ULA routing stops when trackinterface is down

NightlyShark

@gwabber

@gwabber said in ULA routing stops when trackinterface is down:

@NightlyShark Thanks for the explanation! In which menu I can set that up?

Routing...

Gateway menu...

Static routes menu...

And here you select the "fake" gateway you created...

...here.

@gwabber said in ULA routing stops when trackinterface is down:

@NightlyShark when my internet is down you mean?

Yes.

gwabber

@NightlyShark

Thanks! I'm gonna try that tomorrow. I will let you know how it worked out!

My pc did get an ULA address when my internet was off

NightlyShark

@gwabber That means that DHCPv6 works, for the address part, at least.

gwabber

@NightlyShark
Sorry, I went to bed. I'm gonna try-out the configuration after work! I will let you know how it worked out.

What is the reason ula routing stops when the track interface goes down? Is that because the ULA by default uses the same gateway as the track interface?

NightlyShark

@gwabber Kinda.

NightlyShark

@gwabber Found this.

gwabber

@NightlyShark allright! I'm gonna read that first before I make changes. IPv6 still has a lot of stuff I need to learn, but it is very interesting.

gwabber

@gwabber Allright, two questions before I continue:

• should I set the interface of my fake gateway to WAN?

• If the current problem is that te gateway goes offline, is it also possible to tick the option "don't take action" in the default IPv6 gateway? Or is that too simple?

NightlyShark

@gwabber said in ULA routing stops when trackinterface is down:

@gwabber Allright, two questions before I continue:

• should I set the interface of my fake gateway to WAN?

• If the current problem is that te gateway goes offline, is it also possible to tick the option "don't take action" in the default IPv6 gateway? Or is that too simple?

1. No. You create one gateway per LAN
2. Read the reddit post

the other

hey there,
sorry for disturbing this very interesting post... :)

I just tried (too lazy to run all those chairs) and deactivated IPv6 in my Internetrouter (Fritzbox).
Behind that router sits my pfsense.
So with deactivated IPv6 my WAN (DHCPv6) went to "pending"...not reaching anything via v6 outside my LAN.

But: I could still ping and via browser reach my devices under their fd:whatever ULAs...
So I am a little confused now. Reading all this, I began to think I remembered wrongly in my first post. But now, with that try, I am a little lost.
I have no static routes or whatsoever discussed in this thread...I might do the labour, run those steps and pull the plug from pfsense's WAN and give it another try.
Or am I missing something obvious (no DHCPv6 in pfsense's LAN, using SLAAC via RA unmanaged...)?

NightlyShark

@gwabber

@gwabber said in ULA routing stops when trackinterface is down:

@gwabber Allright, two questions before I continue:

• should I set the interface of my fake gateway to WAN?

• If the current problem is that te gateway goes offline, is it also possible to tick the option "don't take action" in the default IPv6 gateway? Or is that too simple?

@the-other said in ULA routing stops when trackinterface is down:

hey there,
sorry for disturbing this very interesting post... :)

I just tried (too lazy to run all those chairs) and deactivated IPv6 in my Internetrouter (Fritzbox).
Behind that router sits my pfsense.
So with deactivated IPv6 my WAN (DHCPv6) went to "pending"...not reaching anything via v6 outside my LAN.

But: I could still ping and via browser reach my devices under their fd:whatever ULAs...
So I am a little confused now. Reading all this, I began to think I remembered wrongly in my first post. But now, with that try, I am a little lost.
I have no static routes or whatsoever discussed in this thread...I might do the labour, run those steps and pull the plug from pfsense's WAN and give it another try.
Or am I missing something obvious (no DHCPv6 in pfsense's LAN, using SLAAC via RA unmanaged...)?

I think the answer to all those problems in the end, is to do away with the ISP prefixes all together by doing ULA NpT

gwabber

@the-other okay.. that is something else.... how did you deactivate the wan? Did you disable the gateway or the wan ipv6 alltogether?

gwabber

@NightlyShark That is what I would like to do... but there are two caveats :

• My ISP delivers a dynamic prefix
• Windows prefers IPv4 above ULA's. It's fixable, but very annoying to setup every computer.

NightlyShark

@gwabber So, it was the addresses themselves that weren't reachable for sure? Or a DNS name? Just checking...

gwabber

@NightlyShark the addresses themselves unfortunately... thanks for your help so far!

Other weird thing; I just disabled the default WAN ipv6 gateway just for shits and giggles. Now the ULA's were still reachable....

NightlyShark

@gwabber It's one of those "did you turn it on and off" things, then...

gwabber

@NightlyShark I really don't know anymore . Only difference with pulling the plug on my modem was that the GUA's stayed active, only mu IPv6 internet was down. When I pulled the plug on my modem, the GUA's dissapeared. My girlfriend is using Netflix right nog, so I can't pull the plug on my modem. Tomorrow I will try that!

The show continues...

the other

hey..pantpant...there...jk ;)

Just went in the cellar, pulled the plug (LAN cable between fritzbox (internetrouter) and pfsense's WAN.
Then run back upstairs. Rebootet pfsense. Rebooted pc.
Waited.
Tried ip a on pc > shows no GUA (of course) but its ULA (static mapping in pfsense).
Logged into pfsense (IPv4), tried ifonfig > no GUA, but all ULAs still there. ok
Then went to Status > Interfaces: same, no GUA (I get dynmaic prefixes from my ISP here as well, a nice /56) but ULAs as set under RA settings. ok.

then tried to ping my v6 devices (some of them, same and different vlans). reached all of them with their ULA.ok.

then tried to reach them with firefox, entering my https://ULAs. Reached all of them.ok.

So: after pulling the switch, rebooting, confirming that no GUAs are given out to anything in pfsense and pfsense itself...routing ULAs still works as if I never even pulled that LAN cable (and DID NOT RUN THOSE STAIRS, dammit). ;)

Then went downstairs again, just put LAN cable between fritzbox and pfsense back in, crawled upstairs again...tadaa: no reboot, still getting my GUA now for all interfaces with active v6 and all devices get their GUA as well (as another ip a showed).

I tried all that with their ULA, not DNS name...

At least I got my pe today.

Bob.Dig

Maybe the problem is related to that patch? Now who has that patch and who doesn't.

the other

@Bob-Dig hey there,
indeed, after the 2.72 "bug" that broke ULA routing I downloaded the patch (assuming that's the one you meant) and applied it.
It worked and I just looked: must have reverted it sometime ago, it is not "active" in my system/patches view...
But if I remember correctly: wasn't the problem to that patch, that even with v6 online and working one could not route ULAs only? Aliases and VIPs were somehow not working (which did prior to 2.7.2). But it's Monday and late and I might recall that incorrectly. :)