OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: mbosner on February 25, 2018, 01:19:38 am

Title: Problems with IPv6 address delegation
Post by: mbosner on February 25, 2018, 01:19:38 am
Hello,

i am lost with my IPv6 configuration and i need help.

I use PPPoE with IPv6 over IPv4 and i already have a working IPv6 connection but the clients in my LAN don't get an IPv6 address. PPPoE does work for IPv4 and IPv6 over IPv4 does work with the following config:

PPPoE Configuration
IPv4 Configuration Type: PPPoE
IPv6 Configuration Type: DHCPv6

Send IPv6 prefix hint: True
Directly send SOLICIT: True
Use IPv4 connectivity: True


LAN Configuration
IPv4: Static IPv4
IPv6: Track Interface

Track IPv6 Interface
IPv6 Interface: PPPoE Interface
IPv6 Prefix ID: 0


PPPoE Interface
pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492
   inet6 fe80::82ee:73ff:febd:b4a7%pppoe0 prefixlen 64 scopeid 0x9
   inet6 XXXX:4540:6500:99::93 prefixlen 128
   inet XX.59.202.4 --> XX.46.104.101  netmask 0xffffffff
   nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

LAN Interface
igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   options=6507bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
   ether 80:ee:73:bd:xy:xy
   hwaddr 80:ee:73:bd:xy:xy
   inet 192.168.40.1 netmask 0xffffff00 broadcast 192.168.40.255
   inet6 XXXX:4540:6537:3700:82ee:73ff:febd:b4a7 prefixlen 56
   inet6 fe80::1:1%igb0 prefixlen 64 scopeid 0x1
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   media: Ethernet autoselect (1000baseT <full-duplex>)
   status: active

Any ideas what might be wrong or what i am missing?

Cheers
Title: Re: Problems with IPv6 address delegation
Post by: elektroinside on February 25, 2018, 12:00:35 pm
Looks fine by me. Is the IPv6 test failing on the clients?
https://test-ipv6.com

Have you set any values (regardless of their validity) for MTU/MSS for the WAN interface? If so, delete them, reboot your OPNsense box and release/renew IPs on your clients (or just reboot them as well).
Title: Re: Problems with IPv6 address delegation
Post by: mbosner on February 25, 2018, 12:28:29 pm
I get 0/10 points.

"No IPv6 address detected"

I have windows 10, android, MacOS and other Client devices - and none is getting a IPv6 address.

I did not set MSS, MTU or anything else :(

I already rebooted all devices including APs and switches. I will try to grab the communication between the router and a new network device.
Title: Re: Problems with IPv6 address delegation
Post by: mbosner on February 25, 2018, 12:48:52 pm
Here is a tcpdump on the opnsense for an android device joining the network. I just disabled wifi for some seconds.

Code: [Select]
12:35:46.898019 8c:f5:a3:dd:21:8f (oui Unknown) > Broadcast Null Supervisory, Receiver not Ready, rcv seq 64, Flags [Poll], length 46
12:35:47.026746 IP6 :: > ff02::1:ffdd:218f: ICMP6, neighbor solicitation, who has fe80::8ef5:a3ff:fedd:218f, length 24
12:35:47.032673 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
12:35:47.111555 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 8c:f5:a3:dd:21:8f (oui Unknown), length 300
12:35:47.111665 IP router.fqdn.de > Android-S8.fqdn.de: ICMP echo request, id 60646, seq 0, length 28
12:35:47.825621 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
12:35:48.025461 IP6 fe80::8ef5:a3ff:fedd:218f > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
12:35:48.039566 IP6 fe80::8ef5:a3ff:fedd:218f > ff02::2: ICMP6, router solicitation, length 16
12:35:48.124603 IP router.fqdn.de.bootps > Android-S8.fqdn.de.bootpc: BOOTP/DHCP, Reply, length 300
12:35:48.218542 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 8c:f5:a3:dd:21:8f (oui Unknown), length 300
12:35:48.218629 IP router.fqdn.de.bootps > Android-S8.fqdn.de.bootpc: BOOTP/DHCP, Reply, length 300
12:35:48.857400 IP6 fe80::8ef5:a3ff:fedd:218f > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
12:35:48.938315 IP 10.148.31.146 > 239.255.255.250: igmp v2 report 239.255.255.250
12:35:50.284678 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 8c:f5:a3:dd:21:8f (oui Unknown), length 300
12:35:50.284830 IP router.fqdn.de.bootps > Android-S8.fqdn.de.bootpc: BOOTP/DHCP, Reply, length 300
12:35:52.001573 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 8c:f5:a3:dd:21:8f (oui Unknown), length 312
12:35:52.001957 IP router.fqdn.de.bootps > Android-S8.fqdn.de.bootpc: BOOTP/DHCP, Reply, length 300
12:35:52.524460 ARP, Request who-has router.fqdn.de tell Android-S8.fqdn.de, length 46
12:35:52.524468 ARP, Reply router.fqdn.de is-at 80:ee:73:bd:xy:xy (oui Unknown), length 28
12:35:52.644339 IP6 fe80::8ef5:a3ff:fedd:218f > ff02::1:ffbd:b4a7: ICMP6, neighbor solicitation, who has router.fqdn.de, length 32
12:35:52.644375 IP6 fe80::1:1 > fe80::8ef5:a3ff:fedd:218f: ICMP6, neighbor advertisement, tgt is router.fqdn.de, length 32
12:35:52.652968 IP6 fe80::8ef5:a3ff:fedd:218f.38168 > router.fqdn.de.domain: 29515+ A? connectivitycheck.gstatic.com. (47)
12:35:52.661989 ARP, Request who-has router.fqdn.de tell Android-S8.fqdn.de, length 46
12:35:52.661995 ARP, Reply router.fqdn.de is-at 80:ee:73:bd:xy:xy (oui Unknown), length 28
12:35:52.666595 IP Android-S8.fqdn.de.38800 > router.fqdn.de.domain: 56469+ A? connectivitycheck.gstatic.com. (47)
12:35:52.666650 IP router.fqdn.de.domain > Android-S8.fqdn.de.38800: 56469 1/0/0 A 172.217.16.67 (63)
12:35:52.667309 IP6 fe80::8ef5:a3ff:fedd:218f.49689 > router.fqdn.de.domain: 46743+ A? connectivitycheck.gstatic.com. (47)
12:35:52.669946 IP Android-S8.fqdn.de.40633 > router.fqdn.de.domain: 53649+ A? connectivitycheck.gstatic.com. (47)
12:35:52.669989 IP router.fqdn.de.domain > Android-S8.fqdn.de.40633: 53649 1/0/0 A 172.217.16.67 (63)
12:35:52.927973 IP6 fe80::8ef5:a3ff:fedd:218f.51664 > router.fqdn.de.domain: 58661+ AAAA? www.google.com. (32)
12:35:52.927975 IP6 fe80::8ef5:a3ff:fedd:218f.58437 > router.fqdn.de.domain: 41128+ AAAA? connectivitycheck.gstatic.com. (47)
Title: Re: Problems with IPv6 address delegation
Post by: marjohn56 on February 25, 2018, 03:21:56 pm
I had some issues trying to reproduce your problem. I could not get opnsense to issue an address either. Now, my primary router works fine, that uses statics but the issue I had was with my secondary test router where it just refused to issue an address - but I could not see a reason for it, everything that should be running was and nothing appeared to be blocked or otherwise.

As my test router is just that, and subject to all sorts of things happening with me messing about I decided to do a clean install.. did that, now everything is working perfectly, which leaves me a little baffled.

If you can, try a clean install and see if that helps.
Title: Re: Problems with IPv6 address delegation
Post by: mbosner on February 25, 2018, 03:32:24 pm
I will do that.
Title: Re: Problems with IPv6 address delegation
Post by: mbosner on February 25, 2018, 07:28:48 pm
I just installed a fresh 18.1 and only configured PPPoE and IPv6 over IPv4. No change so far :(

The router has a IPv6 address on both interfaces and can ping6 google.com but the LAN Clients dont get an IPv6 address.

Since my default GW is a private IPv6 route i tried the "only request a prefix" but this did not help (the WAN interface does not get an public IPv6 address but everything else works).

Help!
Title: Re: Problems with IPv6 address delegation
Post by: marjohn56 on February 25, 2018, 09:04:18 pm
So you are showing a global ipv6 address on the LAN of pfsense and what size is the prefix?
Title: Re: Problems with IPv6 address delegation
Post by: mbosner on February 25, 2018, 09:45:57 pm
yes, ifconfig (LAN interface):

inet6 XXXX:4540:6522:f00:82ee:73ff:febd:b4a7 prefixlen 56
Title: Re: Problems with IPv6 address delegation
Post by: marjohn56 on February 25, 2018, 10:29:48 pm
You posted earlier this:

Track IPv6 Interface
IPv6 Interface: PPPoE Interface
IPv6 Prefix ID: 0

Does it really allow you to select PPPoE interface, it should just be WAN
Title: Re: Problems with IPv6 address delegation
Post by: mbosner on February 25, 2018, 11:43:23 pm
No. Well.

Selected is "WAN" - so no that is not the PPPoE Interface. See the attached screenshots.
Title: Re: Problems with IPv6 address delegation
Post by: mbosner on February 26, 2018, 02:34:04 am
It "suddenly" started working. I will compare the config backups later. Thank you for your support.