Hosts behind LAN cannot get ipv6 addresses

Started by posixbofh, October 14, 2018, 06:29:37 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 14, 2018, 06:29:37 PM Last Edit: October 14, 2018, 06:31:10 PM by posixbofh
Greetings,

Comcast residential user here migrating from pfsense.  (The pfsense box is still up and running, just in case.  It was able to provide full ipv6 connectivity.) My ISP only supports a very basic IPv6 setup (dhcp6 + track interface).  I am able to get an ipv6 WAN address and a /64 prefix.  The LAN interface gets auto-assigned an ipv6 address from that prefix.

However, client devices are unable to negotiate an address.  I'm not seeing router advertisements in my LAN network, but I am seeing router solicitation (ICMPv6 133) from my clients.  Observing pflog0, those solicitations are received by the LAN address.  No response is sent.

I've checked /var/etc/radvd.conf and it looks good to me.  radvd is indeed running and recently restarted.  (Replaced some octets with dead beef for posting purposes)

Code Select

interface igb1 {
        AdvSendAdvert on;
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;
        AdvLinkMTU 1500;
        AdvOtherConfigFlag on;
        prefix 2601:602:dead:beef::/64 {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
        };
        RDNSS 2601:602:dead:beef:a236:aaaa:bbbb:7c59 { };
        DNSSL house.local { };
};


I've also created firewalls to pass all ICMPv6 traffic on WAN/LAN for debugging purposes.  As well as a rule to allow port 546/547 udp.  Still, no valid ipv6 addresses are given out to LAN clients.

Any help will be greatly appreciated.  Thanks in advance!
October 15, 2018, 04:17:26 PM #1 Last Edit: October 15, 2018, 08:50:03 PM by marjohn56
Does the LAN interface show a valid IPv6 address and is dhcpd6 showing running too?


OPNsense 25.7a - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
October 16, 2018, 03:29:05 AM #2
Quote from: marjohn56 on October 15, 2018, 04:17:26 PM
Does the LAN interface show a valid IPv6 address and is dhcpd6 showing running too?

Hey Marjohn, thanks for the reply.  Yes, I do see a valid ipv6 address on the opnsense LAN interface and I do see a ipv6 dhcpd running.

Code Select
root@blah:~ # pgrep -fla dhcpd
24034 /usr/local/sbin/dhcpleases6 -c /usr/local/sbin/configctl dhcpd update prefixes -l /var/dhcpd/var/db/dhcpd6.leases
23728 /usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid igb1
86320 /usr/local/sbin/dhcpd -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid igb1
13345 /usr/local/sbin/syslogd -s -c -c -P /var/run/syslog.pid -l /var/dhcpd/var/run/log -f /var/etc/syslog.conf


Code Select
root@blah:~ # ifconfig igb1
igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6407bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether a0:36:9f:00:00:00
        hwaddr a0:36:9f:00:00:00
        inet 10.1.1.1 netmask 0xffffff00 broadcast 10.1.1.255
        inet6 2601:602:dead:beef:a236:aaaa:bbbb:7c59 prefixlen 64
        inet6 fe80::1:1%igb1 prefixlen 64 duplicated scopeid 0x2
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
October 16, 2018, 03:44:33 AM #3
D'oh.  I self-solved the issue.  OPNSense was not sending RAs because the pfsense box on the same network was still sending RAs, even though it didn't have a prefix from which to allocate.
October 16, 2018, 08:27:04 AM #4
Naughty pfsense... :)
OPNsense 25.7a - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
Print
Go Up Pages1
User actions