[SOLVED] Not being able to get dhcpv6 to get answer from my ISP

[gunnarf]

I’ve configured my wan for getting a ::/56 from my ISP. For some reason it doesn’t work. They say they are full compliant to answering dhcpv6

A small tcpdump from my opnsense:
oot@OPNsense:~ # tcpdump -i igb0 -n -vv '(udp port 546 or 547) or icmp6'
tcpdump: listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:30:17.484214 IP6 (hlim 1, next-header UDP (17) payload length: 89) fe80::20d:b9ff:fe51:6da8.546 > ff02::1:2.547: [bad udp cksum 0x25f8 -> 0x2737!] dhcp6 solicit (xid=124cce (client-ID hwaddr/time type 1 time 640886699 a0cec8ce700d) (elapsed-time 65535) (option-request DNS-server DNS-search-list) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/56 pltime:4294967295 vltime:4294967295)))
17:32:19.326508 IP6 (hlim 1, next-header UDP (17) payload length: 89) fe80::20d:b9ff:fe51:6da8.546 > ff02::1:2.547: [bad udp cksum 0x25f8 -> 0x2737!] dhcp6 solicit (xid=124cce (client-ID hwaddr/time type 1 time 640886699 a0cec8ce700d) (elapsed-time 65535) (option-request DNS-server DNS-search-list) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/56 pltime:4294967295 vltime:4294967295)))

I’ve checked the implicit rules generated When activating ipv6 on the WAN, and it looks ok, as far as I understand. But I still don’t get ipv6.

From my wan configuration

ipv6 Configuration type: DHCPv6
Request only an ipv6 prefix: Yes
Prefix delegation size: 56
Send ipv6 prefix hint: Yes
Prevent release: Yes

Gunnar

[packetmangler]

Under Interfaces -> LAN

Do you have IPv6 Configuration Type set to Track Interface?

And then down below for Track IPv6 Interface do you have the interface set to WAN?

I have my WAN interface configured as you do and I'm able to pull IPv6 for my internal network with those settings.  My WAN interface does _not_ obtain an IPv6 address though.

[bartjsmit]

Interfaces, Overview, pull down the WAN interface. What is showing after:

IPv6 Link Local
Gateway IPv6

You should see fe80* or 200* addresses.

Bart...

[gunnarf]

Yes I have Track interface on the LAN interface and WAN is choosen, but that doesn't have anything to do with dhcp6c as far as I understand

And yes I have a link local

 IPv6 Link Local   fe80::20d:b9ff:fe51:6da8 / 64
Gateway ipv6 isn't present since I don't get a gateway !?

[gunnarf]

And just to point out, I run ipv6 on my other firewall (in town) with another provider, and there I run tunneling which works fine. But as my provider to the country house is providing native ipv6, I of course wants it to run as native. 

[bartjsmit]

You could try all possible options for these settings:

Request only an IPv6 prefix
Send IPv6 prefix hint
Use IPv4 connectivity

That's only eight combinations to test 

Bart...

[gunnarf]

I've tried with and without all of these settings. It makes no difference

Next week I'll be out in the house again, and will try to put a openbsd or freebsd box directly to the feed and activate dhcp6c, and see if I get any connection. My provider says (of course) that they have no problems with their own router, but that it should work with the settings I have. And of course, they don't have the time or want to experiment with OPNsense.

Fortunately I run OpenVPN to the country house, so I can test all your suggestions again.

If I take away "request only an IPv6 prefix" I immediately loose the link local fe80: address

When looking at the tcpdump output there is a checksum error!:

17:30:17.484214 IP6 (hlim 1, next-header UDP (17) payload length: 89) fe80::20d:b9ff:fe51:6da8.546 > ff02::1:2.547: [bad udp cksum 0x25f8 -> 0x2737!] dhcp6 solicit (xid=124cce (client-ID hwaddr/time type 1 time 640886699 a0cec8ce700d) (elapsed-time 65535) (option-request DNS-server DNS-search-list) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/56 pltime:4294967295 vltime:4294967295)))

[bad udp cksum 0x25f8 -> 0x2737!]

Can this be the issue?

[marjohn56]

Turn on the debugging in the WAN dhcp6c settings, apply and save. Go to the system logs and filter for dhcp6c. You should see a lot of gibberish that dhcp6c is logging, post it here and we'll see what's going on.

[gunnarf]

What log file should I look in? I looked in /var/log/system.log

I've had the logging on for several days, the only thing I get in it is
Apr 25 19:40:58 OPNsense dhcp6c[38885]: Sending Solicit

The weirdest is that it stops logging at that date, even though the logging still is on. I'll remove and reenable the logging

I

[gunnarf]

Turn on the debugging in the WAN dhcp6c settings, apply and save. Go to the system logs and filter for dhcp6c. You should see a lot of gibberish that dhcp6c is logging, post it here and we'll see what's going on.

So I rebooted the system to get a clear system.log. Looking for dhcp6 I get:

Apr 30 10:49:44 OPNsense dhcp6c[27938]: Sending Solicit
Apr 30 10:50:06 OPNsense dhcp6c: dhcp6c EXIT on igb0 - running newipv6
Apr 30 10:50:20 OPNsense dhcp6c[27938]: exiting
Apr 30 10:50:38 OPNsense dhcp6c: RTSOLD script - Starting dhcp6 client for interface wan(igb0)
Apr 30 10:50:39 OPNsense dhcp6c[28602]: Sending Solicit

And it keeps on like this

[franco]

Looks like your ISP simply ignores the request. Wrong MAC address, lease not expired on their side, etc.


Cheers,
Franco

[marjohn56]

Should not be exiting after an unsuccessful solicit, it should just keep re-sending solicits until it gets a response, all be it with an increasing delay between those solicits. Have you enabled debug? I would have expected to see a whole load of data associated with dhcp6c.

[marjohn56]

OK, the bug with dhcp6c logging still exists so you are not seeing the whole picture. @Franco if you set Debug logging in dhcp6c you'll see there is either no difference or little difference. This appears to be an issue with dhcp6c itself, or at least the way the logging levels are being handled within Opnsense. I have a modified dhcp6c that fixes this and logs correctly. I would suggest that the multiple logging level changes I made, so you have levels 0,1,2 are also implemented, they are part of PR #3934 multiwan dhcp6.

[gunnarf]

At last my provider checked thoroughly, and discovered they had a misconfiguration!! 

From the providers horizon, it is always the small customer that has got the problem. But not now. And OPNsense native ipv6 works as it should! 

Now I have native ipv6!