Unable to figure out IPv6 on 2.1-RELEASE
-
Can you test this on your machines ans see if you have the same as me?
I don't seem to be able to ping anything and have it resolve to ipv6, tried ping -6 ipv6.google.com, ping -6 m0n0.ch, ping -6 xs4all.nl, and they're all failing from windows machine, however they are working fine from pfsense.
PING6(56=40+8+8 bytes) 2a02:2f0c:501f:ffff::bc1a:3871 --> 2a02:200:3:1::101 16 bytes from 2a02:200:3:1::101, icmp_seq=0 hlim=53 time=48.388 ms 16 bytes from 2a02:200:3:1::101, icmp_seq=1 hlim=53 time=48.390 ms 16 bytes from 2a02:200:3:1::101, icmp_seq=2 hlim=53 time=48.713 ms --- m0n0.ch ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 48.388/48.497/48.713/0.153 msC:\Windows\system32>ping -6 m0n0.ch Ping request could not find host m0n0.ch. Please check the name and try again.As already posted elsewhere - you seem to be behind broken HTTP proxy.
Could you elaborate on that please? The problem I seem to be having is that only the pfsense router can ping IPv6, but no machines on the lan are able to.
Also, as stated before, pinging the router seems to work?.
C:\Windows\system32>ping -6 fe80::1:1 Pinging fe80::1:1 with 32 bytes of data: Reply from fe80::1:1: time=1ms Reply from fe80::1:1: time<1ms Reply from fe80::1:1: time<1ms Reply from fe80::1:1: time<1ms Ping statistics for fe80::1:1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms -
@Onyx: The proxy note has not been for you.
-
Aw. Well, any idea why my router isn't sharing any of that IPv6 love with the LAN subnet?
-
Nothing relevant in the logs (system, firewall)?
-
Didn't think of the logs:
System General:
dhcp6c[6409]: client6_recvadvert: XID mismatchA whole bunch of them
Firewall:
Nothing that stands out as relevant -
Onyx, I'm on the same ISP. With the following settings i get a score of 10/10 on http://test-ipv6.com/:
Make sure you define a firewall rule to allow IPV6 icmp echo request on the WAN side; I also duplicated the "Default allow LAN to any rule" for all IPv6 traffic (i hope this is not a security risk). For a strange reason nothing works if i check "Block bogon networks" on WAN interface. Reboot and check that radvd is running.
On a side note, i get a lot of internal server errors every time i apply changes to any interface (ALIX2D3, no package installed).
-
Thank you Inq! Disabling (Block bogon networks) followed by a reboot and turning on the router advertisement daemon did the job wonderfully, but there are still a couple of strange things, firstly I was wondering if there is any firewall rule I can add to get IPv6 working without disabling (Block bogon networks). Second question is why does the IPv6 address appear under LAN instead of WAN?
(Perfectly drawn arrow in paint to display what I mean by IP showing in the wrong position)A third question would be where I can set the default DNS servers for IPv6 like I can on the IPv4 version (DHCP Server @ DNS servers)?
-
It shows in perfectly correct place for PD. You obviously use the delegated prefix on LAN, not WAN.
Note: I've filed https://redmine.pfsense.org/issues/3214 for the bogons{,v6} borkage. Too many threads here mentioned it kills all sorts of DHCP at least.
-
1. It seems to be a problem with the bogon rules and DHCP prefix delegation.
2. Regarding the IPv6 address on the WAN check "Status: Interfaces" you'll see a "IPv6 Link Local" address there and every station gets its public IPv6 by prefix delegation. I "THINK" that is the way DHCPv6 with prefix delegation is supposed to work ( someone correct me if i'm wrong).
3. You set the default DNS servers in "System: General Setup"… you don't have to fiddle with the DHCP server on the IPv6 side. The ISP is allocating the IPv6 addresses. -
Alright, makes sense. Got it all working now after adding 2001:4860:4860::8888 and 2001:4860:4860::8844 to the General Setup. I was expecting to have IPv6 DNS Server set to fe80::1:1%12 just like IPv6 Default Gateway is, but I'm glad its working now! Thanks alot both of you.
-
I'm having the same issue where the WAN IPv6 address does not show up anywhere in the GUI or the SSH menu and also the "WAN address" alias can not be used for firewall rules.
At the same time, doing an ifconfig on the WAN interface shows there is a public IPv6 address bound to it.
This has been the same for the last month of the 2.1-RC builds and is also the same in 2.1-RELEASE. Supposedly the fix will arrive in 2.1.1-RELEASE.