IPv6 not passing despite rules
-
hey folks
After the upgrade to 23.05 I've got some IPv6 issues. My hosts and my pfsense interfaces still get IPv6 IPs from my ISP.But traffic isn't passing at all. My top rule on LAN is an any/any for IPV6.
Any troubleshooting tips or tricks?
-
Check
System / Routing / Gateways
Mine was set to Automatic after Upgrade:
It should be set to the WANV6 TUNNEL interface:
-
@s0m3f00l
Thanks for the reply and suggestion.
I've tried both automatic and an explicate setting - no joy with either :/I can resolve IPv6 IPs, and I can ping6 across local subnets. I just can't get traffic to egress.
-
@SpaceBass Check the routing tables. Is there a default route?
-
@s0m3f00l I get a little out of my depth with IPv6 routes...
the default route is a local link: fe80::8271:1f0f:fcc1:5100I've noticed that I can pass IPv6 traffic across subnets (through pfSense), but I cannot reach the firewall itself via IPv6, it behaves just like trying to ping6 an external address.... the name resolves correctly, the firewall rule log shows a pass, but traffic doesnt move.
-
@SpaceBass I mean it sounds like your default GW for IPv6 is busted. Go to your PFSENSE console or VTY. netstat -rn should show a default route to the next hop. IDK what your setup is but it should be pointing to a 2001. For example my address points to Server IPv6 Address(GIF tunnel remote address if you used the netgate guide) of my HURRICANE ELECTRIC tunnel 2001*::-1
Does that make sense? If it isn't pointing at that address I would solve for why I lost my default ipv6 gw, not my FW rules.
-
@SpaceBass Do you have two WANs? There is thread https://forum.netgate.com/topic/180377/23-05-update-ipv6-rip
-
@SteveITS said in IPv6 not passing despite rules:
Do you have two WANs
bingo!
Just disabled WAN2 for testing, IPv6 works immediately.