Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 can't ping from LAN device but can ping from LAN interface

    IPv6
    2
    7
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      emerge30
      last edited by

      I had succesfully configured IPv6 per the Comcast IPv6 instructions for my new PFsense installation.  I had full IPv6 connectivity, Router Advertisements were configured and DHCPv6 leases were being obtained from the Comcast modem, or so I thought.

      I logged in this morning, and none of my IPv6 was working.  I can ping IPv6 from the WAN interface and the LAN interface using the ping tool within PFsense, however I cannot ping or access IPv6 from a LAN configured device.

      I did a packet capture on the LAN and WAN interface to see if my ICMPv6 packets were getting through, and it looks like they get from LAN -> WAN, and an echo reply is sent back on the WAN but never makes it back to my LAN device.

      LAN Packet Capture:

      10:34:23.938918 IP6 2601:d:2784:1fe0::2000 > ff02::1:ff01:1: ICMP6, neighbor solicitation, who has fe80::1:1, length 32
10:34:24.921570 IP6 2601:d:2784:1fe0::2000 > ff02::1:ff01:1: ICMP6, neighbor solicitation, who has fe80::1:1, length 32
10:34:25.329324 IP6 fe80::1:1 > ff02::1: ICMP6, router advertisement, length 160
10:34:25.330083 IP6 2601:d:2784:1fe0::2000 > 2607:f8b0:4002:c07::93: ICMP6, echo request, seq 31, length 40
10:34:28.930626 IP6 2601:d:2784:1fe0::2000 > 2607:f8b0:4002:c07::93: ICMP6, echo request, seq 32, length 40
10:34:29.929000 IP6 fe80::e1bb:91c9:87d4:9ce3 > fe80::1:1: ICMP6, neighbor solicitation, who has fe80::1:1, length 32
10:34:29.929061 IP6 fe80::1:1 > fe80::e1bb:91c9:87d4:9ce3: ICMP6, neighbor advertisement, tgt is fe80::1:1, length 24
10:34:33.936263 IP6 2601:d:2784:1fe0::2000 > 2607:f8b0:4002:c07::93: ICMP6, echo request, seq 33, length 40
10:34:34.922850 IP6 fe80::1:1 > fe80::e1bb:91c9:87d4:9ce3: ICMP6, neighbor solicitation, who has fe80::e1bb:91c9:87d4:9ce3, length 32
10:34:34.923147 IP6 fe80::e1bb:91c9:87d4:9ce3 > fe80::1:1: ICMP6, neighbor advertisement, tgt is fe80::e1bb:91c9:87d4:9ce3, length 32
10:34:38.938518 IP6 2601:d:2784:1fe0::2000 > 2607:f8b0:4002:c07::93: ICMP6, echo request, seq 34, length 40
10:34:41.518279 IP6 fe80::1:1 > ff02::1: ICMP6, router advertisement, length 160

      WAN Packet Capture:

      259 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 38152, length 40
10:35:31.773238 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 38152, length 40
10:35:32.694310 IP6 2601:d:2784:1fe0::2000 > 2607:f8b0:4002:c07::6a: ICMP6, echo request, seq 37, length 40
10:35:32.724034 IP6 2607:f8b0:4002:c07::6a > 2601:d:2784:1fe0::2000: ICMP6, echo reply, seq 37, length 40
10:35:32.809588 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 38408, length 40
10:35:32.821573 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 38408, length 40
10:35:33.812868 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 38664, length 40
10:35:33.830907 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 38664, length 40
10:35:34.822868 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 38920, length 40
10:35:34.825962 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 38920, length 40
10:35:35.832869 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 39176, length 40
10:35:35.836440 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 39176, length 40
10:35:36.841048 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 39432, length 40
10:35:36.844104 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 39432, length 40
10:35:37.103079 IP6 fe80::abd:43ff:feea:1557 > ff02::1: ICMP6, router advertisement, length 120
10:35:37.434955 IP6 2601:d:2784:1fe0::2000 > 2607:f8b0:4002:c07::6a: ICMP6, echo request, seq 38, length 40
10:35:37.473773 IP6 2607:f8b0:4002:c07::6a > 2601:d:2784:1fe0::2000: ICMP6, echo reply, seq 38, length 40
10:35:37.848975 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 39688, length 40
10:35:37.852033 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 39688, length 40
10:35:38.848986 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 39944, length 40
10:35:38.852451 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 39944, length 40
10:35:39.856792 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 40200, length 40
10:35:39.859679 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 40200, length 40
10:35:40.862874 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 40456, length 40
10:35:40.865855 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 40456, length 40
10:35:41.872553 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 40712, length 40
10:35:41.876209 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 40712, length 40
10:35:42.419597 IP6 2601:d:2784:1fe0::2000 > 2607:f8b0:4002:c07::6a: ICMP6, echo request, seq 39, length 40
10:35:42.452522 IP6 2607:f8b0:4002:c07::6a > 2601:d:2784:1fe0::2000: ICMP6, echo reply, seq 39, length 40
10:35:42.880432 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 40968, length 40
10:35:42.883462 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 40968, length 40
10:35:43.892864 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 41224, length 40
10:35:43.896475 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 41224, length 40
10:35:44.902873 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 41480, length 40
10:35:44.907188 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 41480, length 40
10:35:45.902881 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 41736, length 40
10:35:45.906087 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 41736, length 40
10:35:46.911923 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 41992, length 40
10:35:46.914935 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 41992, length 40
10:35:47.438749 IP6 2601:d:2784:1fe0::2000 > 2607:f8b0:4002:c07::6a: ICMP6, echo request, seq 40, length 40
10:35:47.471216 IP6 2607:f8b0:4002:c07::6a > 2601:d:2784:1fe0::2000: ICMP6, echo reply, seq 40, length 40
10:35:47.919849 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 42248, length 40
10:35:47.924920 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 42248, length 40
10:35:48.932893 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 42504, length 40
10:35:48.935952 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 42504, length 40
10:35:49.254244 IP6 fe80::abd:43ff:feea:1557 > ff02::1: ICMP6, router advertisement, length 120
10:35:49.935543 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 42760, length 40
10:35:49.939340 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 42760, length 40
10:35:50.943746 IP6 fe80::d437:90ff:febe:1e32 > fe80::abd:43ff:feea:1557: ICMP6, echo request, seq 43016, length 40
10:35:50.946790 IP6 fe80::abd:43ff:feea:1557 > fe80::d437:90ff:febe:1e32: ICMP6, echo reply, seq 43016, length 40

      PFSense is showing an active DHCPv6 lease for my IPv6 address, which is odd considering I do not have DHCPv6 enabled, and am only using Assisted RA.

      2601:d:2784:1fe0::2000 	240434935 	00:01:00:01:1c:08:10:0d:54:be:f7:0b:6d:de 	54:be:f7:0b:6d:de  	2015/04/07 10:11:37 	2015/04/07 12:11:37 	online 	active

      Nothing has changed between yesterday and today, as far as I'm aware.  My IPv6 configuration locally looks correct:

      
Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : ethernet.local
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-V
   Physical Address. . . . . . . . . : 54-BE-F7-0B-6D-DE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:d:2784:1fe0::2000(Preferred)
   Lease Obtained. . . . . . . . . . : Tuesday, April 07, 2015 10:11:37 AM
   Lease Expires . . . . . . . . . . : Tuesday, April 07, 2015 12:11:37 PM
   Link-local IPv6 Address . . . . . : fe80::e1bb:91c9:87d4:9ce3%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.254.11(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, April 07, 2015 10:08:43 AM
   Lease Expires . . . . . . . . . . : Tuesday, April 07, 2015 12:08:43 PM
   Default Gateway . . . . . . . . . : fe80::1:1%11
                                       10.0.254.1
   DHCP Server . . . . . . . . . . . : 10.0.254.1
   DHCPv6 IAID . . . . . . . . . . . : 240434935
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-08-10-0D-54-BE-F7-0B-6D-DE

   DNS Servers . . . . . . . . . . . : 2601:d:2784:1fe0:9c45:61ff:fe0e:2f94
                                       10.0.254.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

      Any help would be much appreciated, I thought I was doing well yesterday!  :-[

      1 Reply Last reply Reply Quote 0
      • E
        emerge30
        last edited by

        I've already disabled bogon networks, though that bug appears to have been fixed already.  I've read through plenty of forum articles on this, and my issue doesn't seem to be that I'm not getting an IPv6 address - I am - it seems to be a routing issue that I do not fully understand.

        1 Reply Last reply Reply Quote 0
        • H
          hda
          last edited by

          RA experimentation needed. Why are you with Assisted. ? Try Router Only (pure static) or Unmanaged (default SLAAC).

          1 Reply Last reply Reply Quote 0
          • E
            emerge30
            last edited by

            Thanks for your response.

            I've tried both unmanaged and router only, and neither seem to bring back my connection to the outside.

            1 Reply Last reply Reply Quote 0
            • H
              hda
              last edited by

              Again, why are you with Assisted ? You seem to run a static host which can use RA Router Only. Config SNAFU, Reboot ?

              1 Reply Last reply Reply Quote 0
              • E
                emerge30
                last edited by

                @hda:

                Again, why are you with Assisted ? You seem to run a static host which can use RA Router Only. Config SNAFU, Reboot ?

                I misread the description of it's functionality.

                Reboot what, PFsense or the client?

                1 Reply Last reply Reply Quote 0
                • E
                  emerge30
                  last edited by

                  Not sure if this has much if anything to do with 2.2.1, but as this is a development environment for me I was able to upgrade to version 2.2.2-DEVELOPMENT.  My issues are fixed (right now).

                  I will report back if they break again.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.