# 12.0 install -- IPv6 sanity check needed



## johnblue (Dec 27, 2018)

Need a second set of troubleshooting eyes here because I am clearly missing something here.



(although it feels like it should not be this hard)

I have a test 12.0 install running on a VMWare server that only has an fe80 IPv6 address.  rc.conf has:


```
ifconfig_em0_ipv6="inet6 accept_rtadv"
```

++ random data points ++
When I run tcpdump with ip6 I can see "neighbor solicitation" and "router advertisement" traffic that is not coming from me.
A firewall is not enabled.
This is a clean, base install ... have not cp down ports or installed any packages .. etc.
IPv4 DHCP works and it gets a GUID assignment.
If I spin up a windows 7 vm on the same host is will get a non fe80 IPv6 assignment.  2001:579:ff01:something

Thoughts?


----------



## johnblue (Dec 27, 2018)

So the windows 7 vm is getting a legit IPv6 GUID:

https://whois.arin.net/rest/net/NET6-2001-578-1/


----------



## usdmatt (Dec 27, 2018)

Have you got rtsold enabled as mentioned in the handbook?


----------



## VladiBG (Dec 27, 2018)

https://www.freebsd.org/doc/handbook/network-ipv6.html


----------



## SirDice (Dec 27, 2018)

You need to have a router that provides SLAAC. Windows uses both SLAAC and DHCPv6 if I'm not mistaken. A default FreeBSD only does SLAAC. You can use net/isc-dhcp44-client to do DHCPv6 on FreeBSD.


----------



## johnblue (Dec 27, 2018)

usdmatt:  yes sir, I added it to the conf file on the vm.  Copy n paste error into the forum on my part.  Thanks for catching that!
VladiBG:  Thanks for the URL.  I did read it top to bottom before posting but still a BSD IPv6 newbie here.



			
				SirDice said:
			
		

> A default FreeBSD only does SLAAC.


I guess I suspected as much.  It makes sense that if the two lines enable the reception of router advertisement messages and a router solicitation daemon that it would imply SLAAC.

It would be nice if the handbook explicitly stated the default install is SLAAC only.

Thanks for the help.


----------



## johnblue (Dec 27, 2018)

So in digging around I saw net/dual-dhclient created by cperciva.  It's Makefile said that it depends on net/isc-dhcp44-client .. which is cool.  I like that.



So based upon what I read here:

https://subatomicsolutions.org/8-freebsd/13-ipv4-and-ipv6-address-via-dhcp-on-a-dual-stack-network

my /etc/rc.conf looks like this:
	
	



```
ifconfig_em0="DHCP"   #ipv4
ifconfig_em0="inet6 DHCP"   #ipv6
ifconfig_em1="DHCP"
dhclient_program="/usr/local/sbin/dual-dhclient"
```

But yet em0 will not get an IPv6 address:
	
	



```
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=81009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
        ether 00:0c:29:ba:a7:4c
        inet 7.2.7.7 netmask 0xffffff00 broadcast 7.2.7.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
```

I feel like I have one arm tied behind my back because of this being a virtual machine.  I need to figure out how I can mirror a virtual port so I see what is on the wire and I need to find where DHCP status (if any) is being logged at.


----------



## johnblue (Jan 2, 2019)

In using the ISC dhcp-4.4.1 client complied from ports the OS is able to get v4 leases without issue.  However, when comment out the DHCP lines in /etc/rc.conf and manually issue a request for a v6 lease it fails with “Advertised lease scored 0, toss it" which is turning out to be an obscure error.


```
#/usr/local/sbin/dhclient -v -6 em0

Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on Socket/em0
Sending on   Socket/em0
PRC: Previous lease is devoid of active addresses.
PRC: Soliciting for leases (INIT).

XMT: Forming Solicit, 0 ms elapsed.
XMT:  X-- IA_NA 29:ba:a7:4c
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on em0, interval 1010ms.

RCV: Advertise message on em0 from fe80::e22f:6dff:fe6d:28d9.
RCV:  X-- IA_NA 29:ba:a7:4c
RCV:  | X-- starts 1546274446
RCV:  | X-- t1 - renew  +43200
RCV:  | X-- t2 - rebind +69120
RCV:  | X-- [Options]
RCV:  | | X-- IAADDR 2001:579:ff01:100:ca3:953c:2911:f8d4
RCV:  | | | X-- Preferred lifetime 86400.
RCV:  | | | X-- Max lifetime 86400.
RCV:  X-- Server ID: 00:01:00:01:55:d4:55:14:f8:bc:12:3d:6c:a8
RCV:Advertised lease scored 0, toss it.
```

My ISP is Cox and when I called they said that from where they sit that the lease has been issued and is ready to be used.
I don’t understand why the client is refusing to use it.


----------



## Sebastian (Jan 2, 2019)

The output of your ifconfig looks wrong. 

Mine looks like this. 


```
ix0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=a400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
        ether ac:1f:6b:15:a1:38
        hwaddr ac:1f:6b:15:a1:38
        inet 192.168.10.100 netmask 0xffffff00 broadcast 192.168.10.255
        inet6 fe80::ae1f:6bff:fe15:a138%ix0 prefixlen 64 scopeid 0x1
        inet6 XXXXXXX prefixlen 64 autoconf
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex,rxpause,txpause>)
        status: active
```


->>>> ACCEPT_RTADV have to be there. 


```
# My rc.conf for IPv6
# IPv6·

ifconfig_ix0_ipv6="inet6 accept_rtadv"
rtsold_enable="YES"
```


----------



## johnblue (Jan 4, 2019)

Sebastian said:
			
		

> The output of your ifconfig looks wrong.


Agreed, but for different reasons.

I did not catch it at the time but having "IFDISABLED" in nd6 of the interface is no bueno.



Looks like the /etc/rc.conf statement needed to be `ifconfig_em0_ipv6="inet6 DHCP"`.  I do not know how the subatomic website was able to get it to work for them but dual_dhclient may be a factor and I have since abandoned using it in favor of manual commands.

In my ISC DHCP client testing thus far, it makes do difference if "ACCEPT_RTADV" is enabled or not as the result is the same:
	
	



```
# ifconfig em0
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=81009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
        ether 00:0c:29:ba:a7:4c
        inet6 fe80::20c:29ff:feba:a74c%em0 prefixlen 64 scopeid 0x1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

# /usr/local/sbin/dhclient -v -6 em0
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit [URL]https://www.isc.org/software/dhcp/[/URL]

Listening on Socket/em0
Sending on   Socket/em0
PRC: Soliciting for leases (INIT).
XMT: Forming Solicit, 0 ms elapsed.
XMT:  X-- IA_NA 29:ba:a7:4c
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on em0, interval 1070ms.
RCV: Advertise message on em0 from fe80::e22f:6dff:fe6d:28d9.
RCV:  X-- IA_NA 29:ba:a7:4c
RCV:  | X-- starts 1546559275
RCV:  | X-- t1 - renew  +43200
RCV:  | X-- t2 - rebind +69120
RCV:  | X-- [Options]
RCV:  | | X-- IAADDR 2001:579:ff01:100:28d3:7d19:b1c2:def6
RCV:  | | | X-- Preferred lifetime 86400.
RCV:  | | | X-- Max lifetime 86400.
RCV:  X-- Server ID: 00:01:00:01:55:d4:55:14:f8:bc:12:3d:6c:a8
RCV:Advertised lease scored 0, toss it.
```

This would be because the RA's that I am seeing have the M and O bit set indicating that SLAAC is not supported:






And again, a DHCPv6 lease is being offered but my client is tossing it.  Still trying to figure that one out.

*sigh*


----------



## Sebastian (Jan 4, 2019)

Please make a screenshot of the hole RA .

Mine for reference.

SLAAC works fine me.

Are you managing the router who is sending the RA's ?

For me it seems my router sending another flag 0x40, yours sending 0xc0 .







```
CASES :

M = 0, O = 0  : Client uses RA to get non-link-local address and other settings. Even DHCPv6 server exists, client ignores it.
 
 
M = 1, O = 0  : Client uses DHCPv6 for both address and other configuration settings. This combination is known as DHCPv6 stateful, in which
M = 1, O = 1                   
                     DHCPv6 is assigning stateful address to client. If RA includes
                     network prefix, client also gets stateless address.
 
M = 0, O = 1  : Client gets stateless address from RA. DHCPv6 only assign other configuration settings to client. This combination is known as DHCPv6 stateless.
```

As you can see your setting is  M = 1 , O = 1 . If you're under control of the router try to set it to M = 0 , O = 1 .


----------



## johnblue (Jan 4, 2019)

Sebastian said:


> Please make a screenshot of the [w]hole RA .


Frame 70: 86 bytes on wire (688 bits), 86 bytes captured (688 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: Jan  4, 2019 13:29:14.153768000 Central Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1546630154.153768000 seconds
    [Time delta from previous captured frame: 0.237828000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 96.920545000 seconds]
    Frame Number: 70
    Frame Length: 86 bytes (688 bits)
    Capture Length: 86 bytes (688 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ipv6:icmpv6]
    [Coloring Rule Name: ICMP]
    [Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: Cisco_6d:28:d9 (e0:2f:6d:6d:28:d9), Dst: IPv6mcast_01 (33:33:00:00:00:01)
    Destination: IPv6mcast_01 (33:33:00:00:00:01)
        Address: IPv6mcast_01 (33:33:00:00:00:01)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    Source: Cisco_6d:28:d9 (e0:2f:6d:6d:28:d9)
        Address: Cisco_6d:28:d9 (e0:2f:6d:6d:28:d9)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: fe80::e22f:6dff:fe6d:28d9, Dst: ff02::1
    0110 .... = Version: 6
    .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
        .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
        .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
    Payload Length: 32
    Next Header: ICMPv6 (58)
    Hop Limit: 255
    Source: fe80::e22f:6dff:fe6d:28d9
    Destination: ff02::1
    [Source SA MAC: Cisco_6d:28:d9 (e0:2f:6d:6d:28:d9)]
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x4bd6 [correct]
    [Checksum Status: Good]
    Cur hop limit: 64
    Flags: 0xc0, Managed address configuration, Other configuration, Prf (Default Router Preference): Medium
        1... .... = Managed address configuration: Set
        .1.. .... = Other configuration: Set
        ..0. .... = Home Agent: Not set
        ...0 0... = Prf (Default Router Preference): Medium (0)
        .... .0.. = Proxy: Not set
        .... ..0. = Reserved: 0
    Router lifetime (s): 1800
    Reachable time (ms): 3600000
    Retrans timer (ms): 0
    ICMPv6 Option (Source link-layer address : e0:2f:6d:6d:28:d9)
        Type: Source link-layer address (1)
        Length: 1 (8 bytes)
        Link-layer address: Cisco_6d:28:d9 (e0:2f:6d:6d:28:d9)
    ICMPv6 Option (MTU : 1500)
        Type: MTU (5)
        Length: 1 (8 bytes)
        Reserved
        MTU: 1500


ISP controls the router.

Thanks for taking the time to slog this out with me!  Its been an interesting journey thus far.


----------



## johnblue (Jan 11, 2019)

So with a single entry in /etc/rc.conf of:

```
ifconfig_em0="inet6 -ifdisabled"
```

the solution to getting command line stateful DHCPv6 to work was to include "-cf /dev/null":

`/usr/local/sbin/dhclient -v -6 -cf /dev/null em0`

In performing the postmortem I have not been very successful.  I am having a hard time figuring out why /dev/null makes it work whereas without it it fails.

Thoughts?


----------

