In the past I have tried to setup VM's with IPV6. Never really successful. I did already wrote about that in the past. Today I tried setting up a vm using TrueNAS scale version (TrueNAS-SCALE-22.12.1) as host and with ubuntu-22.04.2 LTS in the VM. And again it did not work !! - The VM is connected to vlan120. - each vlan has an /64 IPV6-net - pfSense DHCP6 is configured for that vlan - RA configured as 'Managed' Having seen that, and given that more is working now than in than in the past. I decided to some extensive tests. What I did was - restarting the VM after all setting changes - trying all 'Router Advertisement' settings one by one - connect to the vm - 'ip a' to see the config - ping -6 www.google.com - watching the result & capturing using pfSense package capture Findings are: - RA disabled => does not work no address at all - Router Only => only a local address - Unmanaged => OK! - Managed => wrong address /128 should be /64 - Assistant => wrong address /128 should be /64 - Stateless => OK! Not 100% sure, but that I have some verdicts about pfSense .... sure. Attached a file with more detailed info ***** Using pfSense 2.7 today (20230301) buid ************* Router Advertisement PRIO on Hi to be sure ..... mac ubuntu 00:a0:98:34:89:e4 **** RESTULTS PER Router Advertisement settint ********** Disabled (NOT OK) 2: ens3: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:a0:98:34:89:e4 brd ff:ff:ff:ff:ff:ff altname enp0s3 inet 192.168.120.129/24 metric 100 brd 192.168.120.255 scope global dynamic ens3 valid_lft 7184sec preferred_lft 7184sec inet6 fe80::2a0:98ff:fe34:89e4/64 scope link valid_lft forever preferred_lft forever louisb@elise:~$ ping -6 www.google.com ping: connect: Network is unreachable louisb@elise:~$ ------------------------------------------------- Router Only (NOT OK) 2: ens3: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:a0:98:34:89:e4 brd ff:ff:ff:ff:ff:ff altname enp0s3 inet 192.168.120.129/24 metric 100 brd 192.168.120.255 scope global dynamic ens3 valid_lft 7183sec preferred_lft 7183sec inet6 fe80::2a0:98ff:fe34:89e4/64 scope link valid_lft forever preferred_lft forever louisb@elise:~$ ping -6 www.google.com PING www.google.com(eg-in-f147.1e100.net (2a00:1450:4013:c05::93)) 56 data bytes From _gateway (fe80::6eb3:11ff:fe09:748%ens3) icmp_seq=1 Destination unreachable: Beyond scope of source address ----------------------------------------------- Unmanaged (OK !) 2: ens3: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:a0:98:34:89:e4 brd ff:ff:ff:ff:ff:ff altname enp0s3 inet 192.168.120.129/24 metric 100 brd 192.168.120.255 scope global dynamic ens3 valid_lft 7180sec preferred_lft 7180sec inet6 aaaa:bbbb:cccc:120:2a0:98ff:fe34:89e4/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 86380sec preferred_lft 14380sec inet6 fe80::2a0:98ff:fe34:89e4/64 scope link valid_lft forever preferred_lft forever louisb@elise:~$ ping -6 www.google.com PING www.google.com(ams16s21-in-x04.1e100.net (2a00:1450:400e:802::2004)) 56 data bytes 64 bytes from ams16s21-in-x04.1e100.net (2a00:1450:400e:802::2004): icmp_seq=1 ttl=60 time=5.01 ms 64 bytes from ams15s41-in-x04.1e100.net (2a00:1450:400e:802::2004): icmp_seq=2 ttl=60 time=5.02 ms --------------------------------------------------------------- Managed (NOT OK) 2: ens3: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:a0:98:34:89:e4 brd ff:ff:ff:ff:ff:ff altname enp0s3 inet 192.168.120.129/24 metric 100 brd 192.168.120.255 scope global dynamic ens3 valid_lft 7176sec preferred_lft 7176sec inet6 aaaa:bbbb:cccc:120::f20a/128 scope global dynamic noprefixroute valid_lft 6307sec preferred_lft 3607sec inet6 fe80::2a0:98ff:fe34:89e4/64 scope link valid_lft forever preferred_lft forever louisb@elise:~$ ping -6 www.google.com PING www.google.com(ams15s48-in-x04.1e100.net (2a00:1450:400e:811::2004)) 56 data bytes ^C --- www.google.com ping statistics --- 8 packets transmitted, 0 received, 100% packet loss, time 7158ms ------------------------------------------------------ Assisted (NOT OK) 2: ens3: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:a0:98:34:89:e4 brd ff:ff:ff:ff:ff:ff altname enp0s3 inet 192.168.120.129/24 metric 100 brd 192.168.120.255 scope global dynamic ens3 valid_lft 7150sec preferred_lft 7150sec inet6 aaaa:bbbb:cccc:120::f20a/128 scope global dynamic noprefixroute valid_lft 6168sec preferred_lft 3468sec inet6 aaaa:bbbb:cccc:120:2a0:98ff:fe34:89e4/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 86367sec preferred_lft 14367sec inet6 fe80::2a0:98ff:fe34:89e4/64 scope link valid_lft forever preferred_lft forever louisb@elise:~$ ping -6 www.google.com PING www.google.com(ams15s40-in-x04.1e100.net (2a00:1450:400e:80d::2004)) 56 data bytes ^C --- www.google.com ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2047ms ---------------------------------------------------------- Stateless DHCP (OK !) 2: ens3: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:a0:98:34:89:e4 brd ff:ff:ff:ff:ff:ff altname enp0s3 inet 192.168.120.129/24 metric 100 brd 192.168.120.255 scope global dynamic ens3 valid_lft 7182sec preferred_lft 7182sec inet6 aaaa:bbbb:cccc:120:2a0:98ff:fe34:89e4/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 86382sec preferred_lft 14382sec inet6 fe80::2a0:98ff:fe34:89e4/64 scope link valid_lft forever preferred_lft forever louisb@elise:~$ ping -6 www.google.com PING www.google.com(ams15s41-in-x04.1e100.net (2a00:1450:400e:802::2004)) 56 data bytes 64 bytes from ams16s21-in-x04.1e100.net (2a00:1450:400e:802::2004): icmp_seq=1 ttl=60 time=4.78 ms 64 bytes from ams16s21-in-x04.1e100.net (2a00:1450:400e:802::2004): icmp_seq=2 ttl=60 time=4.89 ms 64 bytes from ams15s41-in-x04.1e100.net (2a00:1450:400e:802::2004): icmp_seq=3 ttl=60 time=4.71 ms 64 bytes from ams16s21-in-x04.1e100.net (2a00:1450:400e:802::2004): icmp_seq=4 ttl=60 time=4.91 ms ------------------------------------------------------- ***** More detailed info related to Managed **** 1) *** the test high level *** Managed louisb@elise:~$ ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:a0:98:34:89:e4 brd ff:ff:ff:ff:ff:ff altname enp0s3 inet 192.168.120.129/24 metric 100 brd 192.168.120.255 scope global dynamic ens3 valid_lft 7181sec preferred_lft 7181sec inet6 aaaa:bbbb:cccc:120::f20a/128 scope global dynamic noprefixroute valid_lft 5617sec preferred_lft 2917sec inet6 fe80::2a0:98ff:fe34:89e4/64 scope link valid_lft forever preferred_lft forever louisb@elise:~$ PING www.google.com(ams15s44-in-x04.1e100.net (2a00:1450:400e:80f::2004)) 56 data bytes ^C --- www.google.com ping statistics --- 83 packets transmitted, 0 received, 100% packet loss, time 83975ms 2) *** on the WAN interface every thing OK *** ------------------------------------------------------- 20:06:25.384143 IP6 fe80::6a05:caff:fe5a:813d > fe80::9217:3fff:fe7f:e4a1: ICMP6, echo request, seq 49215, length 9 20:06:25.385629 IP6 fe80::9217:3fff:fe7f:e4a1 > fe80::6a05:caff:fe5a:813d: ICMP6, echo reply, seq 49215, length 9 20:06:25.914354 IP6 fe80::6a05:caff:fe5a:813d > fe80::9217:3fff:fe7f:e4a1: ICMP6, echo request, seq 49216, length 9 20:06:25.916773 IP6 fe80::9217:3fff:fe7f:e4a1 > fe80::6a05:caff:fe5a:813d: ICMP6, echo reply, seq 49216, length 9 3) *** on the VM-LAN pfsense does not know how to reach the VM / the echo response comming from the wan is lost) ------------------------------------------------------ No. Time Source Destination Protocol Length Address Info 1 19:56:54,751865 aaaa:bbbb:cccc:120::f20a 2a00:1450:400e:80f::2004 ICMPv6 118 6c:b3:11:09:07:48,00:a0:98:34:89:e4 Echo (ping) request id=0x0001, seq=4, hop limit=64 (no response found!) 2 19:56:54,757666 fe80::6eb3:11ff:fe09:748 ff02::1:ff00:f20a ICMPv6 86 33:33:ff:00:f2:0a,6c:b3:11:09:07:48 Neighbor Solicitation for aaaa:bbbb:cccc:120::f20a from 6c:b3:11:09:07:48 3 19:56:55,776005 aaaa:bbbb:cccc:120::f20a 2a00:1450:400e:80f::2004 ICMPv6 118 6c:b3:11:09:07:48,00:a0:98:34:89:e4 Echo (ping) request id=0x0001, seq=5, hop limit=64 (no response found!) 4 19:56:55,796549 fe80::6eb3:11ff:fe09:748 ff02::1:ff00:f20a ICMPv6 86 33:33:ff:00:f2:0a,6c:b3:11:09:07:48 Neighbor Solicitation for aaaa:bbbb:cccc:120::f20a from 6c:b3:11:09:07:48 ------------------------------------------------------------- 4) *** frame details *** Frame 1: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) Encapsulation type: Ethernet (1) Arrival Time: Mar 1, 2023 19:56:54.751865000 West-Europa (standaardtijd) [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1677697014.751865000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 118 bytes (944 bits) Capture Length: 118 bytes (944 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:icmpv6:data] [Coloring Rule Name: ICMP] [Coloring Rule String: icmp || icmpv6] Ethernet II, Src: NetApp_34:89:e4 (00:a0:98:34:89:e4), Dst: Shenzhen_09:07:48 (6c:b3:11:09:07:48) Destination: Shenzhen_09:07:48 (6c:b3:11:09:07:48) Source: NetApp_34:89:e4 (00:a0:98:34:89:e4) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: aaaa:bbbb:cccc:120::f20a, Dst: 2a00:1450:400e:80f::2004 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0001 0101 0100 1101 1011 = Flow Label: 0x154db Payload Length: 64 Next Header: ICMPv6 (58) Hop Limit: 64 Source Address: aaaa:bbbb:cccc:120::f20a Destination Address: 2a00:1450:400e:80f::2004 Internet Control Message Protocol v6 Type: Echo (ping) request (128) Code: 0 Checksum: 0x0a94 [correct] [Checksum Status: Good] Identifier: 0x0001 Sequence: 4 [No response seen] Data (56 bytes) ---------------------------------------------------------- Frame 2: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) Encapsulation type: Ethernet (1) Arrival Time: Mar 1, 2023 19:56:54.757666000 West-Europa (standaardtijd) [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1677697014.757666000 seconds [Time delta from previous captured frame: 0.005801000 seconds] [Time delta from previous displayed frame: 0.005801000 seconds] [Time since reference or first frame: 0.005801000 seconds] Frame Number: 2 Frame Length: 86 bytes (688 bits) Capture Length: 86 bytes (688 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:icmpv6] [Coloring Rule Name: ICMP] [Coloring Rule String: icmp || icmpv6] Ethernet II, Src: Shenzhen_09:07:48 (6c:b3:11:09:07:48), Dst: IPv6mcast_ff:00:f2:0a (33:33:ff:00:f2:0a) Destination: IPv6mcast_ff:00:f2:0a (33:33:ff:00:f2:0a) Source: Shenzhen_09:07:48 (6c:b3:11:09:07:48) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: fe80::6eb3:11ff:fe09:748, Dst: ff02::1:ff00:f20a 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000 Payload Length: 32 Next Header: ICMPv6 (58) Hop Limit: 255 Source Address: fe80::6eb3:11ff:fe09:748 Destination Address: ff02::1:ff00:f20a [Source SLAAC MAC: Shenzhen_09:07:48 (6c:b3:11:09:07:48)] Internet Control Message Protocol v6 Type: Neighbor Solicitation (135) Code: 0 Checksum: 0xf7e5 [correct] [Checksum Status: Good] Reserved: 00000000 Target Address: aaaa:bbbb:cccc:120::f20a ICMPv6 Option (Source link-layer address : 6c:b3:11:09:07:48) ----------------------------------------------------------------