OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: posixbofh on October 14, 2018, 06:29:37 pm

Title: Hosts behind LAN cannot get ipv6 addresses
Post by: posixbofh on October 14, 2018, 06:29:37 pm
Greetings,

Comcast residential user here migrating from pfsense.  (The pfsense box is still up and running, just in case.  It was able to provide full ipv6 connectivity.) My ISP only supports a very basic IPv6 setup (dhcp6 + track interface).  I am able to get an ipv6 WAN address and a /64 prefix.  The LAN interface gets auto-assigned an ipv6 address from that prefix.

However, client devices are unable to negotiate an address.  I'm not seeing router advertisements in my LAN network, but I am seeing router solicitation (ICMPv6 133) from my clients.  Observing pflog0, those solicitations are received by the LAN address.  No response is sent.

I've checked /var/etc/radvd.conf and it looks good to me.  radvd is indeed running and recently restarted.  (Replaced some octets with dead beef for posting purposes)

Code: [Select]
interface igb1 {
        AdvSendAdvert on;
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;
        AdvLinkMTU 1500;
        AdvOtherConfigFlag on;
        prefix 2601:602:dead:beef::/64 {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
        };
        RDNSS 2601:602:dead:beef:a236:aaaa:bbbb:7c59 { };
        DNSSL house.local { };
};

I've also created firewalls to pass all ICMPv6 traffic on WAN/LAN for debugging purposes.  As well as a rule to allow port 546/547 udp.  Still, no valid ipv6 addresses are given out to LAN clients.

Any help will be greatly appreciated.  Thanks in advance!
Title: Re: Hosts behind LAN cannot get ipv6 addresses
Post by: marjohn56 on October 15, 2018, 04:17:26 pm
Does the LAN interface show a valid IPv6 address and is dhcpd6 showing running too?


Title: Re: Hosts behind LAN cannot get ipv6 addresses
Post by: posixbofh on October 16, 2018, 03:29:05 am
Does the LAN interface show a valid IPv6 address and is dhcpd6 showing running too?

Hey Marjohn, thanks for the reply.  Yes, I do see a valid ipv6 address on the opnsense LAN interface and I do see a ipv6 dhcpd running.

Code: [Select]
root@blah:~ # pgrep -fla dhcpd
24034 /usr/local/sbin/dhcpleases6 -c /usr/local/sbin/configctl dhcpd update prefixes -l /var/dhcpd/var/db/dhcpd6.leases
23728 /usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid igb1
86320 /usr/local/sbin/dhcpd -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid igb1
13345 /usr/local/sbin/syslogd -s -c -c -P /var/run/syslog.pid -l /var/dhcpd/var/run/log -f /var/etc/syslog.conf

Code: [Select]
root@blah:~ # ifconfig igb1
igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6407bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether a0:36:9f:00:00:00
        hwaddr a0:36:9f:00:00:00
        inet 10.1.1.1 netmask 0xffffff00 broadcast 10.1.1.255
        inet6 2601:602:dead:beef:a236:aaaa:bbbb:7c59 prefixlen 64
        inet6 fe80::1:1%igb1 prefixlen 64 duplicated scopeid 0x2
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
Title: Re: Hosts behind LAN cannot get ipv6 addresses
Post by: posixbofh on October 16, 2018, 03:44:33 am
D'oh.  I self-solved the issue.  OPNSense was not sending RAs because the pfsense box on the same network was still sending RAs, even though it didn't have a prefix from which to allocate.
Title: Re: Hosts behind LAN cannot get ipv6 addresses
Post by: marjohn56 on October 16, 2018, 08:27:04 am
Naughty pfsense... :)