12.0 install -- IPv6 sanity check needed

johnblue

Well-Known Member

Reaction score: 41
Messages: 321

Need a second set of troubleshooting eyes here because I am clearly missing something here.

:D

(although it feels like it should not be this hard)

I have a test 12.0 install running on a VMWare server that only has an fe80 IPv6 address. rc.conf has:

Code:
ifconfig_em0_ipv6="inet6 accept_rtadv"
++ random data points ++
When I run tcpdump with ip6 I can see "neighbor solicitation" and "router advertisement" traffic that is not coming from me.
A firewall is not enabled.
This is a clean, base install ... have not cp down ports or installed any packages .. etc.
IPv4 DHCP works and it gets a GUID assignment.
If I spin up a windows 7 vm on the same host is will get a non fe80 IPv6 assignment. 2001:579:ff01:something

Thoughts?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,083
Messages: 31,692

You need to have a router that provides SLAAC. Windows uses both SLAAC and DHCPv6 if I'm not mistaken. A default FreeBSD only does SLAAC. You can use net/isc-dhcp44-client to do DHCPv6 on FreeBSD.
 
OP
OP
johnblue

johnblue

Well-Known Member

Reaction score: 41
Messages: 321

usdmatt: yes sir, I added it to the conf file on the vm. Copy n paste error into the forum on my part. Thanks for catching that!
VladiBG: Thanks for the URL. I did read it top to bottom before posting but still a BSD IPv6 newbie here.

SirDice said:
A default FreeBSD only does SLAAC.
I guess I suspected as much. It makes sense that if the two lines enable the reception of router advertisement messages and a router solicitation daemon that it would imply SLAAC.

It would be nice if the handbook explicitly stated the default install is SLAAC only.

Thanks for the help.
 
OP
OP
johnblue

johnblue

Well-Known Member

Reaction score: 41
Messages: 321

So in digging around I saw net/dual-dhclient created by cperciva. It's Makefile said that it depends on net/isc-dhcp44-client .. which is cool. I like that.

;)

So based upon what I read here:

https://subatomicsolutions.org/8-freebsd/13-ipv4-and-ipv6-address-via-dhcp-on-a-dual-stack-network

my /etc/rc.conf looks like this:
Code:
ifconfig_em0="DHCP"   #ipv4
ifconfig_em0="inet6 DHCP"   #ipv6
ifconfig_em1="DHCP"
dhclient_program="/usr/local/sbin/dual-dhclient"
But yet em0 will not get an IPv6 address:
Code:
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=81009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
        ether 00:0c:29:ba:a7:4c
        inet 7.2.7.7 netmask 0xffffff00 broadcast 7.2.7.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
I feel like I have one arm tied behind my back because of this being a virtual machine. I need to figure out how I can mirror a virtual port so I see what is on the wire and I need to find where DHCP status (if any) is being logged at.
 
OP
OP
johnblue

johnblue

Well-Known Member

Reaction score: 41
Messages: 321

In using the ISC dhcp-4.4.1 client complied from ports the OS is able to get v4 leases without issue. However, when comment out the DHCP lines in /etc/rc.conf and manually issue a request for a v6 lease it fails with “Advertised lease scored 0, toss it" which is turning out to be an obscure error.

Code:
#/usr/local/sbin/dhclient -v -6 em0

Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on Socket/em0
Sending on   Socket/em0
PRC: Previous lease is devoid of active addresses.
PRC: Soliciting for leases (INIT).

XMT: Forming Solicit, 0 ms elapsed.
XMT:  X-- IA_NA 29:ba:a7:4c
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on em0, interval 1010ms.

RCV: Advertise message on em0 from fe80::e22f:6dff:fe6d:28d9.
RCV:  X-- IA_NA 29:ba:a7:4c
RCV:  | X-- starts 1546274446
RCV:  | X-- t1 - renew  +43200
RCV:  | X-- t2 - rebind +69120
RCV:  | X-- [Options]
RCV:  | | X-- IAADDR 2001:579:ff01:100:ca3:953c:2911:f8d4
RCV:  | | | X-- Preferred lifetime 86400.
RCV:  | | | X-- Max lifetime 86400.
RCV:  X-- Server ID: 00:01:00:01:55:d4:55:14:f8:bc:12:3d:6c:a8
RCV:Advertised lease scored 0, toss it.
My ISP is Cox and when I called they said that from where they sit that the lease has been issued and is ready to be used.
I don’t understand why the client is refusing to use it.
 

Sebastian

Member

Reaction score: 4
Messages: 61

The output of your ifconfig looks wrong.

Mine looks like this.

Code:
ix0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=a400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
        ether ac:1f:6b:15:a1:38
        hwaddr ac:1f:6b:15:a1:38
        inet 192.168.10.100 netmask 0xffffff00 broadcast 192.168.10.255
        inet6 fe80::ae1f:6bff:fe15:a138%ix0 prefixlen 64 scopeid 0x1
        inet6 XXXXXXX prefixlen 64 autoconf
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex,rxpause,txpause>)
        status: active

->>>> ACCEPT_RTADV have to be there.

Code:
# My rc.conf for IPv6
# IPv6·

ifconfig_ix0_ipv6="inet6 accept_rtadv"
rtsold_enable="YES"
 
OP
OP
johnblue

johnblue

Well-Known Member

Reaction score: 41
Messages: 321

Sebastian said:
The output of your ifconfig looks wrong.
Agreed, but for different reasons.

I did not catch it at the time but having "IFDISABLED" in nd6 of the interface is no bueno.

:D

Looks like the /etc/rc.conf statement needed to be ifconfig_em0_ipv6="inet6 DHCP". I do not know how the subatomic website was able to get it to work for them but dual_dhclient may be a factor and I have since abandoned using it in favor of manual commands.

In my ISC DHCP client testing thus far, it makes do difference if "ACCEPT_RTADV" is enabled or not as the result is the same:
Code:
# ifconfig em0
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=81009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
        ether 00:0c:29:ba:a7:4c
        inet6 fe80::20c:29ff:feba:a74c%em0 prefixlen 64 scopeid 0x1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

# /usr/local/sbin/dhclient -v -6 em0
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit [URL]https://www.isc.org/software/dhcp/[/URL]

Listening on Socket/em0
Sending on   Socket/em0
PRC: Soliciting for leases (INIT).
XMT: Forming Solicit, 0 ms elapsed.
XMT:  X-- IA_NA 29:ba:a7:4c
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on em0, interval 1070ms.
RCV: Advertise message on em0 from fe80::e22f:6dff:fe6d:28d9.
RCV:  X-- IA_NA 29:ba:a7:4c
RCV:  | X-- starts 1546559275
RCV:  | X-- t1 - renew  +43200
RCV:  | X-- t2 - rebind +69120
RCV:  | X-- [Options]
RCV:  | | X-- IAADDR 2001:579:ff01:100:28d3:7d19:b1c2:def6
RCV:  | | | X-- Preferred lifetime 86400.
RCV:  | | | X-- Max lifetime 86400.
RCV:  X-- Server ID: 00:01:00:01:55:d4:55:14:f8:bc:12:3d:6c:a8
RCV:Advertised lease scored 0, toss it.
This would be because the RA's that I am seeing have the M and O bit set indicating that SLAAC is not supported:

1546560023331.png


And again, a DHCPv6 lease is being offered but my client is tossing it. Still trying to figure that one out.

*sigh*
 
Last edited by a moderator:

Sebastian

Member

Reaction score: 4
Messages: 61

Please make a screenshot of the hole RA .

Mine for reference.

SLAAC works fine me.

Are you managing the router who is sending the RA's ?

For me it seems my router sending another flag 0x40, yours sending 0xc0 .

Bildschirmfoto 2019-01-04 um 21.34.26.png



Code:
CASES :

M = 0, O = 0  : Client uses RA to get non-link-local address and other settings. Even DHCPv6 server exists, client ignores it.
 
 
M = 1, O = 0  : Client uses DHCPv6 for both address and other configuration settings. This combination is known as DHCPv6 stateful, in which
M = 1, O = 1                   
                     DHCPv6 is assigning stateful address to client. If RA includes
                     network prefix, client also gets stateless address.
 
M = 0, O = 1  : Client gets stateless address from RA. DHCPv6 only assign other configuration settings to client. This combination is known as DHCPv6 stateless.
As you can see your setting is M = 1 , O = 1 . If you're under control of the router try to set it to M = 0 , O = 1 .
 
OP
OP
johnblue

johnblue

Well-Known Member

Reaction score: 41
Messages: 321

Please make a screenshot of the [w]hole RA .
Frame 70: 86 bytes on wire (688 bits), 86 bytes captured (688 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Jan 4, 2019 13:29:14.153768000 Central Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1546630154.153768000 seconds
[Time delta from previous captured frame: 0.237828000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 96.920545000 seconds]
Frame Number: 70
Frame Length: 86 bytes (688 bits)
Capture Length: 86 bytes (688 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ipv6:icmpv6]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: Cisco_6d:28:d9 (e0:2f:6d:6d:28:d9), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Destination: IPv6mcast_01 (33:33:00:00:00:01)
Address: IPv6mcast_01 (33:33:00:00:00:01)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: Cisco_6d:28:d9 (e0:2f:6d:6d:28:d9)
Address: Cisco_6d:28:d9 (e0:2f:6d:6d:28:d9)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: fe80::e22f:6dff:fe6d:28d9, Dst: ff02::1
0110 .... = Version: 6
.... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
.... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
.... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
.... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
Payload Length: 32
Next Header: ICMPv6 (58)
Hop Limit: 255
Source: fe80::e22f:6dff:fe6d:28d9
Destination: ff02::1
[Source SA MAC: Cisco_6d:28:d9 (e0:2f:6d:6d:28:d9)]
Internet Control Message Protocol v6
Type: Router Advertisement (134)
Code: 0
Checksum: 0x4bd6 [correct]
[Checksum Status: Good]
Cur hop limit: 64
Flags: 0xc0, Managed address configuration, Other configuration, Prf (Default Router Preference): Medium
1... .... = Managed address configuration: Set
.1.. .... = Other configuration: Set
..0. .... = Home Agent: Not set
...0 0... = Prf (Default Router Preference): Medium (0)
.... .0.. = Proxy: Not set
.... ..0. = Reserved: 0
Router lifetime (s): 1800
Reachable time (ms): 3600000
Retrans timer (ms): 0
ICMPv6 Option (Source link-layer address : e0:2f:6d:6d:28:d9)
Type: Source link-layer address (1)
Length: 1 (8 bytes)
Link-layer address: Cisco_6d:28:d9 (e0:2f:6d:6d:28:d9)
ICMPv6 Option (MTU : 1500)
Type: MTU (5)
Length: 1 (8 bytes)
Reserved
MTU: 1500


ISP controls the router.

Thanks for taking the time to slog this out with me! Its been an interesting journey thus far.

:D
 
OP
OP
johnblue

johnblue

Well-Known Member

Reaction score: 41
Messages: 321

So with a single entry in /etc/rc.conf of:
Code:
ifconfig_em0="inet6 -ifdisabled"
the solution to getting command line stateful DHCPv6 to work was to include "-cf /dev/null":

/usr/local/sbin/dhclient -v -6 -cf /dev/null em0

In performing the postmortem I have not been very successful. I am having a hard time figuring out why /dev/null makes it work whereas without it it fails.

Thoughts?
 
Top