Netgate SG-1000 microFirewall

Author Topic: 2.2.1: No IPv6 assigned to LAN anymore  (Read 9675 times)

0 Members and 1 Guest are viewing this topic.

Offline Majin3

  • Newbie
  • *
  • Posts: 3
  • Karma: +1/-0
    • View Profile
2.2.1: No IPv6 assigned to LAN anymore
« on: March 17, 2015, 04:28:57 pm »
After updating to 2.2.1, my pfSense setup no longer assigns IPv6 addresses on the LAN side.

pfSense itself works fine and can ping IPv6 hosts. Reverting to 2.2 restores IPv6.

WAN Interface configuration: DHCP6
- Send options: ia-pd 0, ia-na 0
- Non-Temporary Address Allocation checked
- Prefix Delegation checked
- custom DUID

LAN: Track Interface

dhcp6c and radvd are running.

A bug?


Solved. Just a configuration error, not 2.2.1 related.
« Last Edit: March 18, 2015, 04:47:26 pm by Majin3 »

Offline vajonam

  • Jr. Member
  • **
  • Posts: 31
  • Karma: +0/-0
    • View Profile
Re: 2.2.1: No IPv6 assigned to LAN anymore
« Reply #1 on: March 17, 2015, 04:34:20 pm »
Also noticed that post upgrade.

That ZMQ doesn't seem to be working

Code: [Select]
Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20121212/zmq.so' - Shared object "libpgm-5.2.so.0" not found, required by "libzmq.so.4" in Unknown on line 0

and

sudo doesn't work

Code: [Select]
$sudo
Shared object "libintl.so.9" not found, required by "sudo"

Not sure if this is related.

Offline mrhanman

  • Jr. Member
  • **
  • Posts: 36
  • Karma: +0/-0
    • View Profile
Re: 2.2.1: No IPv6 assigned to LAN anymore
« Reply #2 on: March 17, 2015, 04:47:13 pm »
I seem to have the same problem.  WAN gets an IPV6 address fine, but LAN does not.  This is with Comcast, if that is relevant.

WAN configuration is DHCP6, DHCPv6 Prefix Delegation size 60, and Send IPv6 prefix hint selected.  LAN is configured to Track Interface WAN.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4547
  • Karma: +181/-25
  • Debugging...
    • View Profile
Re: 2.2.1: No IPv6 assigned to LAN anymore
« Reply #3 on: March 17, 2015, 04:57:53 pm »
Must only effect native IPV6.  Tunnel brokers seem fine.

Offline cmb

  • Hero Member
  • *****
  • Posts: 11231
  • Karma: +878/-7
    • View Profile
    • Chris Buechler
Re: 2.2.1: No IPv6 assigned to LAN anymore
« Reply #4 on: March 17, 2015, 06:08:58 pm »
Must only effect native IPV6.

Definitely not native in general, seems only DHCPv6+PD related. I'm looking into it.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4547
  • Karma: +181/-25
  • Debugging...
    • View Profile
Re: 2.2.1: No IPv6 assigned to LAN anymore
« Reply #5 on: March 17, 2015, 06:13:46 pm »
That will affect everyone using Comcast and Time Warner Cable + IPV6 I guess?

Offline azzido

  • Full Member
  • ***
  • Posts: 130
  • Karma: +10/-1
    • View Profile
Re: 2.2.1: No IPv6 assigned to LAN anymore
« Reply #6 on: March 17, 2015, 06:18:55 pm »
This is affecting all DHCPv6+PD setups not just Comcast.

dhcp6c config file does not have pd entry in it:

Code: [Select]
interface vmx0 {
        send ia-na 0;   # request stateful address
        request domain-name-servers;
        request domain-name;
        script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };

Offline azzido

  • Full Member
  • ***
  • Posts: 130
  • Karma: +10/-1
    • View Profile
Re: 2.2.1: No IPv6 assigned to LAN anymore
« Reply #7 on: March 17, 2015, 06:30:56 pm »
Ignore my last post. Forgot that you need to apply WAN after you change LAN settings for DHCPv6+PD to work. Working fine here on AT&T.

dhcp6c config file:

Code: [Select]
interface vmx0 {
        send ia-na 0;   # request stateful address
        send ia-pd 0;   # request prefix delegation
        request domain-name-servers;
        request domain-name;
        script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
        prefix ::/64 infinity;
        prefix-interface vmx1_vlan10 {
                sla-id 0;
                sla-len 0;
        };
};

Guys who are having issues, can you post your dhcp6c config file: /var/etc/dhcp6c_wan.conf
It would also be helpful if you ran dhcp6c in debug mode and posted the output. In order to do that kill existing dhcp6c and execute "/usr/local/sbin/dhcp6c -f -d -D -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c_vmx0.pid vmx0" after replacing interface names in the command.

Offline Majin3

  • Newbie
  • *
  • Posts: 3
  • Karma: +1/-0
    • View Profile
Re: 2.2.1: No IPv6 assigned to LAN anymore
« Reply #8 on: March 18, 2015, 02:24:08 am »
Here's one of the broken setups:

/var/etc/dhcp6c_wan.conf:
Code: [Select]
interface em0 {
        send ia-pd 0;
        send ia-na 0;
        script "/var/etc/dhcp6c_wan_script.sh";
};
id-assoc na { };
id-assoc pd { };

/usr/local/sbin/dhcp6c -f -d -D -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c_em0.pid em0:
Code: [Select]
Mar/18/2015 08:07:35: extracted an existing DUID from /var/db/dhcp6c_duid: my:du:id
Mar/18/2015 08:07:35: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Mar/18/2015 08:07:35: failed initialize control message authentication
Mar/18/2015 08:07:35: skip opening control port
Mar/18/2015 08:07:35: <3>[interface] (9)
Mar/18/2015 08:07:35: <5>[em0] (3)
Mar/18/2015 08:07:35: <3>begin of closure [{] (1)
Mar/18/2015 08:07:35: <3>[send] (4)
Mar/18/2015 08:07:35: <3>[ia-pd] (5)
Mar/18/2015 08:07:35: <3>[0] (1)
Mar/18/2015 08:07:35: <3>end of sentence [;] (1)
Mar/18/2015 08:07:35: <3>[send] (4)
Mar/18/2015 08:07:35: <3>[ia-na] (5)
Mar/18/2015 08:07:35: <3>[0] (1)
Mar/18/2015 08:07:35: <3>end of sentence [;] (1)
Mar/18/2015 08:07:35: <3>[script] (6)
Mar/18/2015 08:07:35: <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
Mar/18/2015 08:07:35: <3>end of sentence [;] (1)
Mar/18/2015 08:07:35: <3>end of closure [}] (1)
Mar/18/2015 08:07:35: <3>end of sentence [;] (1)
Mar/18/2015 08:07:35: <3>[id-assoc] (8)
Mar/18/2015 08:07:35: <13>[na] (2)
Mar/18/2015 08:07:35: <13>begin of closure [{] (1)
Mar/18/2015 08:07:35: <3>end of closure [}] (1)
Mar/18/2015 08:07:35: <3>end of sentence [;] (1)
Mar/18/2015 08:07:35: <3>[id-assoc] (8)
Mar/18/2015 08:07:35: <13>[pd] (2)
Mar/18/2015 08:07:35: <13>begin of closure [{] (1)
Mar/18/2015 08:07:35: <3>end of closure [}] (1)
Mar/18/2015 08:07:35: <3>end of sentence [;] (1)
Mar/18/2015 08:07:35: called
Mar/18/2015 08:07:35: called
Mar/18/2015 08:07:35: reset a timer on em0, state=INIT, timeo=0, retrans=383
Mar/18/2015 08:07:35: a new XID (9b472d) is generated
Mar/18/2015 08:07:35: set client ID (len 10)
Mar/18/2015 08:07:35: set identity association
Mar/18/2015 08:07:35: set elapsed time (len 2)
Mar/18/2015 08:07:35: set IA_PD
Mar/18/2015 08:07:35: send solicit to ff02::1:2%em0
Mar/18/2015 08:07:35: reset a timer on em0, state=SOLICIT, timeo=0, retrans=1088
Mar/18/2015 08:07:35: receive advertise from ro:ut:er%em0 on em0
Mar/18/2015 08:07:35: get DHCP option identity association, len 40
Mar/18/2015 08:07:35:   IA_NA: ID=0, T1=3600, T2=7200
Mar/18/2015 08:07:35: get DHCP option IA address, len 24
Mar/18/2015 08:07:35:   IA_NA address: ip:bl:oc:k::1 pltime=4500 vltime=7200
Mar/18/2015 08:07:35: get DHCP option IA_PD, len 41
Mar/18/2015 08:07:35:   IA_PD: ID=0, T1=3600, T2=7200
Mar/18/2015 08:07:35: get DHCP option IA_PD prefix, len 25
Mar/18/2015 08:07:35:   IA_PD prefix: ip:bl:oc:k::/56 pltime=4500 vltime=34359745568
Mar/18/2015 08:07:35: get DHCP option client ID, len 10
Mar/18/2015 08:07:35:   DUID: my:du:id
Mar/18/2015 08:07:35: get DHCP option server ID, len 14
Mar/18/2015 08:07:35:   DUID: so:me:du:id
Mar/18/2015 08:07:35: get DHCP option preference, len 1
Mar/18/2015 08:07:35:   preference: 255
Mar/18/2015 08:07:35: server ID: so:me:id, pref=255
Mar/18/2015 08:07:35: a new XID (6a05d6) is generated
Mar/18/2015 08:07:35: set client ID (len 10)
Mar/18/2015 08:07:35: set server ID (len 14)
Mar/18/2015 08:07:35: set IA address
Mar/18/2015 08:07:35: set identity association
Mar/18/2015 08:07:35: set elapsed time (len 2)
Mar/18/2015 08:07:35: set IA_PD prefix
Mar/18/2015 08:07:35: set IA_PD
Mar/18/2015 08:07:35: send request to ff02::1:2%em0
Mar/18/2015 08:07:35: reset a timer on em0, state=REQUEST, timeo=0, retrans=977
Mar/18/2015 08:07:35: receive reply from ro:ut:er%em0 on em0
Mar/18/2015 08:07:35: get DHCP option identity association, len 40
Mar/18/2015 08:07:35:   IA_NA: ID=0, T1=3600, T2=7200
Mar/18/2015 08:07:35: get DHCP option IA address, len 24
Mar/18/2015 08:07:35:   IA_NA address: ip:bl:oc:k::1 pltime=4500 vltime=7200
Mar/18/2015 08:07:35: get DHCP option IA_PD, len 41
Mar/18/2015 08:07:35:   IA_PD: ID=0, T1=3600, T2=7200
Mar/18/2015 08:07:35: get DHCP option IA_PD prefix, len 25
Mar/18/2015 08:07:35:   IA_PD prefix: ip:bl:oc:k::/56 pltime=4500 vltime=34359745568
Mar/18/2015 08:07:35: get DHCP option client ID, len 10
Mar/18/2015 08:07:35:   DUID: my:du:id
Mar/18/2015 08:07:35: get DHCP option server ID, len 14
Mar/18/2015 08:07:35:   DUID: so:me:du:id
Mar/18/2015 08:07:35: get DHCP option preference, len 1
Mar/18/2015 08:07:35:   preference: 255
Mar/18/2015 08:07:35: make an IA: PD-0
Mar/18/2015 08:07:35: create a prefix ip:bl:oc:k::/56 pltime=140733193392532, vltime=140733193395232
Mar/18/2015 08:07:35: make an IA: NA-0
Mar/18/2015 08:07:35: create an address ip:bl:oc:k::1 pltime=4500, vltime=7200
Mar/18/2015 08:07:35: add an address ip:bl:oc:k::1/128 on em0
Mar/18/2015 08:07:35: executes /var/etc/dhcp6c_wan_script.sh
Mar/18/2015 08:07:40: script "/var/etc/dhcp6c_wan_script.sh" terminated
Mar/18/2015 08:07:40: removing an event on em0, state=REQUEST
Mar/18/2015 08:07:40: removing server (ID: so:me:id)
Mar/18/2015 08:07:40: got an expected reply, sleeping.

Offline maverick_slo

  • Hero Member
  • *****
  • Posts: 756
  • Karma: +31/-2
    • View Profile
Re: 2.2.1: No IPv6 assigned to LAN anymore
« Reply #9 on: March 18, 2015, 04:07:05 am »
Ah come on :)
I have native IPv6 and WAN (pppoe) and now after upgrade LAN cannot connect via IPv6 anymore.
Am I affected with same problem?

From LAN I can reach pfsense but I cannot reach internet.
From pfsense WAN (pppoe) I can reach internet via IPV6.
=??

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4547
  • Karma: +181/-25
  • Debugging...
    • View Profile
Re: 2.2.1: No IPv6 assigned to LAN anymore
« Reply #10 on: March 18, 2015, 04:33:37 am »
If you already did a reboot and its not working then, yes,  I'd imagine you are most likely affected.  I think you are the first to mention ppoe though.  Congratulations. 

Getting IPV6 on the WAN with DHCP?

Offline maverick_slo

  • Hero Member
  • *****
  • Posts: 756
  • Karma: +31/-2
    • View Profile
Re: 2.2.1: No IPv6 assigned to LAN anymore
« Reply #11 on: March 18, 2015, 05:05:41 am »
Yes, DHCPv6 PD, ip trough ipv4, do not request IP addr. and that`s it.
After upgrade and reboot PPPoE WAN can ping IPv6 internet but LAN does not come trough FW...

Offline dugeem

  • Newbie
  • *
  • Posts: 17
  • Karma: +4/-0
    • View Profile
Re: 2.2.1: No IPv6 assigned to LAN anymore
« Reply #12 on: March 18, 2015, 05:50:40 am »
Just to add to the mix ... My Internode (Australian ISP) IPv6 config is working fine using a tracked PPPoE WAN with DHCPv6 PD. An IPv6 address is correctly assigned to the LAN interface.

Interface IPv6 config
Use IPv4 connectivity -> Yes
Request only prefix -> Yes
DHCPv6 Prefix Delegation -> 56
Send IPv6 prefix hint -> No

/var/etc/dhcp6c_opt1.conf:
interface pppoe1 {
   send ia-pd 0;   # request prefix delegation
   request domain-name-servers;
   request domain-name;
   script "/var/etc/dhcp6c_opt1_script.sh"; # we'd like some nameservers please
};
id-assoc pd 0 {
   prefix-interface vr0 {
      sla-id 0;
      sla-len 8;
   };
};
« Last Edit: March 18, 2015, 05:56:07 am by dugeem »

Offline maverick_slo

  • Hero Member
  • *****
  • Posts: 756
  • Karma: +31/-2
    • View Profile
Re: 2.2.1: No IPv6 assigned to LAN anymore
« Reply #13 on: March 18, 2015, 07:19:42 am »
WebUI generates WRONG config file this is for sure.
WebUI generated:

Code: [Select]
interface pppoe0 {
 request domain-name-servers;
 request domain-name;
 script "/var/etc/dhcp6c_opt2_script.sh"; # we'd like some nameservers please
};

But is should be:
Code: [Select]
interface pppoe0 {
 send ia-pd 0; # request prefix delegation
 request domain-name-servers;
 request domain-name;
 script "/var/etc/dhcp6c_opt2_script.sh"; # we'd like some nameservers please
};
id-assoc pd 0 {
};

I created my own .conf file and specify it at DHCPv6, restarted PPPoE and it works.

Offline maverick_slo

  • Hero Member
  • *****
  • Posts: 756
  • Karma: +31/-2
    • View Profile
Re: 2.2.1: No IPv6 assigned to LAN anymore
« Reply #14 on: March 18, 2015, 07:36:47 am »
Or if I do this also works just fine (see image)