• Alias tables don't contain IPv6 addresses anymore

    20
    1 Votes
    20 Posts
    2k Views
    I

    @JonathanLee said in Alias tables don't contain IPv6 addresses anymore:

    Is your zone transparent ? I had an issue with mine set to (type transparent) and it was causing issues

    Zone type is at default "transparent" not "type transparent".

  • Solution for dhcp6c problems after hardware change

    2
    0 Votes
    2 Posts
    268 Views
    JKnottJ

    @jhg

    Curious. I replaced the computer I originally ran pfSense on a few years ago. Other than changing the interface assignments, it just worked. I'm still using that new computer today. I'm on Rogers and they use a lot of the same hardware as Comcast. The first computer I ran pfSense on was a refurb HP compact computer and when it died I replaced it with the mini PC described in my sig.

  • Received delegated /64 prefix, ipv6 outgoing but no incoming?

    19
    0 Votes
    19 Posts
    1k Views
    J

    Solved, and it's not pretty.

    A debug message pointed me to /var/db/dhcp6c_duid containing text. So I removed the file to give DHCP6 a chance to start fresh. Then I disabled and re-enabled the WAN interface, and now everything's working.

    When I look at that file now, it's binary, not text. Somehow, that file was preventing IPv6 connectivity.

    Now all I have to do is reboot a few LAN devices that are hanging on to their old delegated prefix :-)

  • WiFi user don't get IPv6, cable users do... on the same VLAN

    10
    0 Votes
    10 Posts
    852 Views
    A

    @JKnott After coming back to this a few days later all the wifi clients are now getting ipv6. Must of been some sort of delay from when the ISP gives out the ip addresses.

  • Slow to get LAN side IPv6 addresses

    1
    0 Votes
    1 Posts
    134 Views
    No one has replied
  • Dynv6 with pfsense

    7
    0 Votes
    7 Posts
    4k Views
    JKnottJ

    @haunted

    If your prefix is consistent, you don't need DynDNS. I've had the same prefix for almost 6 years and just use a regular DNS server.

  • Multiple IPv6 bugs / quirks in pfSense

    7
    0 Votes
    7 Posts
    1k Views
    M

    Issue still present exactly as described above. Confirmed via wireshark that pfsense will relay ULA requests from a GUA to active directory and AD will ignore it since no scope is establish for my GUA.

  • High Availability LAN Party Setup: IPv6 VPN for CGNAT Bypass Question

    1
    0 Votes
    1 Posts
    205 Views
    No one has replied
  • Using Unique Local Addresses

    23
    5 Votes
    23 Posts
    6k Views
    D

    @JKnott

    I was younger than you when I got mine, but based upon your other historical background, I suspect that you're a few years older than me as well. Too bad we didn't know each other back then. I think we would have had a lot of fun.

    Thank you again for engaging with me in this discussion, and for keeping it civil. I've enjoyed the discussion, and look forward to communicating with you again.

  • Supressing logs blocking IPv6 mutlicast and broadcast addresses

    5
    0 Votes
    5 Posts
    358 Views
    JKnottJ

    @CatSpecial202

    There's no such thing as broadcasts on IPv6. The closest to it is all nodes multicast, which is an ICMP6 message. FF00::/8 is multicast. Since IPv6 relies on multicasts for a lot, you want to be careful of what in that range you filter. For example I just saw a multicast to ff02::1, which is a router advertisement to all nodes. If you block that, you'll kill your network. FE80 the link local range and those shouldn't even be passing through pfSense. However, they are also critical to the operation of IPv6, so again be very careful of what you filter.

  • UPnP& NAT-PMP IPv6 ACL?

    2
    1 Votes
    2 Posts
    241 Views
    jimpJ

    No, there isn't. miniupnpd itself doesn't support IPv6 ACLs.

    https://github.com/miniupnp/miniupnp/issues/694

  • Why does my WAN get an autoconf (slaac) address when I'm using DHCP6?

    13
    0 Votes
    13 Posts
    2k Views
    leresL

    @tibere86 said in Why does my WAN get an autoconf (slaac) address when I'm using DHCP6?:

    Hello @keyser and @leres .Were either of you able to resolve this issue?

    I to get both DHCP6 and autoconf addresses with the autoconf address usually before the DHCP6 address so it's the one that gets used. I found I can change the order by manually removing and adding ones of the addresses but this reverts after awhile so I gave up and just live with the order I end up with.

    [anonymized addresses]

    pylon 724 # ifconfig mvneta0 mvneta0: flags=1008b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500 description: WAN options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE> ether 58:9c:fc:01:02:03 inet 99.105.88.5 netmask 0xfffffe00 broadcast 99.105.88.255 inet6 fe80::29c:fcff:fe01:7f15%mvneta0 prefixlen 64 scopeid 0x1 inet6 2600:1700:c01b:5700:29c:fcff:fe01:7f15 prefixlen 64 autoconf pltime 3600 vltime 3600 inet6 2600:1700:c01b:5700::36 prefixlen 128 pltime 3600 vltime 3600 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
  • IPv6 and Upnp?

    17
    0 Votes
    17 Posts
    14k Views
    JonathanLeeJ

    Sorry I was late to the party,

    I was getting this error for the XBOX UPNP ..

    setsockopt(udp, IPV6_RECVPKTINFO): Invalid argument

    Jan 3 09:06:45 miniupnpd 11721 Listening for NAT-PMP/PCP traffic on port 5351 Jan 3 09:06:45 miniupnpd 11721 setsockopt(udp, IPV6_RECVPKTINFO): Invalid argument Jan 3 09:06:45 miniupnpd 11721 HTTP IPv6 address given to control points : [2001:REDCACTED] Jan 3 09:06:45 miniupnpd 11721 HTTP listening on port 2189 Jan 3 09:06:45 miniupnpd 11721 STUN: ext interface mvneta0 with IP address CLASSIFIED is now behind restrictive NAT with public IP address IP AWAS HERE: Port forwarding is now impossible Jan 3 09:06:45 miniupnpd 11721 perform_stun: 2 response out of 4 received Jan 3 09:06:09 radvd 55136 warning: AdvDNSSLLifetime <= 2*MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster Jan 3 09:06:09 radvd 55136 warning: (/var/etc/radvd.conf:52) AdvRDNSSLifetime <= 2*MaxRtrAdvInterval would allow stale DNS servers to be deleted faster Jan 3 09:06:09 radvd 55136 warning: AdvRDNSSLifetime <= 2*MaxRtrAdvInterval would allow stale DNS servers to be deleted faster Jan 3 09:06:09 radvd 55136 warning: AdvDNSSLLifetime <= 2*MaxRtrAdvInterval would allow stale DNS suffixes to be deleted faster Jan 3 09:06:09 radvd 55136 warning: (/var/etc/radvd.conf:24) AdvRDNSSLifetime <= 2*MaxRtrAdvInterval would allow stale DNS servers to be deleted faster Jan 3 09:06:09 radvd 55136 warning: AdvRDNSSLifetime <= 2*MaxRtrAdvInterval would allow stale DNS servers to be deleted faster Jan 3 09:06:09 radvd 55136 version 2.19 started Jan 3 08:21:25 miniupnpd 96990 Listening for NAT-PMP/PCP traffic on port 5351 Jan 3 08:21:25 miniupnpd 96990 setsockopt(udp, IPV6_RECVPKTINFO): Invalid argument

    Can you create a ACL in UpNp?

    Screenshot 2025-01-03 at 17.23.14.png

    It only shows examples for Ipv4

  • IPv6 and HE certification web server question

    24
    0 Votes
    24 Posts
    3k Views
    JKnottJ

    @johnpoz said in IPv6 and HE certification web server question:

    Still got some grateful dead shirts from concerts 30 years ago though - she better never donate those!!!

    She might use them as cleaning rags though! 😉

    I went to an Emerson, Lake and Palmer concert in 1973! Didn't get any shirt though. 😭

  • RADVD error on ue0

    1
    0 Votes
    1 Posts
    126 Views
    No one has replied
  • DUID and IPv6 - static IP mapping best practice

    19
    0 Votes
    19 Posts
    2k Views
    JKnottJ

    @CatSpecial202 said in DUID and IPv6 - static IP mapping best practice:

    @JKnott thanks. that is cool. I'm going to keep experimenting.

    A very useful tool for that is Wireshark.

  • transmit failed: Permission denied

    4
    0 Votes
    4 Posts
    356 Views
    C

    @SteveITS Thank you that was it! I would upvote but it says I need 5 rep to do that..

  • Delegate IPv6 subnet to only specific MAC addresses

    28
    0 Votes
    28 Posts
    2k Views
    S

    @Bob-Dig said in Delegate IPv6 subnet to only specific MAC addresses:

    is your Prefix really static or is it not

    Comcast labels the /56 "static" in a business account portal but how it is delivered to the router I don't know. The last router swap was all auto-configured, the guy just stood there for a few minutes waiting for it to pull its settings.

    The problem is 1) what subnet block gets delegated to the inner router, and inner router's LAN, changes when redelegating happens (if the route inward is lost and I start over trying to fix it), and 2) if I set them up as static in the pfSenses, AFAICT the Comcast router doesn't know where to route the innermost subnet...and its GUI only allows IPv4 static routes, and 3) if delegated automatically sometimes the building pfSense still doesn't create a static route.

    So ideally I could set it up automatically and only have our one "inner" router get IPv6, and my hope would be routing is auto-configured, but I don't seem to be able to do that without other "inner" routers getting IPv6.

    And if I didn't say above, the reason we need to do that is to allow access only to paying tenants, and to set bandwidth limits accordingly.

    One possibility (?) is that the building router reacquires IPv6 when the Comcast router boots, but the inner/office router doesn't request delegation because it was already configured and doesn't know it needs to?

    I spent quite a bit of time yesterday trying to figure out how to find the DUID that will be used on pfSense. "od -h /var/db/dhcp6c_duid" will show it, with the bytes reversed ("8550" = "50:85").

    System > Advanced > Networking has a "DHCP6 DUID" dropdown but on this router if I choose Raw and enter in a DUID, and save the page, it changes my choice to DUID-LLT. I can use DUID-LL and enter a MAC but the output of "od" above includes extra output when I do that, which was confusing. (eventually had to enable DHCP6 debug mode on that page, and restart, to see it in the logs)

    And then after all that I still found another router had acquired an IPv6 IP+delegation so had to turn that off again.

    All I need is for the static route on the building pfSense to not disappear and I think it should work.

    </mini-rant>

  • 0 Votes
    9 Posts
    1k Views
    J

    @grantems IPv6 has mechanisms to do this that I don't quite understand. I think a bunch of it comes down to dns. Your dns resolver should resolve ip addresses that are accessible from the requesting computer. For internal services, this is the private address. Of course this becomes an issue if you, for example, want a computer to be found on the internet, but only allow certain traffic in whereas from the private network all is allowed in. If you route mdns between subnets, I think it should resolve private addresses, but I'm not sure how it works.

    to add private ip addresses without changing anything, add RA subnets in router advertisements

  • Cannot enable the "Allow IPv6" setting

    9
    0 Votes
    9 Posts
    1k Views
    O

    @Gertjan Correct.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.