IPV6 Test fails-router+modem happy though…
-
It is entirely possible for the devices to get valid addresses, but problems to exist upstream. I experienced this about 3 years ago when there was a problem with my ISP. What you can do is try a known IPv6 only site, such as ipv6.google.com. If you can reach that, you have working IPv6. If not, you'll have to do some testing such as pinging your WAN interface from elsewhere, such as your cell phone, to see if the pings reach your firewall, etc.. When I had that problem, I could ping to & from my firewall, but not from my LAN, so try pinging from pfsense, as well as on your LAN.
Packet capture and Wireshark come in handy for this sort of testing. -
@jknott Thanks for responding. Did google’s IPV6 site. Not working. I have IPV6 within my LAN, etc.
-
Then you'll have to start testing, as I mentioned. Do you have another IPv6 connection, such as cell phone, available?
When I had my problem, pings to my WAN interface worked, but pings to anything on my LAN didn't even reach pfsense. This indicates a routing problem somewhere beyond my LAN. Through my own testing, I was able to identify, by host name, the failing piece of equipment at my ISP. That was the easy part. The hard part was getting the network guys to get off their butts and do their job, even though I had proven, in multiple ways, the problem was theirs.
-
@jknott Thanks. Have been testing.
IPV6 works fine when using my AX-86U by itself.
Also having issues even after following the step by step getting a Nintendo Switch to connect to on-line groups.
Ah the learning curve.....
-
@jsmiddleton4 said in IPV6 Test fails-router+modem happy though…:
IPV6 works fine when using my AX-86U by itself.
Are you using both it and pfsense? If so, you're blocking DHCPv6-PD from reaching pfsense. You want the modem in bridge mode, with nothing else between it and pfsense.
-
@jknott The short answer to your question is yes. But the AX-86U while being used is in AP mode only.
My modem Motorola 8611, doesn't do bridge mode.
I've got IPV6 addresses in pfsense for the WAN. I have IPV6 addresses in pfsense and being given out to LAN clients.
This feels like I'm missing a firewall setting, gateway, Tunable rule, something like that.
-
It should work "right out of the box", unless you've added something to block it. If that modem doesn't do bridge mode, how are you getting IPv6 addresses to the LAN?
-
@jknott It coughs them up. Getting to the LAN via pfsense.
I have WAN set to DHCP6, which is what Comcast uses.
LAN set to track interface, WAN.
DHCP6 Server OFF
RA to Assist.
I've added 2 rules to tunables,
net.inet6.ip6.accept_rtadv 0
net.inet6.icmp6.nd6_onlink_ns_rfc4861 1Booted and I have DHCP6 for WAN, DHCP6 for LAN.
-
Well, then somehow DHCPv6-PD is reaching pfsense. I'm on Rogers. If the modem is in gateway mode, I get a single /64 prefix, which is used by the WAN interface, leaving nothing for the LAN side. With the modem in bridge mode, pfsense gets a /56 prefix, which can be split into 256 /64s.
Here's something you can try.
- Shut down pfsense
- Disconnect WAN port from modem
- Start up pfsense
- Run packet capture on the WAN interface, filtering on DHCPv6 (port 546)
- Reconnect modem to WAN port
After WAN connects, download packet capture file and post here.
-
@jknott Thanks. I'll try....
In my Gateway information the IPV4 had the modem's IPV4 address, of course.
The IPV6 field only says Dynamic. Am I supposed to put an IPV6 address there?
All the examples I've seen there's an IPV6 address in there.
I don't have a way to post a pic. My Windows Network Card Status shows IPV4 and IPV6 have Internet access.
-
Repeats this over and over.
16:53:11.947830 IP6 fe80::265e:beff:fe65:f707.546 > ff02::1:2.547: UDP, length 68
16:53:11.975653 IP6 fe80::201:5cff:fe96:1246.547 > fe80::265e:beff:fe65:f707.546: UDP, length 165
16:53:12.999787 IP6 fe80::265e:beff:fe65:f707.546 > ff02::1:2.547: UDP, length 143
16:53:13.020645 IP6 fe80::201:5cff:fe96:1246.547 > fe80::265e:beff:fe65:f707.546: UDP, length 165 -
I asked for the capture file that you download from Packet Capture. What you provided doesn't say much.
As for pictures, all you have to do is a screen capture and post that here. I've done that many times.
-
The packet says that over and over and over and over.
-
-
You're providing useless info. Please download and post the capture file from Packet Capture, so that I can examine it with Wireshark. Anything else is a waste of time and effort.
-
I looked at the packet. I'm not telling you it has or doesn't have useful information. I'm telling you that's all that's there. If I download the packet and you look at it with Wireshark, you're gonna see exactly what I posted.
Thanks for your at least trying. With IPV6 being WAY too hard and my daughter's Nintendo Switch not connecting to play on-line games, going back to just the AX-86U.
Can send the2.5gbs NIC's back to Amazon. Everything else was free....
-
I was interested in the contents of those packets, not just that they were going from one device to another.
Here's the level of detail I was looking for. Note, this is only a portion of the data as I couldn't fit it all in a single screen capture.
You would not have seen this detail, without using Wireshark on the capture download.
-
@jknott Thanks again. The pfsense router is pulled. AX86U back as full router. IPV6 works, tests fine. My dtr’s Nintendo switch as well.
Asus router works with IPV6 as “Native Mode”.
-
You have to setup IPv6 on WAN, on LAN mostly with track int and the number of the Subnet. I got a /59 from my ISP to use. Setup the RA for the VLAN you use and create a Firewall Rouleset for IPv6.
Pfsense is a Enterprise Firewall and the Setup is more as plugin LAN and WAN.
The disatwantage is, you habe to setup all details.
The advantage is, you can setup all details.I see only link local IPv6 in the capture, i think you dont setup DHCPv6 Prefix Delegation size corectly on your WAN Int.
-
@nocling said in IPV6 Test fails-router+modem happy though…:
I see only link local IPv6 in the capture, i think you dont setup DHCPv6 Prefix Delegation size corectly on your WAN Int.
Link local addresses are used for a lot with IPv6. That's not the issue. As we mentioned, DHCPv6-PD is necessary and I was trying to find out if it was happening, but the OP was very stingy with useful info.
