I am seeing tons of different IPv6 addresses showing up in my device list as individual entries for the same device. In my case, the problem is that I have a default profile that has very limited access (for the kids), and the individual IPv6 addresses that spawn from non-kids devices end up in this limited profile and access is blocked. The problem is that it isn’t obvious to the user what is happening, as it just results in websites suddenly not working as they should, rather than resulting in a unblock request page (although that does happen on occasion). I can move these IPv6 addresses to the proper profile, but they keep getting created anew and aren’t associated with the device that is already in the proper profile. The errant IPv6 addresses have the correct device name but don’t show a MAC address.
In addition, some of the released IPv6 entries never disappear from the device list, so every now and then I have to clean them up manually. Sometimes there are hundreds of invalid device entries that clog up the device list.
Another issue that appears to be related to this is that when I try to go to My Tools, I get the message “If you are seeing this page, your connection is unfiltered.” even though there are exactly 0 devices in the Unfiltered list, and all of my device entries are shown in the basic blacklist.
The Router tab shows that I am running version 4.9.0 on pfsense 2.6.0-RELEASE.
Edit: I am now seeing entries in the device list for my device that look like this:
**2600:1700:6b68:640f:59fe:e34e:7c3a:19d5** **This device sees:** No logs
I know it’s my device because the IPv6 address is listed in ipconfig as a temporary IPv6 address.
hi @dcass thanks for reporting this, I think we have been able to reproduce this now in our lab and will investigate this.
What I’ve found so far is that autoconf IPv6 addresses are not seen by the gateway’s ndp (network discovery), so there’s never an IPv6:MAC address mapping. Interestingly, in our dual-stacked lab environments the fe80 and DHCP-provided IPv6 addresses enrol properly, just not the autoconf ones.
In the mean time, if you’re not actually using IPv6 anyway, you can turn off IPv6 entirely within the gateway (System → Advanced → Networking → not allow IPv6).
@David , I have been running the rapid release v4.9.0-179 since yesterday afternoon, and unfortunately I have not seen any improvement in IPv6 management. Every time a device gets a new IPv6 address, it is not associated with the profile for the device in the dashboard and ends up in the default, highly restricted group. Android, IOS, and Windows devices are all still affected.
Is there any way I can help troubleshoot this on my pfsense box?
Yes, let’s try this. Edit the device in your dashboard and choose to “Forget” and it will be re-discovered. If it persists, we’ll setup a support session to troubleshoot further.
@David, I chose “Forget” for the IP4 and IP6 addresses in the console for my Android device. The IP4 addresses always show up first, so I waited for that to register and moved it from the restriced access to the basic blacklist. I then waited for the IP6 address to show up, and it ended up in the restricted group. I selected “Forget” for the IP6 address, disconnected my Android device from the network and re-connected, and the new IP6 address showed up once again in the restricted group.