Is it me or verizon?
-
My suggestion was to use ping, not traceroute, so you can easily see where it reaches. For example, from pfSense, ping the tethered device. Do you see the ping there? Do you see a response going out? Do the same again from the other end. When I had the problem, at the pfSense end, I could see the ping go out, but nothing coming back. At the other end, I could see the ping going in and the response leaving. Pinging from the other end showed nothing at pfSense. That told me the problem was in the path to my network and not outgoing.
-
When I had my problem, a tech came and did that with his own modem and computer. The problem persisted. By that time I also had my next door neighbour try and he had the same problem as I did and he didn't have a separate router.
So yes, connecting directly to the modem is often a valid test, as it narrows down the possibilities.
-
@jknott Ok I plugged my laptop straight in to ont. I only get an ipv4 address and no ipv6. The laptop is running solus. Also I put everything back... pings just timeout to vps and home vice-versa.
If the traceroute above from vps to home, they seem to timeout same place when I go from home -> google or vps
-
Thanks again for everyone's input and help. I have a tech scheduled to come out tomorrow now to troubleshoot. I'll let ya know the result. Thanks again all
-
I think they meant plug into the modem, not pfsense. Put the modem in gateway mode and try that. If that works, then you have a problem with pfsense. If it also fails, then there's a problem with Verizon.
BTW, I trust you have been using the modem in bridge mode with pfsense.
-
@jknott thanks for the help. I had them activate the ethernet port on my ont a while back. I just have a cat6 run from the ont to my pfsense box in the basement. To do the test, I just unplugged pfsense and plugged straight in to the laptop. So that be laptop straight to ont. I did get an ipv4 on my laptop, just no ipv6. I'll prob give it another test again tonight after I look to see where I can specify the laptops ipv6 dhcp settings. I do have a win10 laptop, maybe I should try that instead. or both.
@mikev7896 said in Is it me or verizon?:
@cyth Looks like a routing issue on Verizon's end. They had one last week that seemed to get resolved late Thursday or Friday for a number of people in NJ. The fact that you're getting responses out to 2600:4000:1:228::... means your IPv6 traffic is getting to and through your local Verizon office (hop 1), and into a regional point in Verizon's network (hop 2)
I am leaning to what mikev said, I does show me reaching 2 hops from my own network. Wouldn't that mean it is in verizon's hands from that point and hence their problem? Also when I try to come in from an external source they all get stuck in verizon's network.
-
Yes, I also suspect it's Verizon's problem, but I was just trying to help you prove it. Since it fails without pfSense, it's definitely their problem.
-
@jknott totally appreciate ya. Guess we will see what the tech says :)
-
@jknott maybe b/c my laptop doesn't get an ipv6 address (when directly connected), I should figure out how to make that work. Do you know if there is some /etc/network/interfaces configuration I should use to match what I was doing in pfsense? I'll try to research this evening as well.
-
I think it would be best for the Verizon tech to make it work. Since it's not your problem, they should fix it. Once you get it going with the modem, then you can worry about pfSense.
-
Tech arrives and says they don't support ipv6 and that I wouldn't have an ipv6 address. I show him my ipv6 address and then he looks up in the system and it shows ipv6 is supported where I am provisioned. He then remotes to his home and I help him with his ipv6 settings. The settings work for him and he can get out to the internet just fine. He directly connects to my ont with a router and ipv6 is picked up but can't get anywhere. I then show him the traceroute and he confirms the route is broken in the regional office (hop 2 like mike stated). The tech then says no one will fix the route because it isn't official that ipv6 is out.
So basically I am SOL until they happen to fix it.
Anyway, thought I'd share my tech experience and final result. I am going to leave the dhcp6 server disabled on my network and disable RA. This way I can occasionally check on pfsense if it can get out and my local clients won't pickup any global addresses.
Thanks again for everyone's input!
-
Isn't it fun having to show the techs how to do their job. I have five decades of experience in telecom, computers and networks. If I have a problem, I don't waste my time with first level support and immediately escalate to 2nd level.
Also, that attitude sucks. If it's a routing problem, it will affect more than just you. Maybe a complaint higher up might help.
-
@jknott Yeah it is a bummer. Quick question... Lets say the route is fixed. Since now my lan has a ipv6 address that is globally routable, does this mean outsiders from my home network can now attempt to login to my pfsense web configurator?
Thanks Again!
-
Only if you allow it in your firewall rules. Your WAN rules should be configured to drop connections, so that it appears as though nothing is there. That combined with the huge address space means it's unlikely anyone will even find anything on your LAN, let alone log in. Also, you shouldn't have the webConfigurator enabled on the WAN. Use a VPN if you want to access it from elsewhere.
-
@cyth I did a clean installation of pFSense out of the box provided IPV6, without changing any settings. Looks like they just started rolling dual stack so it will be some issues until they figure it out and finish the implementation. So far my pFSense is working, no issues with internet IPV6 traffic. From Verizon Automatic provide to pFSense address size.
Then I upgraded to pFSense plus, no issues working our of the box.
I spend a lot of time tried to figure it out, and looks like all this time was Verizon implementation issues.
I found out I started getting IPV6 because, some of my devices stop working, the reason was because those devices tried to communicate only using IPV6, they were giving priority over IPv4.