IPv6 cannot connect to Internet
-
"ipconfig /all" will show a list:
Ethernet adapter Connection Name: (...) IPv6 Address. . . . . . . . . . . : 2603:300a:***:34b(Preferred) Temporary IPv6 Address. . . . . . : 2603:300a:***:8b18(Preferred)I've seen my PC have 10-15 or so, and yes if it changes the old ones have to die off or be removed so Windows will start using the newer ones.
netsh interface ipv6 delete address interface="Connection Name" IPV6HEREWe have a semi-related issue where the prefix changes when Comcast updates our modem but ISC DHCP apparently won't honor "deny unknown clients" for IPv6 and I haven't had a chance to try Kea again after hours. So I've been updating our routers manually, and (my point is) we use a relatively short lease time. But I digress...
-
When I checked again all IPv6 addressed were deprecated. I restarted the NIC and now it has a single IP matches with the prefix on pfSense. There is no blocking on logs but it still doesn't connect anywhere over IPv6.
I'm just asking to understand the process: Shouldn't it work this way if it's the thing you guys told about? @Bob.Dig @JKnott
-
If you use / stick with DHCPv6 (server) you can use this :
to make a 'static DHCPv6 lease" :
and from then on, that PC will only get the (one) ::cc IPv6, with the current prefix prepended.
Btw : my ISP IPV6 prefix, used for my LAN, rarely change.
@crazypotato142 said in All IPv6 traffic is being blocked:
again all IPv6 addressed were deprecated. I restarted the NIC
Not needed.
Type :ipconfig /renew6@crazypotato142 said in All IPv6 traffic is being blocked:
Shouldn't it work this way if it's the thing you guys told about?
Sure. Just keep in mind : On paper, IPv6 is ready, well defined, and should work well.
The thing is, there are probably a couple of ISPs (the ISP, the upstream router etc) out there that do respect fully the IPv6 guide lines (RFCs). The other 99,9 % make a mess out of it - doing their own 'things'.
Even pfSense isn't probably 'perfect'.The thing is : 99,+ % clients of all IPSs in the world have just one local LAN after their ISP router.
So pfSense as a LAN device of this ISP router like any other device in this ISP LAN, has to obtain a IPv6 in this ISP LAN. This part works pretty well.
What is fare more rare : pfSense isn't a 'normal' end device. It's a router, and has its own 'sub' LAN or LANs.
So it has to ask 'prefixes', these are blocks /64 or ::1 to ::fffff:ffff:ffff:ffff, for every LAN pfSense has. That part is less well tested, less well implemented. And it all starts with : less well understood. -
@crazypotato142 said in All IPv6 traffic is being blocked:
Shouldn't it work this way
Yes. So you might (also) have different problems.
-
@crazypotato142 said in All IPv6 traffic is being blocked:
I'm just asking to understand the process: Shouldn't it work this way if it's the thing you guys told about?
My prefix hasn't changed in almost 7 years, so I don't have much experience to work from. However, I would expect the pfSense LAN interface to show the new prefix and the router advertisements should tell other devices on the LAN what the new prefix is.
-
I don't know, I still don't think it's a prefix problem because I used it as it is for a long time without a single problem and now I simply can't connect to the internet with it.
But I can't see any problem on my settings and my ISP says there's nothing wrong on their side either. I'll just turn my IPv6 network completely off until I figured it out because it really causes my network go crazy.
Do you have any recommendations to check or solve?
-
@crazypotato142 Check the IPv6-addresses closely, are they really using the same prefix or do they differ. It must be the same prefix as pfSense LAN has.
In Windows use ipconfig /release6 and then ipconfig /renew6 and watch out for problems.
-
@Bob.Dig They are like this right now:
Photos deleted for privacy
Note: I can't ping an IPv6 address over pFsense interface either.
-
@crazypotato142 The first address already looks wrong. At least the prefix is the same.
-
@Bob.Dig
pFsense itself can't connect to anything over IPv6 either. I can't use IPv6 ping, not even get into the Update page cuz Netgate has IPv6 addresses for their website. -
@crazypotato142 said in IPv6 cannot connect to Internet:
pFsense itself can't connect to anything over IPv6 either.
That screams for a big problem, might be your ISP at this point.
-
I'll test it with their default router and keep here updated. Thank everyone for the help.
-
@Bob.Dig said in IPv6 cannot connect to Internet:
might be your ISP at this point.
Thats what i have been thinking through out this post.
-
@crazypotato142 said in IPv6 cannot connect to Internet:
pFsense itself can't connect to anything over IPv6 either.
I saw in your settings that you request a prefix only, not a WAN address. You might have to specify your LAN interface as the source address. You use the -s option for that.
-
@JKnott said in IPv6 cannot connect to Internet:
You might have to specify your LAN interface as the source address. You use the -s option for that.
How do I do that?
Also I didn't do such a thing after we got my IPv6 in this thread
https://forum.netgate.com/post/1217330 -
@crazypotato142 said in IPv6 cannot connect to Internet:
@JKnott
about 2 hours agoI don't know, I still don't think it's a prefix problem because I used it as it is for a long time
In an earlier post I suggested you capture the DHCP6 sequence to see what prefix you're assigned, to see if it's what's actually being used. Have you tried that?
In the capture you'll see 4 packets:
Then, in the last packet, should be something like this:
Compare the prefix with the one your network is using.
-
@JKnott
Package Capture stops when I plug the WAN cable. I'm doing it according to this: https://forum.netgate.com/topic/172514/capture-full-dhcp-or-dhcpv6-sequenceUpdate:
It doesn't work with the default router my ISP gave either. Prefix and IPs everything seems fine but nope, it still doesn't connect. I also checked Windows ipconfig while on it and it just showed single IP for each, prefix matched as well. -
@crazypotato142 said in IPv6 cannot connect to Internet:
Package Capture stops when I plug the WAN cable.
I just tried and it works fine here.
Do you have a switch that you can use to make a "data tap"?
-
@JKnott I'll try it again later today.
Unfortunately no, I don't have a managed switch.
