Project

General

Profile

Bug #3361

DHCP6 WAN is not obtaining a default gateway

Added by Jim Pingle almost 5 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Gateways
Target version:
Start date:
12/13/2013
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.2
Affected Architecture:

Description

On a 2.2 image the firewall pulls a WAN IP and even a LAN delegation, but does not get an IPv6 default route.

An identically configured 2.1 system next to it obtains a default route without issue.

I don't see any errors in the log from any of the routing daemons or similar, only this:

Dec 13 10:25:49 pfs22 php: rc.filter_configure_sync: Could not find IPv6 gateway for interface(wan).

The GUI entry shows up as dynamic under System > Routing, but it does not exist in the OS routing table.

Associated revisions

Revision 9d83d01f (diff)
Added by Renato Botelho about 4 years ago

Fix shell script syntax, it should fix #3361

Revision 9fdc167f (diff)
Added by Ermal Luçi almost 4 years ago

Properly test if FCGI is calling or are being triggered from shell. Normally Fixes #3361

Revision f3dd7e8c (diff)
Added by Ermal Luçi almost 4 years ago

Properly test if FCGI is calling or are being triggered from shell. Normally Fixes #3361

Revision c87d89ae (diff)
Added by Ermal Luçi almost 4 years ago

Lets put a logging to see what is bing passed to the rtsold script on calling. Helps with Ticket #3361

Revision ec5753e7 (diff)
Added by Ermal Luçi almost 4 years ago

The net.inet6.ip6.rfc6204w3 needs to be 1 for dhcpv6 to work correctly. Fixes #3361

History

#1 Updated by Jim Pingle almost 5 years ago

Additional info:

ifconfig shows ACCEPT_RTADV on for the WAN NIC.

Adding the gateawy manually does allow it to work but is not ideal.

On 2.1 which works fine:

: rtsol -dD vr1
rtsol: kernel is configured as a router, not a host
checking if vr1 is ready...
vr1 is ready
set timer for vr1 to 0:242033
New timer is 0:00241936
timer expiration on vr1, state = 1
send RS on vr1, whose state is 2
set timer for vr1 to 4:0
New timer is 4:00000906
received RA from fe80::200:xxxx:xxxx:67cc on vr1, state is 2
OtherConfigFlag on vr1 is turned on
stop timer for vr1
there is no timer

On 2.2 that does not work:

: rtsol -dD em0
checking if em0 is ready...
em0 is ready
set timer for em0 to 0s
New timer is 0s
timer expiration on em0, state = 1
send RS on em0, whose state is 2
set timer for em0 to 4s
New timer is 4s
received RA from fe80::1:1 on an unexpected IF(em1)
New timer is 2s
received RA from fe80::200:xxxx:xxxx:67cc on em0, state is 2
OtherConfigFlag on em0 is turned on
Processing RA
ndo = 0x607a50
ndo->nd_opt_type = 3
ndo->nd_opt_len = 4
ndo = 0x607a70
ndo->nd_opt_type = 24
ndo->nd_opt_len = 3
ndo = 0x607a88
ndo->nd_opt_type = 25
ndo->nd_opt_len = 3
nsbuf = 2001:470:1f11:e1c::1
ndo = 0x607aa0
ndo->nd_opt_type = 31
ndo->nd_opt_len = 3
labellen = 6
labellen = 3
dname = example.org
ndo = 0x607ab8
ndo->nd_opt_type = 5
ndo->nd_opt_len = 1
ndo = 0x607ac0
ndo->nd_opt_type = 1
ndo->nd_opt_len = 1
rsid = [em0:slaac]
write to child = nameserver (11)
write to child = 2001:xxx:xxxx:xxx::1(20)
write to child = 
(1)
write to child = search (7)
write to child = example.org(10)
write to child =  (1)
write to child = 
(1)
script "/sbin/resolvconf" terminated
stop timer for em0
RA expiration timer: type=25, msg=2001:xxx:xxxx:xxx::1, expire=20s
RA expiration timer: type=31, msg=example.org, expire=20s
there is no timer

(Some details anonymized)

#2 Updated by Ermal Luçi almost 5 years ago

You expect RA on em0 but receive one from em1 not sure if you have 2 interfaces with DHCPv6?
Can you confirm that?

#3 Updated by Jim Pingle over 4 years ago

There was a little more info #3649 about this. Specifically, Ermal's comment on that ticket that "rtsold is not passing the gateway as second argument" which may be helpful to have here.

#4 Updated by Renato Botelho about 4 years ago

Added the patch to rtsol, next round of snapshots will have it in

#5 Updated by Renato Botelho about 4 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#6 Updated by Chris Buechler about 4 years ago

  • Status changed from Feedback to New

seems this is still an issue in at least one circumstance. Where WAN is set to DHCP6, and no DHCP6 server is available but a SLAAC-obtained IP exists, the v6 default gateway isn't added.

#7 Updated by Chris Buechler about 4 years ago

  • Status changed from New to Confirmed

SLAAC also ends up missing a default gateway, though System>Routing shows a gateway entry with the appropriate IP and shows it marked as default, no v6 default route ends up in the routing table.

#8 Updated by Chris Buechler almost 4 years ago

  • Priority changed from Normal to High
  • % Done changed from 100 to 0
  • Affected Architecture deleted (amd64)
  • Affected Documentation 1 added

#9 Updated by Ermal Luçi almost 4 years ago

  • Status changed from Confirmed to Feedback

#10 Updated by Ermal Luçi almost 4 years ago

  • % Done changed from 0 to 100

#11 Updated by Ermal Luçi almost 4 years ago

#12 Updated by Chris Buechler almost 4 years ago

  • Status changed from Feedback to Confirmed

no change

#13 Updated by Jim Pingle almost 4 years ago

Watch out for this one. It works on some boots and not others, or depending on the timing. There's a race condition somewhere. I thought I had noted it on this or a duplicate ticket but can't find it now. The gateway is there during bootup but gets removed toward the end of the boot process. Something is clobbering/removing it.

#14 Updated by Ermal Luçi almost 4 years ago

This should be retested.
For me this should only happen when you have 2+ dhcp6 wans.

#15 Updated by Jim Pingle almost 4 years ago

On the latest snap + gitsync this is still a problem for me with just one WAN. The gateway appears to be set and is there for a very short time during boot, but then by the end of the boot process, it is gone.

#16 Updated by Peter Hinman almost 4 years ago

Currently running:
2.2-BETA (i386)
built on Sat Nov 08 15:40:19 CST 2014

I have a dual WAN configuration. WAN-01 consistently doesn't pick up a DHCP lease, WAN-02 picks up a lease most of the time, but not always. This isn't a critical system. I can test patches / config changes if that will help.

#17 Updated by Peter Hinman almost 4 years ago

Meant to say DHCP6

#18 Updated by Chris Buechler almost 4 years ago

Peter: you're not getting an IP at all? That seems like a different issue, what we've seen here the system gets an IP, sets its default gateway accordingly, but something comes along behind it and deletes the default gateway. Assuming you're not getting an IP, that is different, if you could start a thread on the 2.2 board (https://forum.pfsense.org/index.php?board=57.0) we can work with you to narrow down the possible causes and open a bug report with the root issue.

#19 Updated by Peter Hinman almost 4 years ago

Finding a new issue wasn't the contribution I intended to make.

I'll double check with the ISP for that WAN connection to make sure things are all good on their end. If no issues there, I'll start with a post to the forum. Thanks for being kind about my unintentionally off topic post.

#20 Updated by Peter Hinman almost 4 years ago

Turns out that the ISP for the WAN in question is only experimenting with IP6 at the moment. Anything I've picked up in the past was sheer luck. I'm sorry for the false alarm.

#21 Updated by Chris Buechler almost 4 years ago

JimP: you have a way to at least semi-reliably replicate this on current versions? I've been trying a variety of scenarios for hours, across several dozen reboots, and haven't gotten it to fail once. IIRC you're seeing that on an ALIX? I'm mostly testing with VMs on fast systems, and physical hardware that runs circles around an ALIX. Didn't have an ALIX available a network with DHCP6 today.

#22 Updated by Jim Pingle almost 4 years ago

Chris Buechler wrote:

JimP: you have a way to at least semi-reliably replicate this on current versions? I've been trying a variety of scenarios for hours, across several dozen reboots, and haven't gotten it to fail once. IIRC you're seeing that on an ALIX? I'm mostly testing with VMs on fast systems, and physical hardware that runs circles around an ALIX. Didn't have an ALIX available a network with DHCP6 today.

I have a 2.2 VM that never has a V6 gateway by the time the boot process ends. Ermal has access to it, I gave him the info last week.

My APU gets a gateway sometimes but not always. ALIX is the same.

The server ahead of it is pfSense doing DHCP-PD. Nothing too crazy about the setup. 2.1.x VMs pull settings without issue.

How low is your V6 lease time? It may get the gateway back when it renews the lease. If I save/apply WAN the gateway comes back.

#23 Updated by Jim Pingle almost 4 years ago

This appears to be tied to having a DHCPv4 WAN configured along side DHCPv6. If I set the WAN of an affected system to static IP, the IPv6 gateway is present and working on each subsequent reboot. Set the system back to use DHCPv4 WAN and reboot and the v6 gateway goes missing.

#24 Updated by Ermal Luçi almost 4 years ago

  • Status changed from Confirmed to Feedback

Works for me.

#25 Updated by Ermal Luçi almost 4 years ago

#26 Updated by Jim Pingle almost 4 years ago

Will leave for feedback until the fix is in snapshots, but a gitsync on two VMs and an APU shows they are all working correctly. Kudos!

#27 Updated by Jim Pingle almost 4 years ago

  • Status changed from Feedback to Resolved

On the current snapshot this is fixed on every system I could reproduce the problem with before. Updated multiple VMs, an APU, and ALIX all are set for DHCPv6 and all now have a proper IPv6 default gateway active after boot finishes.

Thanks!

Also available in: Atom PDF