Ipv6 configured but unable to ping internet
-
@lolo54000 said in Ipv6 configured but unable to ping internet:
and after i have nothing , no ping
Ping in *nix doesn't show errors by default. If you CTRL+C it will stop, and show lost packets. Are you doing this on a device behind pfSense? Does it have its IPv6 gateway set to the pfSense LAN IPv6?
You will need a second IPv6 subnet for LAN. For example our data center gave us a /125 subnet for WAN and an entire /64 subnet for LAN.
Can you ping from pfSense itself (Diagnostics/Ping)?
-
@steveits Hi
I test ping directly from the command line of my pfsense server.
I test from diagnostic/ping same error
the result when I'm in static config and in dhcp mode
thanks for your help
-
@jknott Hi Yes i'm in a datacenter with a /64 ipv6 bloc assigned
when i put my pfsense in dhcpv6 mode I have no ip assigned by my isp.
When I put a static Ip from my ipv6 bloc I have no error but i can't ping.
My configuration in static mode and in dhcp mode
-
@lolo54000 said in Ipv6 configured but unable to ping internet:
Hi Yes i'm in a datacenter with a /64 ipv6 bloc assigned
when i put my pfsense in dhcpv6 mode I have no ip assigned by my isp.
When I put a static Ip from my ipv6 bloc I have no error but i can't ping.
My configuration in static mode and in dhcp modeWe need a better description of what they are providing. Is the address supplied for pfSense within your /64? Is it a routed /64? Have you talked to the support people at the data centre?
-
@jknott In my back office of ovh i have this
I have ask the support and they only tell me that they have a documention for ipv6 config (https://docs.ovh.com/gb/en/dedicated/network-ipv6/#freebsd_1)and for the configuration of my app they can't help me . this config explain how to config freebsd but in pfsense the file is empty.
I'm newbee on linux but under windows I known.
I have tested on another server under windows server with a similar ipv6 config (only the /64 change)i just config the ipv6 ip with 0001 at the end , i config the prefix and the gateway and immediatly i have access to internet in ipv6. I do the same config in pfsense (I adapt the ip) and i don't have acces to internet.maybe a lack in the configuration of my firewall rules?should I put a rule to allow outgoing traffic in ip v6 from pfsense?another option in pfsense?
thanks for your help
-
@lolo54000 If you are using that /64 block on your WAN, they should give you another for LAN. IPv6 doesn't normally use NAT. The data center then routes your IPv6 LAN subnet traffic to your designated WAN IPv6 address. In other words you can't use the same IPv6 subnet on LAN and WAN.
Alternately there is NPt but I've never had to use it.
-
@steveits Ok and Can i split the /64 block into 2 block ?
Ex for the wan I use a /128 for only 1 ip and for lan i use a /118 with 1024 adress?
with the same start of adress? -
@lolo54000 You would think so but no, they didn't design it that way. So we just don't use a few quintillion addresses at a time.
Our data center gave us a /125 subnet for WAN, because on their end all their customers get one. Then we have a /64 for LAN.
A /128 would be one address. It needs to talk to its gateway.
-
@steveits I have tested to configure a /128 ip on my wan interface and no ipv6 ip on my lan interface and i'm unable to ping google from diagnostic/ping in pfsense.
My isp provide to me only a /64 block and no option to command another block of ipv6 -
@lolo54000 That is expected, an IP with a /128 mask cannot communicate with any other IP. That is the same as IPv4 with a /32 mask.
If they only gave you one /64 and not a separate WAN IP then I don't know if it is possible to get IPv6 on your LAN. Perhaps some sort of weird configuration like using a second WAN interface for IPv6 and bridging it to a second LAN? I think you need to go back to OVH and explain you're trying to configure a router not a computer.
-
If they give him just a /64, then he needs a firewall only, not a router. Can pfSense be configured that way. This is why we need to know what's being provided. Otherwise we're just guessing.
-
@steveits said in Ipv6 configured but unable to ping internet:
A /128 would be one address. It needs to talk to its gateway.
A /128 doesn't talk to anything on it's own. If they're providing that, then they're providing a link local address for the gateway.
-
@jknott said in Ipv6 configured but unable to ping internet:
If they give him just a /64, then he needs a firewall only, not a router.
He wrote it was a /64.
A parallel question is, what did OVH give him for IPv4? If that wasn't a routed subnet (with its own separate WAN IP), then I would suggest OVH is not intending for a router to be used. Which is what you're saying. :)
It does seem weird then that every server would have its own /64. Maybe they give out one /64 for all virtual servers in your account? And then one IPv4 for each server? I don't know, we do our own hosting so haven't used OVH. I think the bottom line is OP needs to go back to OVH and tell them of the desire to use a router in front of any servers.
-
@steveits Hi
The attibution of ip in ovh is like this
For each physical server we have 1 ipv4 (and can buy many another ipv4) and a /64 ipv6 blockIn my ovh account i have 6 physical server and each have it's own ipv4 and it's own ipv6 /64 ipv6 .
In this ovh documentation on how to configure ipv6 on a physical server (https://docs.ovh.com/gb/en/dedicated/network-ipv6/#freebsd_1) all the configuration looks simple but is not applicable to pfsense because of the gui configuration and when i configure the same thing in the gui I don't have internet access.
-
@lolo54000 Maybe just start fresh, reinstall pfSense from scratch and this time don't use DHCP vor IPv6.
With one /64 you can't do much anyways but at least pinging from pfSense WAN should work. -
@lolo54000 said in Ipv6 configured but unable to ping internet:
In my ovh account i have 6 physical server and each have it's own ipv4 and it's own ipv6 /64 ipv6
To have a router in front, you would need:
- an IPv6 for the router WAN
- an IPv4 for the router WAN
- OVH to route your other IP addresses to those IPs
- your servers to use your router LAN IPv4/IPv6 as their gateway
It sounds like they are simply not set up to handle a router, like you're asking for.