[SOLVED] Not being able to get dhcpv6 to get answer from my ISP

Started by gunnarf, April 29, 2020, 12:12:43 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 29, 2020, 12:12:43 PM Last Edit: May 26, 2020, 12:58:21 PM by gunnarf
I've configured my wan for getting a ::/56 from my ISP. For some reason it doesn't work. They say they are full compliant to answering dhcpv6

A small tcpdump from my opnsense:
oot@OPNsense:~ # tcpdump -i igb0 -n -vv '(udp port 546 or 547) or icmp6'
tcpdump: listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:30:17.484214 IP6 (hlim 1, next-header UDP (17) payload length: 89) fe80::20d:b9ff:fe51:6da8.546 > ff02::1:2.547: [bad udp cksum 0x25f8 -> 0x2737!] dhcp6 solicit (xid=124cce (client-ID hwaddr/time type 1 time 640886699 a0cec8ce700d) (elapsed-time 65535) (option-request DNS-server DNS-search-list) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/56 pltime:4294967295 vltime:4294967295)))
17:32:19.326508 IP6 (hlim 1, next-header UDP (17) payload length: 89) fe80::20d:b9ff:fe51:6da8.546 > ff02::1:2.547: [bad udp cksum 0x25f8 -> 0x2737!] dhcp6 solicit (xid=124cce (client-ID hwaddr/time type 1 time 640886699 a0cec8ce700d) (elapsed-time 65535) (option-request DNS-server DNS-search-list) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/56 pltime:4294967295 vltime:4294967295)))

I've checked the implicit rules generated When activating ipv6 on the WAN, and it looks ok, as far as I understand. But I still don't get ipv6.

From my wan configuration

ipv6 Configuration type: DHCPv6
Request only an ipv6 prefix: Yes
Prefix delegation size: 56
Send ipv6 prefix hint: Yes
Prevent release: Yes

Gunnar

April 29, 2020, 09:13:03 PM #1
Under Interfaces -> LAN

Do you have IPv6 Configuration Type set to Track Interface?

And then down below for Track IPv6 Interface do you have the interface set to WAN?

I have my WAN interface configured as you do and I'm able to pull IPv6 for my internal network with those settings.  My WAN interface does _not_ obtain an IPv6 address though.

April 29, 2020, 09:46:43 PM #2
Interfaces, Overview, pull down the WAN interface. What is showing after:

IPv6 Link Local
Gateway IPv6

You should see fe80* or 200* addresses.

Bart...
April 30, 2020, 08:26:03 AM #3 Last Edit: April 30, 2020, 08:36:45 AM by gunnarf
Yes I have Track interface on the LAN interface and WAN is choosen, but that doesn't have anything to do with dhcp6c as far as I understand

And yes I have a link local

IPv6 Link Local   fe80::20d:b9ff:fe51:6da8 / 64
Gateway ipv6 isn't present since I don't get a gateway !?
April 30, 2020, 08:30:38 AM #4 Last Edit: April 30, 2020, 09:50:38 AM by gunnarf
And just to point out, I run ipv6 on my other firewall (in town) with another provider, and there I run tunneling which works fine. But as my provider to the country house is providing native ipv6, I of course wants it to run as native.  :D
April 30, 2020, 09:56:17 AM #5
You could try all possible options for these settings:

Request only an IPv6 prefix
Send IPv6 prefix hint
Use IPv4 connectivity

That's only eight combinations to test  ;)

Bart...
April 30, 2020, 10:13:00 AM #6 Last Edit: April 30, 2020, 10:38:04 AM by gunnarf
I've tried with and without all of these settings. It makes no difference

Next week I'll be out in the house again, and will try to put a openbsd or freebsd box directly to the feed and activate dhcp6c, and see if I get any connection. My provider says (of course) that they have no problems with their own router, but that it should work with the settings I have. And of course, they don't have the time or want to experiment with OPNsense.

Fortunately I run OpenVPN to the country house, so I can test all your suggestions again. :D

If I take away "request only an IPv6 prefix" I immediately loose the link local fe80: address

When looking at the tcpdump output there is a checksum error!:

17:30:17.484214 IP6 (hlim 1, next-header UDP (17) payload length: 89) fe80::20d:b9ff:fe51:6da8.546 > ff02::1:2.547: [bad udp cksum 0x25f8 -> 0x2737!] dhcp6 solicit (xid=124cce (client-ID hwaddr/time type 1 time 640886699 a0cec8ce700d) (elapsed-time 65535) (option-request DNS-server DNS-search-list) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/56 pltime:4294967295 vltime:4294967295)))

[bad udp cksum 0x25f8 -> 0x2737!]

Can this be the issue?
April 30, 2020, 10:39:47 AM #7
Turn on the debugging in the WAN dhcp6c settings, apply and save. Go to the system logs and filter for dhcp6c. You should see a lot of gibberish that dhcp6c is logging, post it here and we'll see what's going on.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
April 30, 2020, 10:41:13 AM #8 Last Edit: April 30, 2020, 10:57:37 AM by gunnarf
What log file should I look in? I looked in /var/log/system.log

I've had the logging on for several days, the only thing I get in it is
Apr 25 19:40:58 OPNsense dhcp6c[38885]: Sending Solicit

The weirdest is that it stops logging at that date, even though the logging still is on. I'll remove and reenable the logging

I
April 30, 2020, 11:07:46 AM #9
Quote from: marjohn56 on April 30, 2020, 10:39:47 AM
Turn on the debugging in the WAN dhcp6c settings, apply and save. Go to the system logs and filter for dhcp6c. You should see a lot of gibberish that dhcp6c is logging, post it here and we'll see what's going on.

So I rebooted the system to get a clear system.log. Looking for dhcp6 I get:

Apr 30 10:49:44 OPNsense dhcp6c[27938]: Sending Solicit
Apr 30 10:50:06 OPNsense dhcp6c: dhcp6c EXIT on igb0 - running newipv6
Apr 30 10:50:20 OPNsense dhcp6c[27938]: exiting
Apr 30 10:50:38 OPNsense dhcp6c: RTSOLD script - Starting dhcp6 client for interface wan(igb0)
Apr 30 10:50:39 OPNsense dhcp6c[28602]: Sending Solicit

And it keeps on like this
April 30, 2020, 12:04:31 PM #10
Looks like your ISP simply ignores the request. Wrong MAC address, lease not expired on their side, etc.


Cheers,
Franco
April 30, 2020, 01:47:21 PM #11
Should not be exiting after an unsuccessful solicit, it should just keep re-sending solicits until it gets a response, all be it with an increasing delay between those solicits. Have you enabled debug? I would have expected to see a whole load of data associated with dhcp6c.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
April 30, 2020, 03:32:02 PM #12
OK, the bug with dhcp6c logging still exists so you are not seeing the whole picture. @Franco if you set Debug logging in dhcp6c you'll see there is either no difference or little difference. This appears to be an issue with dhcp6c itself, or at least the way the logging levels are being handled within Opnsense. I have a modified dhcp6c that fixes this and logs correctly. I would suggest that the multiple logging level changes I made, so you have levels 0,1,2 are also implemented, they are part of PR #3934 multiwan dhcp6.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
May 26, 2020, 12:59:27 PM #13 Last Edit: May 26, 2020, 03:32:27 PM by gunnarf
At last my provider checked thoroughly, and discovered they had a misconfiguration!!  :D

From the providers horizon, it is always the small customer that has got the problem. But not now. And OPNsense native ipv6 works as it should!  8)

Now I have native ipv6!
Print
Go Up Pages1
User actions