Bug #3670
closedIPv6 DHCP-PD over PPPoE non functional + radvd core dump + solution
0%
Description
So i've been working through this for a couple of evenings now and have a working, reliable configuration requiring a number of patches.
Version pfSense 2.1.3-RELEASE.
My ISP (Internode) offers the following IPv6 configuration:
Here's what you get when your connection is set up for IPv6: Your existing IPv4 address (if static) and any existing framed route(s). A dual-stack IPv4/IPv6 PPP session. A dynamic /64 IPv6 prefix for your PPP session. A static /56 IPv6 prefix for your LAN (if you are using a router with Prefix Delegation).
pfSense Configuration:
-- WAN --
IPv4 Configuration Type: PPPoE
IPv6 Configuration Type: DHCP6
Use IPv4 connectivity as parent interface: Yes
Request only a IPv6 prefix: No
DHCPv6 Prefix Delegation size: 56
Send IPv6 prefix hint: No
-- LAN --
IPv4 Configuration Type: Static IPv4
IPv6 Configuration Type: Track Interface
Track...IPv6 Interface: WAN
Problem 1: Incorrect identification of WAN IPv6 interface
The get_interface_ipv6 function in /etc/inc/interfaces.php incorrectly identifies the WAN interface as the physical hardware interface (re0 in my case) rather than the pppoe0 interface.
As a result, no global IPv6 address can be found (empty $ifcfgipv6) while an incorrect /var/etc/radvd.conf file is generated (among other things like the global WAN IPv6 address not being displayed in the GUI even though ifconfig pppoe0 shows one - see this bug https://redmine.pfsense.org/issues/3556).
Solution 1: $realif should equal pppoe0 rather than re0
[2.1.3-RELEASE][root@pfsense]/etc/inc: diff interfaces.inc.pfsense interfaces.inc 4526c4526 < $realif = get_real_interface($interface, "inet6", true); --- > $realif = get_real_interface($interface, "inet6", false);
You should now see a global IPv6 address under the WAN interface in GUI Dashboard.
Note: the above patch might be incorrect for other configurations.
Problem 2: dhcp6c configuration
Including (empty?) stateful (ia-na) DHCP6 configuration interferes with PD (ia-pd) and may be the cause of multiple dhcp6c processes (or could be related to this?: https://redmine.pfsense.org/projects/pfsense/repository/revisions/9b6010ffc526f4106bc423c8cd8fff12b9ad4cee)
Solution 2: Remove stateful configuration (for now)
[2.1.3-RELEASE][root@pfsense]/etc/inc: diff interfaces.inc.pfsense interfaces.inc 3501,3502d3500 < if(!isset($wancfg['dhcp6prefixonly'])) < $dhcp6cconf .= " send ia-na 0; # request stateful address\n"; 3512,3514d3509 < if(!isset($wancfg['dhcp6prefixonly'])) < $dhcp6cconf .= "id-assoc na 0 { };\n";
Problem 3: radvd configuration
Definately one, potentially two configuration parameters cause PD to fail; AdvOtherConfigFlag on prevents auto-configuration of non-address information (DNS, default route?) while AdvRouterAddr on sends interface address instead of network prefix.
Solution 3: Remove these bad boys for a PD config
[2.1.3-RELEASE][root@pfsense]/etc/inc: diff services.inc.pfsense services.inc 253d252 < $radvdconf .= "\tAdvOtherConfigFlag on;\n"; 257d255 < $radvdconf .= "\t\tAdvRouterAddr on;\n";
After applying the above i've had a solid IPv6 connection that survives "pfSense package system has detected an ip change" and reliably deligates my IPv6 prefix to LAN.
Updated by Nic Hannekum over 10 years ago
Further note:
During the course of debugging this issue I also came across bug https://redmine.pfsense.org/issues/3286 and the above fixes this.
Updated by Phillip Davis over 10 years ago
@Nicolas - in addition to reporting the bug/s here, you can make edits and submit your own pull requests online at https://github.com/pfsense/pfsense - that makes it very easy for the devs to review and commit the fixes you have found.
Updated by Nic Hannekum over 10 years ago
No worries Phillip - will do. Just setting up a proper dev environment. Any recommendations? I'm on a Mac and would ideally like to run git on pfsense box with text editor on mac directly editing pfsense files (over NFS i guess).
Updated by Phillip Davis over 10 years ago
I only do simple things that do not effect many files at once, so I haven't bothered with a whole development environment. For simple bugfixes, I work on the test system itself, use Diagnostics->Edit, copy/paste to back and firth to Notepad, when I get it right I copy/paste into the GitHub online editor and do a pull request.
If you are going to do more involved stuff, then I suggest you ask in the development section of the forum for ideas about the "best" development setup.
Updated by Ermal Luçi over 10 years ago
You are sure that you have not selected the wrong options in the interface configuration page on the GUI for this?
Updated by Nic Hannekum over 10 years ago
Ermal Luçi wrote:
You are sure that you have not selected the wrong options in the interface configuration page on the GUI for this?
Which wrong options are you referring to?
It quickly became obvious that something was not right when the WAN interface did not display the global IPv6 address (via GUI) while an `ifconfig pppoe0` did. This is what the first patch fixes - rather than look for the global IPv6 on the physical hardware interface (in my case re0) which does not have one, look for it on the pppoe0 interface.
Without the second patch, the dhcp6c client continually requests stateful configuration which is not offered by my ISP and quickly fills system.log with 'dhcp6c[xxxx]: update_ia: status code for NA-0: no addresses'.
The third patch does as originally explained.
I should also mention that the GUI option 'Only request a IPv6 prefix, do not request a IPv6 address' does not work, which I believe requires a dhcp6c configuration that uses the 'information-only' directive which currently doesn't exist (with obviously no ia-pd, ia-na statements or configuration). The dhcp6c client would then NOT configure the pppoe0 interface with a global IPv6 but 'information-only' will still advise what delegated prefix to use in radvd.conf for any interfaces tracking WAN.
Updated by Josh Cavalier over 10 years ago
I have access to an Internode connection and can confirm Nic's findings.
The system is 2.1.3-RELEASE and I have applied changes for problems 1, 2 and 3 and can confirm that IPv6 now works.
I could never get IPv6 to work properly previously.
The ISP now allocates a /64 to pppoe0, and with 'track changes' on LAN side interfaces, they obtain an /56 from the prefix allocated by Internode.
With some correct IPv6 rules in place everything works a treat.
I'm happy to help out and do any testing if anyone needs.
Updated by Furen Xiao about 10 years ago
I can confirm that at least the first problem also exists in 2.2-BETA.
In shell, ifconfig gives me:
pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492 inet6 fe80::a236:9fff:fea1:438%pppoe0 prefixlen 64 scopeid 0xb inet6 2001:b010:1080:4800:a236:9fff:fea1:438 prefixlen 64 autoconf inet 1.162.95.24 --> 168.95.98.254 netmask 0xffffffff nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
But in webUI, I got only IPv4 address.
Updated by Dmitriy K about 10 years ago
I believe this bug should be targeted against 2.2
Updated by Jörg Schneider over 9 years ago
I have a IPv6 configuration like the one described by Nic, but with a different ISP (Deutsche Telekom). My systems runs 2.1.5-RELEASE.
I didn't run into problems 2 and 3, but "Problem 1: Incorrect identification of WAN IPv6 interface" affects me as well.
I also noticed the missing display of the IPv6 address in the GUI on the WAN interface.
More seriously I found that /etc/rc.newwanipv6 bails out with the following error:
rc.newwanipv6: Failed to update WAN[wan] IPv6, restarting...
This is, because "$curwanipv6 = get_interface_ipv6($interface, true);" returns no IPv6 address.
This has the affect (among others) that no default route is set for IPv6.
"Solution 1" above solves the issues and gives a working IPv6 configuration.
Updated by Jörg Schneider over 9 years ago
Ermal Luçi wrote:
Can you confirm that dhcpv6 is running on top of pppoe?
In my setup (see the update 11]) I can confirm that dhcpv6 runs on top of pppoe.
Updated by Kill Bill over 9 years ago
Got tired of this nonsense.
https://github.com/pfsense/pfsense/pull/1886/ - master
https://github.com/pfsense/pfsense/pull/1887 - RELENG_2_2
Broken initial commit (never changed since then): https://github.com/pfsense/pfsense/commit/420aa48b98d94e33336f72cd2f5abc8760431089
Updated by Chris Buechler over 9 years ago
- Status changed from New to Feedback
- Target version set to 2.2.5
merged, thanks! Leaving for feedback
Updated by Chris Buechler about 9 years ago
- Status changed from Feedback to Resolved
- Affected Version changed from 2.1-IPv6 to All
Thanks doktornotor. fixed
Updated by Jim Thompson about 9 years ago
- Assignee set to Chris Buechler
even though Resolved, the lack of assignee drives my OCD over the edge.