I'm having trouble getting an IPv6 gateway address from Rogers on my pfsense SG-1100 from a CODA-4582U, even though it's picking up an address from a parallel DSL connection (in Dual WAN) just fine.
I've read every thread I could find:
And they all have pretty consistent advice, which reduces to the following:
In WAN Interface menu:
Use IPv4 connectivity as parent interface: yes
Request only a IPv6 prefix: no
DHCPv6 Prefix Delegation Size: 64
Send IPv6 prefix hint: yes
In LAN Interface menu:
IPv6 Configuration Type: track interface
IPv6 Interface: WAN
IPv6 Prefix ID: 0
But that doesn't seem to be working for me.
I am getting an IPv6 error message in the logs (radvd: sendmsg: Permission denied), but I think that's more related to the LAN IPv6 DHCP.
Anyone have any suggestions?
I called Rogers and had tech support tell me "I've never had that question before...", so maybe we've got some more horsepower on here.
@VoIPCanuck you've probably read thru this post in your travels thru the forum:
There is also a PfSense thread started by @JKnott for Rogers IPv6 users. Have a look at that to see if you can find the answers that you're looking for:
Hopefully @JKnott will see the tags and provide some assistance.
Ya, I had included those links in my post.
The strange thing is that I've got a DSL IPv6 connection configured alongside the Rogers Cable WAN connection.
The DSL connection worked brilliantly and almost instantly, so I've now got end-to-end IPv6 working fine on the router.
But I've tried pretty much every variation for the Rogers WAN side and can't get an IPv6 address from the network.
Kinda at a dead end unless anyone's got any brilliant debugging ideas that I might not have tried.
I'm gonna play with 'debugging' mode on the interface and see if I can get any useful errors, particularly with the DHCPv6 process.
No I haven't, based on the assumption that, while there are a crapload of issues I will have to deal with from the Dual WAN, the interface should be able to get an IP address regardless of whatever else is going on.
It feels like a longshot, but I'll try it, with a modem reboot.
Also.. I tried the DHCPv6 debugging interface and got the following.
So, in its current confirmation, the router appears to believe that it's not getting any responses.
|May 30 16:07:40||dhcp6c||98763||no responses were received|
|May 30 16:07:10||dhcp6c||98763||Sending Request|
Just for test purposes, try this:
1. Kick the modem back into Gateway mode. Log into the modem using 188.8.131.52 and reenable the Residential Gateway Function which is located in the BASIC .... BASIC SETTINGS .... GATEWAY FUNCTION tab. Ensure that the Router mode is selected to "Dual" as well.
2. When the modem has rebooted after the settings were saved, log back into the modem using either 192.168.0.1 or 192.168.100.1 and have a look at the STATUS tab which is automatically shown after logging into the modem. Look at the upper right hand corner data block, which is the modem's WAN address. You should see two addresses there, an IPV4 address and IPV6 address.
If you see both addresses, specifically the IPV6 address, that tells you that the CMTS is assigning IPV6 addresses to its connected modems and routers. If thats the case, the problem is most likely on your end. If the IPV6 address is missing, that tells you that the CMTS is not configured properly. You would have to chat with a Level II tech regarding the missing IPV6 capability. Level I techs can't help and will no doubt give you some static about talking with a Level II tech. Simple question to ask the Level I tech "Can you fix the CMTS?" If not, then transfer me to a Level II tech. Even then, it possible that the Level II tech can only take note of the problem and pass it along to the network engineering staff or the Network Operations Center.
If thats where you end up, with no IPV6 address present, it will probably take a day to resolve the issue. Usually when this happens there is a configuration problem with the CMTS.
When that's all done, you can kick the modem back into Bridge mode and carry one, with the assumption that this will be resolved in the next 24 hours.
Edit: Note that I'm assuming that you have one of the black CGN3xxxx or white CODA-4582 modems. All of those are Hitron modems and basically have the same or very similar user interface. If you have Ignite TV, then you have a Comcast XB6 which is an Arris TG3482 or a Technicolor CGM-4140 (?) modem. The number might be a little off for the Technicolor modem. In those cases, the user interface is definitely not related to the Hitron user interface.
Well, good news!
I can't put my finger on exactly what changed, but, as you suggested, I completely disabled the DSL connection and kept tweaking the Cable configuration and testing/rebooting the router and modem in a Single WAN connection... and it started working!
It's now working on pretty much the standard recommended options (Prefix Hint/56 subnet/Send IP address, not just prefix).. but one question, the IPv6 gateway doesn't appear to respond to ICMP for monitoring purposes.
Is that normal?
It looks like Multi-WAN IPv6 will be a tough sell, but being able to monitor the IPv6 connectivity is a necessary first step.
Ok, there's a couple of points here:
1. When you're in single WAN configuration with the modem, run an IPV6 test at IPV6-test.com just to see how this is working so far. You should end up with 19/20 when IPV6 is working correctly. The missing element is the IPV6 Hostname which Rogers doesn't supply. If this doesn't end up with 19/20 see point 3 below.
2. Along the same idea, in terms of IPV6 testing, run an IPV6 trace to somewhere, google for example:
tracert -6 www.google.com
That trace should run to completion at www.google.com If it does, that will ensure that the IPV6 path beyond the CMTS, all the way to the end target is working. As each server in that path is a separate server unto itself, each server has its own configuration and its possible for any server along that path to have some configuration issue that prevents any IPV6 traffic from transiting beyond it. If so, the last server which supplies its IP address has a configuration problem that the network engineering staff or NOC would have to resolve. After that last identified server, you would see nothing but timeouts.
3. Lastly, in the windows firewall you will have to add a rule to allow IPV6 ICMP traffic. This isn't the antivirus firewall here, its the windows firewall. Here's a reference to a Microsoft page to do that. Its been a while but this should do the job;
When that rule has been created, reboot the pc.
Don't worry, I've been using most of those for the IPv6 testing.
I've even managed to reproduce the problem I was having (i.e. not getting a DHCPv6 response from Rogers... it does now appear that the second WAN was somehow interfering with the Rogers configuration), so I'm going to be following up with the pfsense community to see what they say and I'll post that thread here.
I used tracert -6 to get the first IPv6 hop for setting as the network monitor, and that's been working great as it's been responding to ICMP queries from the router.
The IPv6 test gets 17/20, and it seems to just be complaining about the lack of ICMP response, which I was fine with until I just noticed that that's a problem for some HTML... so I'll make the adjustments you mentioned.