ULA routing stops when trackinterface is down

gwabber

Hey all,

In my quest to get a fully functional IPv6 netwok, I stumbled across above mentioned problem.
I had to pull the plug on my modem for maintenance. As expected, my track interfaces went down. But also the ULA addresses I assigned as VIP's to those same networks, were not reachable anymore.
As soon as I plugged my modem back in, my trackinterfaces came back up, as well as my ULA.

Is there a way to fix this, or is it a setting I missed? I would like to keep my internal network running if my internet goes down. This problem does not occur with the IPv4 networks.

Thanks in advance!

the other

@gwabber hey there,
how did you try (while WAN was down so no Tracking Interface)? Ping those ULA IPs? Or did you just try their hostnames?
Do you have static mappings for those ULAs set? In short: could it be a mere dns problem? > Have set entries for those ULA networks in DNS ACL?

Further: do you have set virtual IPs (VIPs) to those interfaces in use?

I don't recall ever having problems with not reaching ULAs here, although "Internet was offline" more than once....

gwabber

@the-other thanks for your reply!

I didn't use DNS, but I tried to reach the device by its ULA IP address in my browser (in this case a Pi running Pihole). I don't have static IP's set for the devices, they are assigned by RA.

My setup is as follows:
I setup the ULA's for the interfaces in the VIP section.
Then I added the ULA to the RA subnets section.
My routermode is " Assisted"

NightlyShark

@gwabber You need to add routing entries for the ULAs. Eg, for subnets fc01:0:0:1/64, fc01:0:0:2/64, destination fc01::/56 gateway fc01::1 and so on... That creates a "fake" (non-internet) gateway in the Routing menu. You then select manually the actual gateways you want for internet (in the same menu), and create firewall rules (on each ULA enabled interface) like:

dst -> fc01::/56

#(and in the advanced options)

Gateway: fc01::1

That's what I did, at least.

NightlyShark

@gwabber

Did your PC get a ULA?

@gwabber said in ULA routing stops when trackinterface is down:

@the-other thanks for your reply!

I didn't use DNS, but I tried to reach the device by its ULA IP address in my browser (in this case a Pi running Pihole). I don't have static IP's set for the devices, they are assigned by RA.

My setup is as follows:
I setup the ULA's for the interfaces in the VIP section.
Then I added the ULA to the RA subnets section.
My routermode is " Assisted"

gwabber

@NightlyShark Thanks for the explanation! In which menu I can set that up?

gwabber

@NightlyShark when my internet is down you mean?

NightlyShark

@gwabber

@gwabber said in ULA routing stops when trackinterface is down:

@NightlyShark Thanks for the explanation! In which menu I can set that up?

Routing...

Gateway menu...

Static routes menu...

And here you select the "fake" gateway you created...

...here.

@gwabber said in ULA routing stops when trackinterface is down:

@NightlyShark when my internet is down you mean?

Yes.

gwabber

@NightlyShark

Thanks! I'm gonna try that tomorrow. I will let you know how it worked out!

My pc did get an ULA address when my internet was off

NightlyShark

@gwabber That means that DHCPv6 works, for the address part, at least.

gwabber

@NightlyShark
Sorry, I went to bed. I'm gonna try-out the configuration after work! I will let you know how it worked out.

What is the reason ula routing stops when the track interface goes down? Is that because the ULA by default uses the same gateway as the track interface?

NightlyShark

@gwabber Kinda.

NightlyShark

@gwabber Found this.

gwabber

@NightlyShark allright! I'm gonna read that first before I make changes. IPv6 still has a lot of stuff I need to learn, but it is very interesting.

gwabber

@gwabber Allright, two questions before I continue:

• should I set the interface of my fake gateway to WAN?

• If the current problem is that te gateway goes offline, is it also possible to tick the option "don't take action" in the default IPv6 gateway? Or is that too simple?

NightlyShark

@gwabber said in ULA routing stops when trackinterface is down:

@gwabber Allright, two questions before I continue:

• should I set the interface of my fake gateway to WAN?

• If the current problem is that te gateway goes offline, is it also possible to tick the option "don't take action" in the default IPv6 gateway? Or is that too simple?

1. No. You create one gateway per LAN
2. Read the reddit post

the other

hey there,
sorry for disturbing this very interesting post... :)

I just tried (too lazy to run all those chairs) and deactivated IPv6 in my Internetrouter (Fritzbox).
Behind that router sits my pfsense.
So with deactivated IPv6 my WAN (DHCPv6) went to "pending"...not reaching anything via v6 outside my LAN.

But: I could still ping and via browser reach my devices under their fd:whatever ULAs...
So I am a little confused now. Reading all this, I began to think I remembered wrongly in my first post. But now, with that try, I am a little lost.
I have no static routes or whatsoever discussed in this thread...I might do the labour, run those steps and pull the plug from pfsense's WAN and give it another try.
Or am I missing something obvious (no DHCPv6 in pfsense's LAN, using SLAAC via RA unmanaged...)?

NightlyShark

@gwabber

@gwabber said in ULA routing stops when trackinterface is down:

@gwabber Allright, two questions before I continue:

• should I set the interface of my fake gateway to WAN?

• If the current problem is that te gateway goes offline, is it also possible to tick the option "don't take action" in the default IPv6 gateway? Or is that too simple?

@the-other said in ULA routing stops when trackinterface is down:

hey there,
sorry for disturbing this very interesting post... :)

I just tried (too lazy to run all those chairs) and deactivated IPv6 in my Internetrouter (Fritzbox).
Behind that router sits my pfsense.
So with deactivated IPv6 my WAN (DHCPv6) went to "pending"...not reaching anything via v6 outside my LAN.

But: I could still ping and via browser reach my devices under their fd:whatever ULAs...
So I am a little confused now. Reading all this, I began to think I remembered wrongly in my first post. But now, with that try, I am a little lost.
I have no static routes or whatsoever discussed in this thread...I might do the labour, run those steps and pull the plug from pfsense's WAN and give it another try.
Or am I missing something obvious (no DHCPv6 in pfsense's LAN, using SLAAC via RA unmanaged...)?

I think the answer to all those problems in the end, is to do away with the ISP prefixes all together by doing ULA NpT

gwabber

@the-other okay.. that is something else.... how did you deactivate the wan? Did you disable the gateway or the wan ipv6 alltogether?

gwabber

@NightlyShark That is what I would like to do... but there are two caveats :

• My ISP delivers a dynamic prefix
• Windows prefers IPv4 above ULA's. It's fixable, but very annoying to setup every computer.