Bug #10966
closed
IPv6 - WAN does not renew address when upstream fails
0%
Description
If the upstream ISP on the WAN link has an IPv6 failure / outage, PFSense does not release and renew the IPv6 lease.
This results in an outage to all IPv6 traffic being routed by PFSense.
The "fix" each time the problem occurs is to manually release the leases on the WAN interface and renew them.
- This been a problem for at least the past year of stable PFSense releases, currently running 2.4.5-RELEASE-p1 (amd64).
- I have confirmed this is an issue for other users of PFSense with IPv6.
- This bug exists after a fresh install of PFsense with minimal configuration.
- This bug exists across completely different hardware.
- The upstream ISP tested with is AussieBroadband (A popular Australia ISP) which use Cisco Nexus gear that's IPoE, the DHCP request starts the accounting so it is required for connectivity to work, there is no option to statically assign an address as a workaround.
This could perhaps related to close bug: https://redmine.pfsense.org/issues/2919
See attached screenshots of the interface in a broken IPv6 state and then after a manual release and renew
Files
| pfsense broken ipv6 - broken state.jpg (45.6 KB) pfsense broken ipv6 - broken state.jpg | IPv6 WAN interface in a broken state | ||
| pfsense broken ipv6 - fixed state.jpg (49.3 KB) pfsense broken ipv6 - fixed state.jpg | IPv6 WAN interface after a manual release and renew | ||
| manual-release-renew.txt (8.09 KB) manual-release-renew.txt | |||
| reboot-no-address.txt (11.3 KB) reboot-no-address.txt |
Updated by Sam McLeod about 4 years ago
Might also be related to this bug that was closed as a dupe: https://redmine.pfsense.org/issues/3290
Updated by Sam McLeod about 4 years ago
Related: https://forums.whirlpool.net.au/archive/9004zpv9-6#r67799588
If i release/renew it never gets a v6 address again, but if I release, wait 20 seconds, renew it works immediately.
Updated by Stephen Baines about 4 years ago
Sam McLeod wrote:
If the upstream ISP on the WAN link has an IPv6 failure / outage, PFSense does not release and renew the IPv6 lease.
I have the same issue as well with the same ISP.
Updated by Viktor Gurov 
Updated by Sam McLeod about 4 years ago
Can't find if this is being tracked elsewhere now but it's still an issue.
Last night all PFSense users in the states of Victoria and Tasmania using AussieBB (a major ISP in Australia) that had planned maintenance at 4AM~ found that all IPv6 traffic was failing (e.g. ping6 google.com) - upon release and renew an IPv6 WAN address was not assigned by PFSense and they had to wait at least 20s between the release and renew on the WAN link for v6 to get an assignment.
- Is there any update on when this will be fixed?
Updated by Anonymous about 4 years ago
- Assignee set to Renato Botelho
- Target version set to 2.5.0
Updated by Sam McLeod about 4 years ago
Had another outage caused by PFSense not having the bugfixed dhcp6c client
(refs https://forums.whirlpool.net.au/thread/3mnkq4v9?p=726#r14510)
Updated by Sam McLeod about 4 years ago
Looks like Opensense has a bugfix for the issue:
Updated by → luckman212 about 4 years ago
It's still open Sam K McLeod - Not fully fixed yet.
look towards the end of that issue (https://github.com/opnsense/dhcp6c/issues/25#issuecomment-742310113 specifically)
Looks like this will be a good one to pull in though, once it's wrapped up
Updated by John Griffin almost 4 years ago
Hi, considering the fact that the user only saw the patched version not fix the issue one time, would it be possible to review the upstream fixs implemented by the wide-dhcpv6 and look to implement the same in a dev release? I just don't see much priority given to this by Opnsense considering the reporter has not returned in over a month.
As someone affected by this bug on an almost daily basis, i'd be happy to provide whatever testing may assist.
Updated by Sam McLeod almost 4 years ago
Really keen to see some progress with this, it's impacting me on an almost weekly basis.
Please let me know if there is any further debugging or information I can provide to get this moving.
Updated by Stephen Baines almost 4 years ago
Same here - it's a very common issue for me as well, more than happy to get involved in helping nail this one if I can.
Updated by Renato Botelho almost 4 years ago
- Status changed from New to Feedback
I've imported debian patch - https://sources.debian.org/patches/wide-dhcpv6/20080615-23/0018-dhcpv6-ignore-advertise-messages-with-none-of-reques.patch/
Version dhcp6-20080615.2_4 will contain fix
Updated by John Griffin almost 4 years ago
I updated this morning to the latest 2.5 release which had the dhcp6-20080615.2_4 client. I then rebooted this afternoon to install the latest build, and it failed to retrieve a DHCP6 address on reboot. Logs are below and seem a little confusing to me. This is the last mention of dhcp6c in the log, it's now 3 hours later and there's nothing showing it trying to get a new address.
(Logs in next post)
Updated by John Griffin almost 4 years ago
- File manual-release-renew.txt manual-release-renew.txt added
- File reboot-no-address.txt reboot-no-address.txt added
But I do a manual release / renew and it picks up an address
Logs Attached showing the reboot releasing (?) the address but the manual release / renew being successful.
Updated by Renato Botelho almost 4 years ago
- Status changed from Feedback to In Progress
Updated by John Griffin almost 4 years ago
Apart from the initial failure to get an address on the WAN interface, i've not lost DHCPv6 on the WAN interface in 5 days, and it's normally a daily event. So it's likely the bug has been quashed and I experienced some other esoteric issue.
Updated by Renato Botelho almost 4 years ago
- Status changed from In Progress to Resolved
Thanks for letting us know
Updated by Sam McLeod almost 4 years ago
Thanks all for your efforts on this, great to see it in the 2.5.0 release today!