Project

General

Profile

Bug #10966

IPv6 - WAN does not renew address when upstream fails

Added by Sam McLeod 7 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Category:
DHCP (IPv6)
Target version:
Start date:
10/07/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

If the upstream ISP on the WAN link has an IPv6 failure / outage, PFSense does not release and renew the IPv6 lease.
This results in an outage to all IPv6 traffic being routed by PFSense.

The "fix" each time the problem occurs is to manually release the leases on the WAN interface and renew them.

  • This been a problem for at least the past year of stable PFSense releases, currently running 2.4.5-RELEASE-p1 (amd64).
  • I have confirmed this is an issue for other users of PFSense with IPv6.
  • This bug exists after a fresh install of PFsense with minimal configuration.
  • This bug exists across completely different hardware.
  • The upstream ISP tested with is AussieBroadband (A popular Australia ISP) which use Cisco Nexus gear that's IPoE, the DHCP request starts the accounting so it is required for connectivity to work, there is no option to statically assign an address as a workaround.

This could perhaps related to close bug: https://redmine.pfsense.org/issues/2919

See attached screenshots of the interface in a broken IPv6 state and then after a manual release and renew

pfsense broken ipv6 - broken state.jpg (45.6 KB) pfsense broken ipv6 - broken state.jpg IPv6 WAN interface in a broken state Sam McLeod, 10/07/2020 07:18 PM
pfsense broken ipv6 - fixed state.jpg (49.3 KB) pfsense broken ipv6 - fixed state.jpg IPv6 WAN interface after a manual release and renew Sam McLeod, 10/07/2020 07:18 PM
manual-release-renew.txt (8.09 KB) manual-release-renew.txt John Griffin, 02/04/2021 05:41 AM
reboot-no-address.txt (11.3 KB) reboot-no-address.txt John Griffin, 02/04/2021 05:41 AM

History

#1 Updated by Sam McLeod 7 months ago

Might also be related to this bug that was closed as a dupe: https://redmine.pfsense.org/issues/3290

#2 Updated by Sam McLeod 7 months ago

Related: https://forums.whirlpool.net.au/archive/9004zpv9-6#r67799588

If i release/renew it never gets a v6 address again, but if I release, wait 20 seconds, renew it works immediately.

#3 Updated by Stephen Baines 5 months ago

Sam McLeod wrote:

If the upstream ISP on the WAN link has an IPv6 failure / outage, PFSense does not release and renew the IPv6 lease.

I have the same issue as well with the same ISP.

#4 Updated by Viktor Gurov 5 months ago

see also #6691

#5 Updated by Sam McLeod 5 months ago

Can't find if this is being tracked elsewhere now but it's still an issue.

Last night all PFSense users in the states of Victoria and Tasmania using AussieBB (a major ISP in Australia) that had planned maintenance at 4AM~ found that all IPv6 traffic was failing (e.g. ping6 google.com) - upon release and renew an IPv6 WAN address was not assigned by PFSense and they had to wait at least 20s between the release and renew on the WAN link for v6 to get an assignment.

  • Is there any update on when this will be fixed?

#6 Updated by Steve Beaver 5 months ago

  • Assignee set to Renato Botelho
  • Target version set to 2.5.0

#7 Updated by Sam McLeod 5 months ago

Had another outage caused by PFSense not having the bugfixed dhcp6c client

(refs https://forums.whirlpool.net.au/thread/3mnkq4v9?p=726#r14510)

#8 Updated by Sam McLeod 5 months ago

Looks like Opensense has a bugfix for the issue:

#9 Updated by → luckman212 5 months ago

It's still open @Sam McLeod - Not fully fixed yet.
look towards the end of that issue (https://github.com/opnsense/dhcp6c/issues/25#issuecomment-742310113 specifically)

Looks like this will be a good one to pull in though, once it's wrapped up

#10 Updated by John Griffin 3 months ago

Hi, considering the fact that the user only saw the patched version not fix the issue one time, would it be possible to review the upstream fixs implemented by the wide-dhcpv6 and look to implement the same in a dev release? I just don't see much priority given to this by Opnsense considering the reporter has not returned in over a month.

As someone affected by this bug on an almost daily basis, i'd be happy to provide whatever testing may assist.

#11 Updated by Sam McLeod 3 months ago

Really keen to see some progress with this, it's impacting me on an almost weekly basis.

Please let me know if there is any further debugging or information I can provide to get this moving.

#12 Updated by Stephen Baines 3 months ago

Same here - it's a very common issue for me as well, more than happy to get involved in helping nail this one if I can.

#13 Updated by Renato Botelho 3 months ago

  • Status changed from New to Feedback

#14 Updated by John Griffin 3 months ago

I updated this morning to the latest 2.5 release which had the dhcp6-20080615.2_4 client. I then rebooted this afternoon to install the latest build, and it failed to retrieve a DHCP6 address on reboot. Logs are below and seem a little confusing to me. This is the last mention of dhcp6c in the log, it's now 3 hours later and there's nothing showing it trying to get a new address.

(Logs in next post)

#15 Updated by John Griffin 3 months ago

But I do a manual release / renew and it picks up an address

Logs Attached showing the reboot releasing (?) the address but the manual release / renew being successful.

#16 Updated by Renato Botelho 3 months ago

  • Status changed from Feedback to In Progress

#17 Updated by John Griffin 3 months ago

Apart from the initial failure to get an address on the WAN interface, i've not lost DHCPv6 on the WAN interface in 5 days, and it's normally a daily event. So it's likely the bug has been quashed and I experienced some other esoteric issue.

#18 Updated by Renato Botelho 3 months ago

  • Status changed from In Progress to Resolved

Thanks for letting us know

#19 Updated by Sam McLeod 3 months ago

Thanks all for your efforts on this, great to see it in the 2.5.0 release today!

Also available in: Atom PDF