This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPv6 DHCP delegated prefix issue

Hello All,

Due to a line change (ASDL to VVDSL)  I got new IP addresses from my ISP. These were and are fixed addresses but I need a DHCP client to get them.

The issue has to do with IPv6, IPv4 is working fine. At the line a Draytek Vigor 130 is installed in bridge mode and VLAN stripping is disabled.

In UTM the WAN side network adapter is set to PPPoE, the box "Static PPPOE IP" is not checked and at the advanced section the correct VLAN is stripped. So far so good. BUT, when I enable IPv6 using the switch in the global section of IPv6 the following is displayed:  Native over WAN (DSL)
Delegated Prefix: 2001:980:xxxx::/48. Seems good except for the IP address. This is my old prefix and not the new one belonging to the new line. This must be an issue in UTM because when I connect a simple hardware router to the Vigor modem I get the right new prefix delegated and IPv6 is working.

The UTM software version is: 9.351-3

Please help me with this issue.

Thanks in advance.

Ed.



This thread was automatically locked due to age.
  • Try as root:

    rm /var/chroot-dhcpc/var/db/*.leases6

    /var/mdw/scripts/ipv6_watchdog restart

    Does that help?

    Otherwise please post relevant log line from IPv6 log.

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • IPv6 Prefix Delegation over PPPoE is - Broken - i have reported this several times and commented on that on the old Forum. Its not on Sophos Priority List.

    ---

    Sophos UTM 9.3 Certified Engineer

  • There was 1 file with the .leases extension. I opened it and the old prefix was in. Then I did serveral things:
    1. I renamed the file and run the script. That didn't help
    2. I rebooted the computer. That didn't help
    3. I renamed the file back to the original name and put the new prefix in place and then rerun the script. That didn't help. I still get the old prefix at the IPv6 Global page. So it should be stored elsewhere.
    Below you will find the IPv6 log from the moment I put the switch IPv6 to ON till the moment I switched it OFF again. Remarkable are the lines with eth1 in it. As eth1 is the LAN adapter and eth0 is the WAN adapter. I hope this does ring a bell


    2015:11:11-21:26:15 vpn ipv6_watchdog[26578]: Starting IPv6 address watchdog
    2015:11:11-21:26:24 vpn ipv6_watchdog[26578]: Start of monitoring interface ppp0 (50)
    2015:11:11-21:26:24 vpn ipv6_watchdog[26578]: Installing default route via fe80::2a0:a50f:fc75:4c34 (50)
    2015:11:11-21:26:24 vpn ipv6_watchdog[26578]: Interface ppp0 (50) changed RA flags: NONE -> SENT,RCVD,READY
    2015:11:11-21:26:31 vpn radvd[27513]: version 1.9.2 started
    2015:11:11-21:26:33 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:33 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:33 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:33 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:36 vpn ipv6_watchdog[26578]: Stopping IPv6 address watchdog
    2015:11:11-21:26:36 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:36 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:36 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:36 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:36 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:36 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:36 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:36 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:36 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:36 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:36 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:36 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:36 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:36 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:36 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:36 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:36 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:36 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:36 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:36 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:36 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:36 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:36 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:36 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:36 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:36 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:36 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:37 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:37 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:37 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:37 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:37 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:37 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:37 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:37 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:37 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:37 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:37 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:37 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:37 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:37 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:37 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:38 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:38 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:38 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:39 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:39 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:39 vpn radvd[27517]: resetting ipv6-allrouters membership on eth1
    2015:11:11-21:26:39 vpn radvd[27517]: sendmsg: Network is unreachable
    2015:11:11-21:26:39 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:40 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:40 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:40 vpn radvd[27517]: resetting ipv6-allrouters membership on eth1
    2015:11:11-21:26:40 vpn radvd[27517]: sendmsg: Network is unreachable
    2015:11:11-21:26:40 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:40 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:40 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:40 vpn radvd[27517]: resetting ipv6-allrouters membership on eth1
    2015:11:11-21:26:40 vpn radvd[27517]: sendmsg: Network is unreachable
    2015:11:11-21:26:40 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:40 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:40 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:40 vpn radvd[27517]: resetting ipv6-allrouters membership on eth1
    2015:11:11-21:26:40 vpn radvd[27517]: sendmsg: Network is unreachable
    2015:11:11-21:26:40 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:40 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:40 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:40 vpn radvd[27517]: resetting ipv6-allrouters membership on eth1
    2015:11:11-21:26:40 vpn radvd[27517]: sendmsg: Network is unreachable
    2015:11:11-21:26:40 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:40 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:40 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:40 vpn radvd[27517]: resetting ipv6-allrouters membership on eth1
    2015:11:11-21:26:40 vpn radvd[27517]: sendmsg: Network is unreachable
    2015:11:11-21:26:40 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:41 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:41 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:41 vpn radvd[27517]: resetting ipv6-allrouters membership on eth1
    2015:11:11-21:26:41 vpn radvd[27517]: sendmsg: Network is unreachable
    2015:11:11-21:26:41 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:43 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:43 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:43 vpn radvd[27517]: resetting ipv6-allrouters membership on eth1
    2015:11:11-21:26:43 vpn radvd[27517]: sendmsg: Network is unreachable
    2015:11:11-21:26:43 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:43 vpn radvd[27517]: attempting to reread config file
    2015:11:11-21:26:43 vpn radvd[27517]: no linklocal address configured for eth1
    2015:11:11-21:26:43 vpn radvd[27517]: resetting ipv6-allrouters membership on eth1
    2015:11:11-21:26:43 vpn radvd[27517]: sendmsg: Network is unreachable
    2015:11:11-21:26:43 vpn radvd[27517]: resuming normal operation
    2015:11:11-21:26:43 vpn radvd[27517]: Exiting, sigterm or sigint received.
    2015:11:11-21:26:43 vpn radvd[27517]: sending stop adverts
    2015:11:11-21:26:43 vpn radvd[27517]: resetting ipv6-allrouters membership on eth1
    2015:11:11-21:26:43 vpn radvd[27517]: sendmsg: Network is unreachable
    2015:11:11-21:26:43 vpn radvd[27517]: removing /var/run/radvd.pid
    2015:11:11-21:26:43 vpn radvd[27515]: Exiting, privsep_read_loop had readn return 0 bytes
  • So there is no way to get this working again?
  • not that i know of without sophos fixing it. I even talked to two QA Engineer and had him on my UTM but than didnt hear from him again other than that i would need to open a ticket for it (which i did through a partner)
    All of this was several month ago.

    ---

    Sophos UTM 9.3 Certified Engineer

  • Too bad. But there must be another file where the old prefix is in. If I find this and change the prefix into the new one, who knows. Otherwise hoping that Sophos will fix this. In any case, thanks for your help.
  • Try in Confd. From shell, as root:
    CC
    ipv6
    prefixes@


    to see what's in there now.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • Oops, now you got me. I'm not a Linux expert. Can you please explain how to enter these commands?
    Thanks.
  • Enable and configure Shell access in WebAdmin at Management > System Settings > Shell Access.
    Connect via SSH to the UTM. Must use Putty, but there are many other programs that can be used.
    Login as loginuser
    Once logged in, type "su -", without the quotes, then hit enter to elevate to root. Use the root password you set, when prompted.

    Now you are root. Each of the following lines is a command, so hit enter after entering each each:
    CC
    ipv6
    prefixes@

    When done, the command is Exit to leave CC and go back to the Bash prompt.

    Be aware that changes made from the backend are unsupported.  If you have a paid licence, making backend changes does void your support.  With the above commands, we are just information gathering (seeing if it shows the old or new prefix) and not changing anything, so you're safe.  :)

    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • I was close. I typed CC instead of cc.
    The output is: 0 'REF_DhcStaLan' [on LAN]