IPv6

• D

  IPv6 Tutorials
  • dwabraxus  

  2
  1
  Votes
  2
  Posts
  28352
  Views

  J

  Thanks for the tutorial :)
• C

  IPv6 test sites
  • cmb  

  20
  0
  Votes
  20
  Posts
  39835
  Views

  

  Why does this seem like spam to me.. Why does someone join a site just to advertise some site - other than just spam!!! I wouldn't hit that site with your ____ if you know what I mean! There is one thing if you have user X that has been here in the community, and then there is a thread that says hey where do you test Y.. suggesting a site, and then there is accounts that join, and same instant suggest go X.. I should just delete and ban this account.. But its not from IN, so will give the benefit of doubt... For now.
• M

  Getting /56 prefix but WAN uses another one?
  • mrsunfire  

  24
  0
  Votes
  24
  Posts
  87
  Views

  M

  There are coming back but there are no going out. Even the hosts I‘ve never heared.
• M

  CARP and IPv6-PD - trying to understand things
  • msi  

  6
  0
  Votes
  6
  Posts
  33
  Views

  

  Don't feel too bad the DOD is still dicking around with even trying to roll out dual stack support ;) And they have been at its since 2003 ;)
• R

  Possible routing issue, almost there?
  • RobertTheSwede  

  8
  0
  Votes
  8
  Posts
  54
  Views

  

  @RobertTheSwede WOW, that is dumb. I have a /56 and have used prefix ID ff for my VPN without issue. Works fine. Their policy should be everything in that /48 prefix should be forwarded to the customer. Also, it's extremely unlikely there would be any traffic for an unused prefix, as there is nothing to trigger it.
• L

  Intermittent ipv6 connection loss with TR862G (comcast's firmware)
  • lolipoplo  

  1
  0
  Votes
  1
  Posts
  20
  Views

  No one has replied

• D

  Track interface not getting IPv6 and restarts unbound every minute
  • DonZalmrol  

  5
  0
  Votes
  5
  Posts
  97
  Views

  D

  Solved! My ISP digged deep into this and like I thought it was a routing issue on their side! I moved to another city last year they didn't changed my public fixed IP addresses. Once they changed my IPv6 /56 it all worked. TL:DR IPv6 routing issue on ISP side.
• A

  RTSOLD <sendpacket> sendmsg on igb0: Can't assign requested address
  • andrema2  

  27
  0
  Votes
  27
  Posts
  102
  Views

  A

  Tks for your support
• W

  DHCPv6 prefix delegation over multiple local VLANs
  • wishyou  

  8
  0
  Votes
  8
  Posts
  73
  Views

  

  @wishyou Good. When I started with pfSense, that option wasn't available, so my prefix changed on occasion.
• 

  IPv6 Track Interface not getting IPv6
  • cmcqueen  

  9
  0
  Votes
  9
  Posts
  187
  Views

  

  @biggsy Then there's the network song This LAN is Your LAN.
• J

  Multiple IPv6 capable connections
  • jsphgttgns  

  12
  0
  Votes
  12
  Posts
  114
  Views

  J

  @IsaacFL said in Multiple IPv6 capable connections: /etc/inc/interfaces.inc It looks as if fe80::1:1 gets statically enforced. So changing the 2nd box might work to see whether there are other problems. The OPNsense code is different here, but I haven't read all relevant interface files so far.
• Q

  Need some IPv6 OpenVPN guidance
  • q54e3w  

  3
  0
  Votes
  3
  Posts
  47
  Views

  Q

  @netblues Sorry for the heavy handed smudging, wanted to be sure I was t posting unnecessary details re MAC or private addresses, I've tried to be more selective in this response. Heres the diagnostics that led me to think its something to do with the Ipv6 tunnel to AirVPN. From my local subnet my local PC gets a IPv4 and IPv6 address With the egress gateway set to default I can a IP test site ping over both IPv4 and IPv6 % ping -c 3 ifconfig.co PING ifconfig.co (104.28.18.94): 56 data bytes 64 bytes from 104.28.18.94: icmp_seq=0 ttl=54 time=508.991 ms 64 bytes from 104.28.18.94: icmp_seq=1 ttl=54 time=47.812 ms 64 bytes from 104.28.18.94: icmp_seq=2 ttl=54 time=77.452 ms % ping6 -c 3 ifconfig.co PING6(56=40+8+8 bytes) 2605:e000:xxxx:xxxx:9051:ad0b:d360:b654 --> 2606:4700:3032::681c:125e 16 bytes from 2606:4700:3032::681c:125e, icmp_seq=0 hlim=56 time=88.167 ms 16 bytes from 2606:4700:3032::681c:125e, icmp_seq=1 hlim=56 time=92.328 ms 16 bytes from 2606:4700:3032::681c:125e, icmp_seq=2 hlim=56 time=127.620 ms I can also get an IP address back from curl'ing the site over both IPv4 and IPv6 so I think can correctly conclude my basic DNS, routing and transport is working correctly over the default non VPN gateway. % curl ifconfig.co 199.249.223.130 % curl -6 ifconfig.co 2605:e000:xxxx:xxxx:9051:ad0b:d360:b654 If I change my gateway to VPN_WAN_V6 for ICMP and TCP/UDP both pings and curl stop functioning. They just hang. ping6 ifconfig.co PING6(56=40+8+8 bytes) 2605:e000:xxx:xxx:9051:ad0b:d360:b654 --> 2606:4700:3034::681c:135e ^C % curl -6 ifconfig.co ^C I'm not sure this is useful, but heres the ifconfig of the openvpn interface ovpnc1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::ae1f:6bff:fe73:87e0%ovpnc1 prefixlen 64 scopeid 0x1c inet6 fde6:7a:7d20:5a2::1001 prefixlen 64 inet 10.9.162.3 --> 10.9.162.1 netmask 0xffffff00 groups: tun openvpn nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> Opened by PID 84260 I'm sure this is a newbie IPv6 user error, theres something I'm not understanding clearly like a possible need to do some address translation for IPv6 traffic egressing over a IPv6 link established in a IPv4 tunnel? thanks for reading and any suggestions.
• B

  IPv6 Tutorial for pfSense
  • bewhereinc  

  4
  0
  Votes
  4
  Posts
  106
  Views

  B

  @JKnott Yes we have build an instance of pfSense in AWS and firewall been working well with IPv4. Recently we have a project where the equipment we need to remotely manage are IPv6 only. Have turned IPv6 and all seem in place but I can see Firewall blocking the traffic from these devices. WAN and LAN have IPv6 assigned and I can see them in pfSense. Even LAN traffic deosn't seem to be working on IPv6, for example I can ping IPv4 address but not IPv6
• L

  IPv6 Layer 8 Error
  • LandRocket  

  6
  0
  Votes
  6
  Posts
  49
  Views

  L

  I think the solution is true: need more than a /64 Reading about NDP on Wikipedia made some sense and I managed to find a document on RIPE.NET that explained about the importance of being a /64 or more.. I consider my question answered :(
• C

  IPv6 works on LAN but not WAN/Firewall
  • cybercare  

  1
  0
  Votes
  1
  Posts
  29
  Views

  No one has replied

• A

  LAN no longer receiving IPv6 address
  • anthonys  

  7
  0
  Votes
  7
  Posts
  138
  Views

  

  @anthonys Glad to hear it. Yeah, ISPs sometimes cause their own problems, as the staff doesn't fully understand the differences between IPv4 and IPv6. When I had that problem last year, I had to educate both tier 2 support and the senior tech about what was actually happening. They knew the basics of IPv6, but not some of the finer points. At least you got relatively quick response from your ISP on this. It took me 3 months and a lot of work to get the people who should have fixed the problem to do anything. Since I had my own router, they refused to do anything, even though both the tier 2 guy and senior tech told them it was an ISP problem. What finally did the trick is the senior tech brought his own modem to my home and saw the problem. He then went to the head end and tried with 4 different CMTS. The failure only occurred with the one I was connected to. This was weeks after I provided the error (see above) to them. BTW, I have decades of experience with telecommunications, computers and networks and so had the ability to work through this problem. A regular customer wouldn't have a hope of getting it resolved.
• T

  Multiple IPv6 Prefix Delegation over AT&T Residential Gateway for pfSense 2.4.5
  • ttmcmurry  

  9
  0
  Votes
  9
  Posts
  198
  Views

  J

  @ttmcmurry, I've tried using 1 for the Prefix ID and I get an out of range error when saving. I was looking through the code to see what its doing, but to be honest, PHP isn't even close to one of my favorite languages, so didn't make it far into figuring out what was going on.
• S

  IPv6 Routing
  • smaxwell2  

  31
  0
  Votes
  31
  Posts
  300
  Views

  

  @IsaacFL Yes, I know the RA has both. People have to get away from the IPv4 way of thinking. There are essentially unlimited addresses available. You can have multiple addresses on an interface. In my case, I have link local, GUA and ULA. I could even have multiple GUA & ULA if I wished. Sometimes you just want a local network for some devices that share the same network as the devices that connect to the Internet. As mentioned, there is an issue with pfSense where it forgets to apply the GUA prefix, when ULA is also used. As far as I'm concerned, that's a bug.
• 

  2.4.4 ICMPv6 Firewall Rules?
  • beremonavabi  

  33
  0
  Votes
  33
  Posts
  1772
  Views

  

  @JKnott Hmm. I just found this: https://www.freebsd.org/releases/8.0R/relnotes.html "The IGMPv3 and SSM (Source-Specific Multicast) including IPv6 SSM and MLDv2 have been added." Since pfSense is running on 11.x now (I think) then that feature request must be blocked by something else.
• Q

  IPv6 port forward for DNS Forwarder when used in parallel with Resolver?
  • q54e3w  

  7
  0
  Votes
  7
  Posts
  61
  Views

  Q

  making some progress with my learning :) I can create a ULA for the interface and use that in the listen field too. This feels better, the GLA is used purely for external traffic, and the ULA internally for IPv6 lookups. still open for feedback if I'm being crazy/stoopid here. It wouldn't be the first time! :-D
• B

  Routed ipv6 and Carp cluster
  • banman24  

  6
  0
  Votes
  6
  Posts
  39
  Views

  B

  Found the issue and all is working well. If anyone else runs into the same problem I did here is the fix. If you are running HA units and your creating a wan ipv6 carp address you must leave leading 0's on. So you cant take the leading 0's off to shorten the address. :0001 cannot be :1 shortening works fine everywhere else but with the carp IP for some reason you cannot do this. I found a thread from 4 years ago on redmine that was very similar to this issue and there was some activity on it from a few weeks ago so I'm wondering if the issue has resurfaced. Either way I'm glad i got it working now :) If anyone from netgate sees this I am running the current stable version as of today. 5/15/20
• T

  IPv6 equivalent to intercept outbound traffic from host?
  • te  

  1
  0
  Votes
  1
  Posts
  28
  Views

  No one has replied

• J

  IPv6 connectivity from LAN is lost after PPPoE reconnect
  • j.koopmann  

  1
  0
  Votes
  1
  Posts
  27
  Views

  No one has replied

• T

  IPv6 test configuration behind NAT
  • tomashk  

  4
  0
  Votes
  4
  Posts
  73
  Views

  T

  I see that there are no clear instructions for this scenario. As I like experiments I'll try to find it out just by trying to do this. Of curse it will help if somebody could tell that there is no way to configure pfSense behind NAT to properly handle IPv6 with tunnel broker (HE) Just for quick summary this is my setup: Internet <--> ISP modem (as bridge) <--> pfSense on real device (main router with public IP) <--> pfSense on virtual box (test router) <--> virtual box test network And as mentioned in first post I plan to learn by configuring IPv6 on "test router".
• C

  IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA
  • chewie198  

  27
  0
  Votes
  27
  Posts
  1261
  Views

  D

  @JKnott I'm using both with the drop down being "Assisted". Not sure what you would like me to show for in my RA's... I have both my ULA and GUA prefix's listed there, what do you mean by yours are further up? Do you mean your ULA is on top of the RA's prefix lists? DHCPv6 I just have on for devices that support it... as I dole out a domain name on that (I don't have a search list defined in the RA function for SLAAC). Best Regards, dg6464
• D

  IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV)
  • dg6464  

  74
  1
  Votes
  74
  Posts
  593
  Views

  D

  @JKnott thanks, I might try that to experiment. However, it seems this has been verified and input as a bug on this thread. Hoping maybe the Netgate folks get to it in a future release... properly getting track interface to work with multiple IP addresses on a LAN interface including GUA and ULA. Definitely some funky routing and "which interface gets priority or sends the traffic and can route" going on... both on the pfSense side (which they can control), as well as the various client OS's (Windows, Mac, Linux, etc). All of them do it differently. Windows machines here always seem to ping everything just fine... Mac's not so much. If anyone finds a fix / workaround (possibly a script to pull and add the ULA VIP after 5-10 seconds whenever the WAN goes up/down)... let me know and I'd be happy to test it. Best Regards, dg6464
• L

  router loses IPv6, error in routing logs
  • lifespeed  

  10
  0
  Votes
  10
  Posts
  45
  Views

  

  @lifespeed If nothing else it will show what normal looks like. On the other hand, it could show a problem. Last year I had a problem with IPv6 from my ISP. By using packet capture, I was able to not only show there was a problem at my ISP, but even identify the failing system by name. Packet captures are an extremely useful tool in trying to resolve network problems. BTW, one thing I frequently do is fire up Wireshark, just to see how things work. This makes it much easier when trying to solve a problem, as I know what normal looks like.
• S

  IPv6 pfSense and Windows AD with DHCP
  • sunnyg  

  1
  0
  Votes
  1
  Posts
  13
  Views

  No one has replied

• C

  IPv6 from ISP works, but WAN address is link local, not global
  • cra  

  12
  1
  Votes
  12
  Posts
  1032
  Views

  J

  @JKnott I misunderstood that I needed an extra interface to tie the VIP to. But I see I can just create one and tie it to the WAN interface. I just confirmed this works as expected.
• K

  Multi-WAN IPv6 with HE.net TunnelBroker
  • kamushadenes  

  10
  0
  Votes
  10
  Posts
  56
  Views

  K

  Hello, and sorry for the delay. I reverted to using my ISP native IPv6 and fixed the horrible stability issues by settings LAN's MSS to 1440 after reading https://forum.netgate.com/topic/73573/massive-http-ipv6-connectivity-issues and fiddling with values. I kept using NPt, and used /64 on all interfaces. All seem perfect now, including multi-wan load balancing. Thank you for your help.
• C

  Understanding routing IPv6 through pfSense
  • cwo  

  10
  0
  Votes
  10
  Posts
  101
  Views

  C

  @JKnott Good advice, thank you :-) I bought a copy today.
• B

  LAN interface IPv6 with track interface eventually reverts to Link Local
  • bplein  

  6
  0
  Votes
  6
  Posts
  60
  Views

  

  @bplein No, missing or bad RAs will cause clients to lose the prefix, leaving them only with link local addresses. I just checked my network and see RAs every minute or so. Examining the RA may give you a clue to the problem.
• H

  Spectrum (Upstate NY)/IPv6 Routing Out But Dies On Return
  • hbp4c  

  7
  0
  Votes
  7
  Posts
  50
  Views

  H

  @stephenw10 Yes, I decided to just nuke this tread. Not sure how to delete the whole thread but I don't have time to work on this right now. Thanks for the suggestion.
• W

  IPv6 not working on boot, but after editing WAN interface
  • winklevos  

  2
  0
  Votes
  2
  Posts
  51
  Views

  P

  maybe "Get IPv6 through IPv4"
• 

  [solved]IPv6 connectivity stops working on interface
  • Bob.Dig  

  15
  0
  Votes
  15
  Posts
  130
  Views

  

  @Bob-Dig Did some more testing and the problem was probably an interface problem with hyper-v, everything is good now.
• J

  Delegating IPv6 networks to a downstream router
  • jihartik  

  8
  0
  Votes
  8
  Posts
  51
  Views

  

  Yeah just use HE here, you can do anything you want with your /48.. Its just routed down your tunnel.. If you want to route part of that to a downstream, its as simple as creating the routes.. You can also then take that /48 with you if you change ISPs.. You could route a /56 to 1 downstream router, and a another /56 to a different one, etc. etc.
• 

  Distributing IPv6 to multiple VLANS
  • lohphat  

  8
  0
  Votes
  8
  Posts
  88
  Views

  

  FINALLY, success! After retrying what should have worked the first time, but didn't, I can report I have a /56 and proper delegations to the different segments. The problem was the ISP, even after a modem reboot, would be inconsistent issuing IPv6 configs. It was 24 hours of tweaking and rebooting. Thanks for the advice, it did help to narrow down the options.
• B

  IPv6 PPPoE MSS incorrect
  • BM118  

  1
  0
  Votes
  1
  Posts
  38
  Views

  No one has replied

• A

  IPv6 PPPoE Telmex/Telnor WAN Interface Configuration
  • abcdefabcdef  

  15
  0
  Votes
  15
  Posts
  71
  Views

  A

  @JKnott @abcdefabcdef said in IPv6 PPPoE Telmex/Telnor WAN Interface Configuration: When I use the ISP supplied ONU modem in router mode, I can access IPv6 resources and online IPv6 tests pass. I was saying that when I had put it in router mode, it worked, but my intention is to have it working in bridge mode and it is currently in bridge mode.
• P

  BT Ultrafast IPv6 not working through PfSense
  • pwood999  

  16
  0
  Votes
  16
  Posts
  76
  Views

  

  @pwood999 said in BT Ultrafast IPv6 not working through PfSense: no easy way to talk to somebody that actually understands !! That has nothing to do with the current situation!