Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


467 posts

Ultimate Geek
+1 received by user: 141


Topic # 240043 17-Aug-2018 11:19
Send private message quote this post

I have been trying, unsuccessfully, to use IPv6 with Voyager (both DHCPv6 PD and SLAAC).

 

I am hoping someone is using the ERL or pfSense with Voyager, and can send me details of how their system is configured (WAN settings and any additional firewall rules).

 

I have followed @michaelmurfy's detailed IPv6 ERL guide, without success. I had issues with IPv6 during the Bigpipe trial, where everything worked (at least with IPoE and pfSense) up until my connection speed was changed. I have confirmed with Chorus that my ONT is not one of those affected by the IPv6 DHCPv6 PD issue, although that issue shouldn't prevent SLAAC from doing its thing.

 

Voyager supplies a Huawei router which requires only a few trivial steps to set up IPv6, but I'd rather not buy or rent another router just to confirm where the problem is occurring.


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
Meow
7786 posts

Uber Geek
+1 received by user: 3844

Moderator
Trusted
Lifetime subscriber

  Reply # 2074786 17-Aug-2018 12:04
Send private message quote this post

Have you confirmed that @VygrNetworkMonkey has enabled IPv6 on your connection?

 

I've got Voyager IPv6 running on a USG with /56 DHCPv6 and prefix delegation working. It should work no problems following my guide.







467 posts

Ultimate Geek
+1 received by user: 141


  Reply # 2074791 17-Aug-2018 12:16
Send private message quote this post

I requested IPv6 be enabled via support (XHO-292-78159) and have been sent address details.

 

I was unable to get /etc/radvd.conf populated on the ERL, even after completely removing existing IPv6 settings as per the guide.


43 posts

Geek
+1 received by user: 23

Trusted
Voyager
Lifetime subscriber

  Reply # 2074826 17-Aug-2018 12:51
One person supports this post
Send private message quote this post

Hi @SirHumphreyAppleby (Thanks for the ping @michaelmurfy),

 

 

Looking over your connection details, I can see IPv6 is configured as expected, and IPv6CP is 'opened' - which tells us it's all hunky dory on the BNG.

 

 

Info we're seeing (redacted of course!)

 

 

User-Name : rxxxxxx.lxxxxxx@ufb.vygr.net

 

Up Time : 0d 01:14:21

 

LCP State : Opened

 

IPCP State : Opened

 

IPv6CP State : Opened

 

 

IPv6 Prefix : 2406:1e00:xxxxxx::/64

 

IPv6 Del.Pfx. : 2406:1e00:xxxxxxxx::/56

 

 

Managed Routes

 

IP Address: 2406:1e00:xxxxxxxx::/56

 

Status: installed

 

 

I don't know anything about ERL or pfSense sorry - so I cant assist you on that side.




Voyager Internet - Network Monkey



467 posts

Ultimate Geek
+1 received by user: 141


  Reply # 2074880 17-Aug-2018 14:24
Send private message quote this post

Thanks @VygrNetworkMonkey for confirming things appear to be working correctly from your end.

 

I have again tried following @michaelmurfy's guide, with no apparent success. Can you see any obvious problems?

 

I did the following.

 

* Updated the firmware to version 1.10.6
* Did a factory reset (using the button, not the configuration reset option)
* Used the wizard to set up an IPv4 connection (VLAN 10, PPPoE)
* Entered the following commands (based on the guide)

 

 

configure
set interfaces ethernet eth0 vif 10 pppoe 0 ipv6 enable
edit interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd pd 0
set prefix-length /56
set interface eth1 host-address ::1
set interface eth1 prefix-id :0
set interface eth1 service slaac
top
commit

 

set protocols static interface-route6 ::/0 next-hop-interface pppoe0
commit
save

 

edit firewall ipv6-name WAN6_IN
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
top
edit firewall ipv6-name WAN6_LOCAL
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
set rule 40 action accept
set rule 40 description "allow DHCPv6 client/server"
set rule 40 destination port 546
set rule 40 source port 547
set rule 40 protocol udp
top
commit
save

 

set interfaces ethernet eth0 vif 10 pppoe 0 firewall in ipv6-name WAN6_IN
set interfaces ethernet eth0 vif 10 pppoe 0 firewall local ipv6-name WAN6_LOCAL
commit
save

 

exit
reboot

 

 

The only IPv6 address I can see is fe80::191f:893f:4613:ce2b/10, assigned to the PPPoE connection. The /etc/radvd.conf file has also not been created, which I believe will occur after the DHCPv6 PD request. For the purposes of testing, I didn't enable any offloading.


Meow
7786 posts

Uber Geek
+1 received by user: 3844

Moderator
Trusted
Lifetime subscriber

  Reply # 2074905 17-Aug-2018 14:57
One person supports this post
Send private message quote this post

That does look correct and in line with the configuration I have got.

 

Could you please send me your /config/config.boot file?





333 posts

Ultimate Geek
+1 received by user: 125

Subscriber

  Reply # 2075028 17-Aug-2018 20:40
Send private message quote this post

I've had a similar issue when I switched over the fibre. Support told me it's a most likely the same issue as is linked https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=230792

 

I switched from VDSL to Fibre this week, and IPV6 disappeared with no changes on my router (again following @michaelmurfy's guide). Hopefully this comes right with the updates from Chorus coming soon (per the thread linked). It appears to attempt to connect IPV6, but doesn't pass it through.

 

Click to see full size

 

I can pass along my config if another data point is needed.




467 posts

Ultimate Geek
+1 received by user: 141


  Reply # 2075036 17-Aug-2018 21:03
Send private message quote this post

Taubin:

 

I've had a similar issue when I switched over the fibre. Support told me it's a most likely the same issue as is linked https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=230792

 

Click to see full size

 

 

We can only hope the update fixes this issue... in addition to trying various ERL configurations, I've spent many hours (as time permits) looking at countless pfsense issues, including driver bugs, race conditions and other problems, trying to get IPv6 back again.

 

I assume you are assigning a static address on your eth1 interface? Other than that, my Dashboard display is almost identical to yours.

 

I was also informed that my issue looked like the ONT issue, but in my case the problems started when my speed was changed, not moving from *DSL to fibre, although now that I think about it, I did swap ONTs when I joined Voyager (I have two). I contacted @BMarquis (Chorus) and it appears the IPv6 issue applies only to certain ONTs, and neither of mine are that type. Apparently the problematic ones have a QR code on the front.

 

 


333 posts

Ultimate Geek
+1 received by user: 125

Subscriber

  Reply # 2075039 17-Aug-2018 21:15
One person supports this post
Send private message quote this post

I am assigning a static to my eth1, I reset the router entirely just to make sure it wasn't something weird in my original config before contacting voyager just to make sure it wasn't something goofy I had done, but there had been no changes to the router at that point.

 

I just had a glance at my ONT and it does have a QR code on it, so it seems to be one of the ones affected. I look forward to a firmware update from Chorus. So it seems my issue is most likely different to yours.


Meow
7786 posts

Uber Geek
+1 received by user: 3844

Moderator
Trusted
Lifetime subscriber

  Reply # 2075080 17-Aug-2018 23:09
Send private message quote this post

Just a tip (and same applies to you @taubin) ensure you've disabled MSS clamping and set your MTU on your interface connecting your ONT to 1508 and your PPPoE interface to 1500. Reboot after this.

I've taken a look at the OP's config and can't see anything odd. Appears he is just hit with the Chorus bug. For what it is worth it doesn't matter if your ONT has a QR code on it or not as mine isn't affected. It is instead dependant on location.

I'll take another look later on when I'm not just on my phone and grab a version of the config known to work on Voyager IPv6. It is the exact same as 2degrees anyway so my guide does work (and I've done it).




363 posts

Ultimate Geek
+1 received by user: 75


  Reply # 2075081 17-Aug-2018 23:12
One person supports this post
Send private message quote this post

When I was first trying to get IPv6 working on my ERL, I found it really useful to see all the PPPoE packets immediately after the router was plugged into the ONT and started to negotiate the connection.  You can do that by logging in to your ERL, then using sudo su to get a root prompt.  Change to a directory which is stored to RAM rather than the flash drive (I use /var/log) and use tcpdump (or my preference, install tshark and use that).  Disable all hardware offloading (so that all packets will be visible to the CPU and can be captured).  Set up tcpdump or tshark to dump all traffic on the pppoe interface to a file, plug the ERL into the ONT and see what happens.  This is the command I use for tshark:

 

tshark -tad -P -w pppoe0.pcap -i pppoe0

 

If you have ssh access set up, you can use the scp command from a PC (Windows, Linux) or winscp GUI to copy the dump file, then load it into Wireshark to analyze it.  I also found it useful to use a second root login to dump the IPv6 traffic on my WAN interface at the same time, so I could see what the ERL was sending to offer IPv6 addresses to the WAN side (eg RA packets):

 

tshark -tad -P -w eth1.pcap -i eth1 ip6




467 posts

Ultimate Geek
+1 received by user: 141


  Reply # 2075121 18-Aug-2018 08:23
Send private message quote this post

michaelmurfy: Just a tip (and same applies to you @taubin) ensure you've disabled MSS clamping and set your MTU on your interface connecting your ONT to 1508 and your PPPoE interface to 1500. Reboot after this.

 

I've tried this twice on my Voyager connection, most recently following your recommendation yesterday, and on both occasions connections became unreliable. It could be a coincidence, but that's something to look in to next week. Back to pfSense for the weekend to appease the family, since the ERL is missing a chunk of necessary configuration after the reset.

 

 

Appears he is just hit with the Chorus bug. For what it is worth it doesn't matter if your ONT has a QR code on it or not as mine isn't affected. It is instead dependant on location.

 

 

Hopefully! I can't say I'm at all impressed with an at least six month (as planned) delay diagnosing and fixing the issue, keeping ISPs and users in the dark about what is happening. I've wasted many hours on this issue, reading, posting, switching routers and configuring. Then there is your time for which I am most grateful (this applies to everyone, but especially michaelmurfy), and helpdesk time - Voyager has been very thorough with their support. It has also cost me a bit of cash switching ISPs, but at least I didn't invest in new hardware, which I would have if I'd not previously had IPv6 working here.


333 posts

Ultimate Geek
+1 received by user: 125

Subscriber

  Reply # 2075136 18-Aug-2018 08:46
Send private message quote this post

SirHumphreyAppleby:

 

I've tried this twice on my Voyager connection, most recently following your recommendation yesterday, and on both occasions connections became unreliable.

 

 

The same thing is happening with mine. It's even worse when I disable mss clamping, it makes it even less reliable.


3006 posts

Uber Geek
+1 received by user: 1153

Subscriber

  Reply # 2075620 19-Aug-2018 10:48
Send private message quote this post

Taubin:

SirHumphreyAppleby:


I've tried this twice on my Voyager connection, most recently following your recommendation yesterday, and on both occasions connections became unreliable.



The same thing is happening with mine. It's even worse when I disable mss clamping, it makes it even less reliable.



Check your firewall settings. It might be blocking ICMP packet too large notification packets.





333 posts

Ultimate Geek
+1 received by user: 125

Subscriber

  Reply # 2075710 19-Aug-2018 12:14
Send private message quote this post

I'll have a look at my firewall settings tomorrow when I have a chance, thanks for the heads up!

 

Strangely, IPV6 is working on my system today. We had a power outage last night for about 10 minutes and when it came up, everything worked fine over IPV6. No changes on my end, so it may have been working and just not routing properly before, with the PCs needing another reboot or something. Strange but I'm not going to knock it.




467 posts

Ultimate Geek
+1 received by user: 141


  Reply # 2075726 19-Aug-2018 13:06
Send private message quote this post

Aredwood:Check your firewall settings. It might be blocking ICMP packet too large notification packets.

 

I'm not sure how the system detects if large MTU (RFC4638) support is available on the WAN, but the documentation for pfSense indicates it falls back to a lower value if not supported.

 

Setting the MTU to 1500 for PPPoE correctly bumps the values up to 1508 for the Ethernet and VLAN interfaces (em driver), but the MTU remains fixed at 1492, suggesting there isn't end-to-end support. If that's the case, that may explain why the ERL misbehaves.

 

@Taubin... I'd not risk rebooting, just in case. Back in the early days with Bigpipe, I did once in a while get an address via PPPoE (this is why I was looking in to issues such as race conditions and the order interfaces were brought up in pfSense). I didn't get 'reliable' IPv6 until I switched to IPoE, and then suddenly, it was gone.


 1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.