Unable to get DHCPv6 working on LAN side

Started by col360, November 21, 2018, 11:57:32 AM

Previous topic - Next topic
November 21, 2018, 11:57:32 AM Last Edit: November 29, 2018, 02:50:19 PM by col360
My ISP has started offering IPV6 and I'm trying it out. I am having an issue where I can't seem to start the DHCPv6 server an gets the log filled with below errors:
opnsense: /status_services.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid igb0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.4.1 Copyright 2004-2018 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpdv6.conf line 10: expecting a parameter or declaration authoritative; ^ Configuration file errors encountered -- exiting If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'
I don't have anything set int he DHCPv6 settings fore the LAn other than enabling it with " Enable DHCPv6 server on LAN interface".
The DHCP6 service simply refuse to start with above errors.

did you put in a prefix ID on the lan? Should use track interface for the lan and not dhcp


Did you configure the wan interface for dhcp and put a prefix delegation in?

One problem I found after 2 days of configuring was there were several extra gateways and when I deleted the extras and had only one for dhcp4 and only one for dhsp6 both made the default gateways everything fell into place and i now have it working for Spectrum.

I also added DNS for both dhcp4 and dhcp 6

November 21, 2018, 12:15:12 PM #2 Last Edit: November 21, 2018, 12:22:32 PM by GDixon
what worked for me was do the wan first

i used a 56 for prefix delegation and also enabled prefix hint

save and apply

on the lan I did track interface and 0 for the prefix id

save and apply

then reboot

IGNORE it if your gateway on the dashboard says offline for now and try the site. The offline dhcp6 can be dealt with after you have it all working and ignore whatever you have for addresses. some will be link local and some not.

after everything comes back up unplug your cat 5 or turn off the wireless on the system your using plug back in or turn on the wireless and got to http://www.kame.net/ and you should see the turttle moving. If not you may have to reset your modem, after it come up boot the OPN box then boot the system your on. Of course shut everything down first.

Make sure you have no extra gateways! thats what my major malfunction was.

IPv6 works for everything on my network now including the cell phones and 2 nas's


Also note that IPv6 only needs DHCP in exceptional circumstances. Most settings are set through multicast. Give RA a go if you get stuck.

Bart...

you need to explain a lot better than give ra a try

It seems most everything to do with IPv6 is exceptional as in exceptionally hard to get working.

Pick a /64 subnet from your ISP assigned range. Set the LAN interface to a static IPv6 address in that subnet.
Services, router advertisements, LAN. Unmanaged, high priority, advertise DG, DNS servers IPv6 of your (internal) DNS if you have it, with domain search list, tick RA, min/max 200/600 second.
Start the service, log into the shell, confirm all is well with radvdump. Set clients to SLAAC (usually default)

Done  8)

Bart...

Also, if you're not averse to spending a modest amount of cash, udemy has a few highly rated courses on IPv6. Disclaimer; I have no relationship with them, other than as a satisfied customer. ;-)

Bart...

I'm back to not getting an IPv6 WAN IP not sure if this is related  :(

Who is your ISP? There may be others here with the same provider.

Bart...

now theres 2 ways explained and it cost nothing but if you want Bart you can give me your money to spend :)

cryptic non explanations help nobody.

Col can you go to the kame project site and see the turtle moving even if it looks like you have no wan?

My wan looks like it has a fe LL address and my lan has a 2600 type.

by looking at what i see in my gateway it looks like no IPv6 also but it is there.

Gateways
Name RTT RTTd Loss Status
SPECTRUM_DHCP
90.59.64.1 7.2 ms 0.7 ms 0.0 % Online
SPECTRUM_DHCP6
fe80::2a3:d1ff:feed:7c19%em1 33.1 ms 1.7 ms 0.0 % Online

    Interfaces

  LAN 1000baseT <full-duplex> 192.168.10.1
2603:9090:e719:1600:215:17ff:fee8:97e0
  SPECTRUM 1000baseT <full-duplex> 96.59.119.50
2603:9090:ff00:e7:3c39:1679:317a:9099

November 29, 2018, 12:31:56 PM #12 Last Edit: November 29, 2018, 12:44:53 PM by col360
I'm with AussieBroadband no one on it with OpnSense have any success. Some report success with PFSense.

Already try the Kame and and the turtle not moving!

BTW I'm using IPoE with a bridged VDSL modem in front of OPNSense. If I plug my Windows laptop directly into the Bridged modem I get an IPV6 straight away without any effort!

Best I can do is get a link local address on the WAN interface fe80::20e:c4ff:fed0:48e2

Settings https://i.imgur.com/rXsH6ZP.png

The log says below

Nov 28 01:26:10 sshd[85727]: Received signal 15; terminating.
Nov 28 01:26:10 opnsense: /interfaces.php: Warning! services_radvd_configure(auto) found no suitable IPv6 address on igb0   
Nov 28 01:26:06 opnsense: /interfaces.php: ROUTING: skipping IPv6 default route   
Nov 28 01:26:06 opnsense: /interfaces.php: ROUTING: skipping IPv4 default route   
Nov 28 01:26:06 opnsense: /interfaces.php: ROUTING: no IPv6 default gateway set, assuming wan   Nov 28 01:26:06 opnsense: /interfaces.php: ROUTING: no IPv4 default gateway set, assuming wan   Nov 28 01:26:06 opnsense: /interfaces.php: ROUTING: entering configure using 'lan'   
Nov 28 01:26:06 opnsense: /interfaces.php: Warning! services_radvd_configure(auto) found no suitable IPv6 address on igb0   
Nov 28 01:26:04 opnsense: /interfaces.php: ROUTING: skipping IPv6 default route   
Nov 28 01:26:04 opnsense: /interfaces.php: ROUTING: keeping current default gateway '180.150.xxx.z'   
Nov 28 01:26:04 opnsense: /interfaces.php: ROUTING: setting IPv4 default route to 180.150.xxx.z

November 29, 2018, 01:33:08 PM #13 Last Edit: November 29, 2018, 02:14:57 PM by col360
igb1 is the WAN interface.
DHCP log looks like thisNov 27 18:17:27 gw1 dhcp6c[68673]: send solicit to ff02::1:2%igb1
Nov 27 18:17:27 gw1 dhcp6c[68673]: reset a timer on igb1, state=SOLICIT, timeo=4155, retrans=128388
Nov 27 18:18:09 gw1 dhcp6c[68673]: restarting
Nov 27 18:18:09 gw1 dhcp6c[68673]: removing an event on igb1, state=SOLICIT
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[interface] (9)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <5>[igb1] (4)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>begin of closure [{] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[send] (4)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[ia-pd] (5)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[0] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>comment [# request prefix delegation] (27)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[request] (7)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[domain-name-servers] (19)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[request] (7)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[domain-name] (11)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[script] (6)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>comment [# we'd like some nameservers please] (35)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of closure [}] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[id-assoc] (
Nov 27 18:18:09 gw1 dhcp6c[68673]: <13>[pd] (2)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <13>[0] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <13>begin of closure [{] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[prefix] (6)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[::] (2)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[/] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[56] (2)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[infinity] (
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[prefix-interface] (16)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <5>[igb0] (4)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>begin of closure [{] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[sla-id] (6)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[0] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[sla-len] (7)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>[8] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of closure [}] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of closure [}] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: <3>end of sentence [;] (1)
Nov 27 18:18:09 gw1 dhcp6c[68673]: called
Nov 27 18:18:09 gw1 dhcp6c[68673]: called
Nov 27 18:18:09 gw1 dhcp6c[68673]: reset a timer on igb1, state=INIT, timeo=0, retrans=433
Nov 27 18:18:10 gw1 dhcp6c[68673]: Sending Solicit
Nov 27 18:18:10 gw1 dhcp6c[68673]: a new XID (7ae07) is generated
Nov 27 18:18:10 gw1 dhcp6c[68673]: set client ID (len 14)
Nov 27 18:18:10 gw1 dhcp6c[68673]: set elapsed time (len 2)
Nov 27 18:18:10 gw1 dhcp6c[68673]: set option request (len 4)
Nov 27 18:18:10 gw1 dhcp6c[68673]: set IA_PD prefix
Nov 27 18:18:10 gw1 dhcp6c[68673]: set IA_PD

Routing log looks like thisNov 29 22:07:36 gw1 rtsold[55679]: <rtsol_input> Processing RA
Nov 29 22:07:36 gw1 rtsold[55679]: <rtsol_input> ndo = 0x608230
Nov 29 22:07:36 gw1 rtsold[55679]: <rtsol_input> ndo->nd_opt_type = 1
Nov 29 22:07:36 gw1 rtsold[55679]: <rtsol_input> ndo->nd_opt_len = 1
Nov 29 22:07:36 gw1 rtsold[55679]: <make_rsid> rsid = [igb1:slaac]
Nov 29 22:07:36 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:07:36 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::1:1 on an unexpected IF(igb0)
Nov 29 22:07:36 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::b226:80ff:fe1f:4442 on igb1, state is 0
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> Processing RA
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> ndo = 0x608230
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> ndo->nd_opt_type = 1
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> ndo->nd_opt_len = 1
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> ndo = 0x608238
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> ndo->nd_opt_type = 5
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_input> ndo->nd_opt_len = 1
Nov 29 22:07:40 gw1 rtsold[55679]: <make_rsid> rsid = [igb1:slaac]
Nov 29 22:07:40 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:07:42 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::1:1 on an unexpected IF(igb0)
Nov 29 22:07:42 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:07:45 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::1:1 on an unexpected IF(igb0)
Nov 29 22:07:45 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:07:54 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::1:1 on an unexpected IF(igb0)
Nov 29 22:07:54 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:08:00 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::1:1 on an unexpected IF(igb0)
Nov 29 22:08:00 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:08:08 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::1:1 on an unexpected IF(igb0)
Nov 29 22:08:08 gw1 rtsold[55679]: <rtsol_check_timer> there is no timer
Nov 29 22:08:09 gw1 rtsold[55679]: <rtsol_input> received RA from fe80::1af1:45ff:fe74:a29d on igb1, state is 0

Digging some more I see a lot of below in the firewall logNov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,2404:6800:4006:807::2003,59900,443,0,S,595995957,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,2600:1415:10:4be::33c4,60123,443,0,S,961410098,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,<redacted>:100:9::2,56608,443,0,S,1099330371,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,<redacted>:100:9::2,56609,443,0,S,3527085472,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,<redacted>:100:9::2,56610,443,0,S,1318992366,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,2404:6800:4006:807::2003,59905,443,0,S,100023556,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,2600:1415:10:4be::33c4,60128,443,0,S,2870499212,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:45 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x00000,64,TCP,6,40,<redacted>:4100:300:adc2:6258:8d90:f30b,2600:1415:10:4be::33c4,60129,443,0,S,439595810,,14400,,mss;sackOK;TS;nop;wscale
Nov 30 00:03:48 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0xc5fab,64,UDP,17,157,<redacted>:4100:300:dc5d:6175:57ce:f950,2a03:b0c0:3:d0:6a:3001:7800:cd08,9993,9993,157
Nov 30 00:03:48 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x11c6a,64,UDP,17,157,<redacted>:4100:300:c1b4:db25:ae60:96b9,2a03:b0c0:3:d0:6a:3001:7800:cd08,9993,9993,157
Nov 30 00:03:48 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0xb7b0b,64,UDP,17,157,<redacted>:4100:300:c1b4:db25:ae60:96b9,2a03:b0c0:3:d0:6a:3001:7800:cd08,21645,9993,157
Nov 30 00:03:48 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x638ca,64,UDP,17,157,<redacted>:4100:300:dc5d:6175:57ce:f950,2a03:b0c0:3:d0:6a:3001:7800:cd08,21645,9993,157
Nov 30 00:03:48 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0x6e486,64,UDP,17,157,<redacted>:4100:300:dc5d:6175:57ce:f950,2a03:b0c0:3:d0:6a:3001:7800:cd08,21646,9993,157
Nov 30 00:03:48 gw1 filterlog: 10,,,0,igb0,match,block,in,6,0x00,0xba747,64,UDP,17,157,<redacted>:4100:300:c1b4:db25:ae60:96b9,2a03:b0c0:3:d0:6a:3001:7800:cd08,21646,9993,157


Not quite sure what I fiddled with that made it works. The LAN interface and hosts now get proper IPv6 addresses!
The WAN interface still say it has a link local IPv6 IP.