36.876 ms
13  2001:4860:0:1::593  38.282 ms  45.503 ms  35.759 ms
14  2607:f8b0:8000:1d::f  37.068 ms  37.603 ms  35.807 ms
[2.1-BETA0][admin@pfsense.local.lan]/root(12):

Have to see if can get a client going now.  But seems gateway widget is not working

WAN_DHCP6       Pending    Pending    Unknown

or

WAN_DHCP6    ~    ~    ~    Unknown
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #25 on: June 20, 2012, 03:53:52 pm »
spoke too soon.  Just did a reboot of pfsense, and now no route and

ping6 ipv6.google.com
ping6: UDP connect: No route to host

So is this something wrong with pfsense, or comcast just not sending RA's -- I have to guess no RA's since shouldn't I see them with a simple tcpdump?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html

Offline whfsdude

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #26 on: June 20, 2012, 06:14:34 pm »
tcpdump again.

you could technically avoid RA issues at this point by setting the default gw to default   fe80::201:5cff:fe31:da01%em1  UGS         em1

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #27 on: June 20, 2012, 07:49:45 pm »
That sure and the hell does not seem like a fix to me..  When it was working from pfsense, my clients were not working for starters.

A better fix would be to just go back to my tunnel ;)

And is it really common practice for my gateway to be linklocal?  Then why give my interface a global address??  Shouldn't I have a global gateway address to match up with my /128?

I just do not get why they can not just freaking hand out the gateway via dhcp??
« Last Edit: June 20, 2012, 07:58:19 pm by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html

Offline whfsdude

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #28 on: June 20, 2012, 08:28:51 pm »
That sure and the hell does not seem like a fix to me..  When it was working from pfsense, my clients were not working for starters.

How is it not a valid fix? Did you add the correct firewalls to pass v6 traffic?

Quote
A better fix would be to just go back to my tunnel ;)

Have you tried just installing a new build without any previous tunnel configuration?

Quote
And is it really common practice for my gateway to be linklocal?  Then why give my interface a global address??  Shouldn't I have a global gateway address to match up with my /128?

Yes.

Quote
I just do not get why they can not just freaking hand out the gateway via dhcp??
It's not. Worked out the box for me. You do realize that DHCPv6 doesn't have an option to hand out a gateway. ...that's why RA is used.

Edit: Maybe the best solution is plug a laptop directly into the modem and run tcpdump. You'll be able to verify RAs.
« Last Edit: June 20, 2012, 08:32:46 pm by whfsdude »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: Comcast native ipv6 for network devices.
« Reply #29 on: June 21, 2012, 12:25:40 am »
I am aware that dhcpv6 does not hand out gateway!  Just ranting here - don't understand why it was removed, why not leave it as an option?

Its not a fix, because setting a static gateway like that -- that might change is not a good idea!  If it was my network and knew it wasn't going to change then sure.  But I have no idea what comcast might do next week.

Plugging a box directly into my modem is a great idea, because what I can tell you is not seeing any RA's for sure currently.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html