Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Track interface not working on my native IPV6 connection

    Scheduled Pinned Locked Moved
    IPv6
    3
    6
    10.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mhugo
      last edited by

      Despite reading through the forums and several months of trying I have yet to make my native IPv6 connection work with PFsense.  After much trial and error I still have several questions as to why it doesn't work since plugging a laptop directly to ISP feed works like a champ. I'll try to start off with a very specific question about why Track Interface doesn't seam to work.

      By not working I mean when  I plug a laptop into the LAN interface it fails to get an IPV6 address.  If I set the LAN interface to static then the laptop will get an IPV6 address but I'm still not able to reach the internet.  I think I've added firewall rules to both the WAN and LAN interface to pass all IPV6/ICMP/etc like other forum posts have suggested.  Anyway I digress talking about static IP address as my initial question is why doesn't Track Interface work for my setup?

      I'm using the latest 2.1-BETA build from last night.
      On the WAN interface it doesn't matter if I set it to SLAAC or DHCP6 since in both cases I get a IPV6 address and can log into the shell account of firewall and ping6/traceroute6 to the internet. Setting WAN to DHCP6 and LAN to Track Interface (Track Interface option is not available with SLAAC)
      Here are the ifconfig settings with Track Interface for the LAN after setting the interfaces and rebooting fresh.

      re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
              options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:xx:xx:xx:b5:f5
              inet6 fe80::xx:xx:xx:b5f5%re0 prefixlen 64 scopeid 0x1
              inet 69.62.xx.xx netmask 0xffffff80 broadcast 69.62.xx.127
              inet6 2606:400:yy:yy:xx:xx:xx:b5f5 prefixlen 64 autoconf
              nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (10baseT/UTP <half-duplex>)
              status: active
      re1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
              options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:xx:xx:xx:b5:f6
              inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
              inet6 fe80::1:1%re1 prefixlen 64 scopeid 0x2
              nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>)
              status: active

      Not sure what else is needed to diagnose this.
      I'm hoping I missed some forum post with some magic setting I've missed.</full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast></half-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>

      1 Reply Last reply Reply Quote 0
      • D
        databeestje
        last edited by

        SLAAC is there for appliances which only have 1 connection.

        If you want a router you need DHCP6 or static IPv6 since the ISP needs to route a network to you.

        So if you do use DHCP6, you select the prefix delegation size, this is what the ISP gives you. If the ISP only does a /64 then that is the largest you can select. The default is to request juts an DHCP6 address and no prefix. You need to request a prefix for router functionality.

        However, because we don't know how large a prefix the ISP allows we can not guess this.

        On the LAN interface select Track interface WAN and fill in a prefix id of 0. If you don't fill in atleast 0 here it will not configure this interface.

        1 Reply Last reply Reply Quote 0
        • M
          mhugo
          last edited by

          databeestje:  thanks for your insightful and quick reply.  Actually with all  the various things I tried I had failed to realize that the IPV6 address that the WAN was getting was via autoconfig and not via the DHCP6.  Therefore a quick wireshark session on the WAN side showed that my ISP doesn't have a working DHCP6 server and the DHCP6 calls pfsense make go unanswered.  Game over for trying to make DHCP6 work without ISP support and hence why Track interface wasn't working.

          Not sure if pfsense can act as a transparent bridge or if I am stuck without some help from the ISP.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            You really don't want to bridge to your ISP for your v6, I'd get in touch with them and try to get a proper DHCPv6 or static routed setup.

            1 Reply Last reply Reply Quote 0
            • D
              databeestje
              last edited by

              I am wondering why they are sending out Router Advertisements for autoconfiguration but no DHCP6 for Prefix Delegation. That doesn't make sense.

              You'll need to verify that the ISP actually has DHCP6 setup.

              1 Reply Last reply Reply Quote 0
              • M
                mhugo
                last edited by

                IPV6 definitely works for a single endpoint and has worked now for over a year with a directly connected Linux boxes that doesn't have a firewall between it and the ISP.  Works fine on a windows XP box as well.

                It is time to go find someone at the ISP to talk to.

                Thanks again for all of your replies.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post