IPv6 Route Advertisement (RA) not working
-
See: https://doc.pfsense.org/index.php/Router_Advertisements For the various operational modes.
I have tried various combinations but alll failed to assign a RA to the client.
-
What were the results with DHCPv6-Server() & Router Advertisements(Router Only) ?
-
C,
I have a similar setup, 5 vlans on an lacp lagg.
I'm using a 4to6 GIF Tunnel to he.net on the front-end with a routed /48 on the back-end.
DHCPv6 is configured to hand out a small number of addresses :ff00 through :ffff, I've manually assigned IPv6 name servers in the DHCPv6 config. RA is configured as Managed, Normal, with the "use same settings as dhcpv6" setting checked.
My machines pull an IPv6 address and dns servers from dhcpv6, and then within a few seconds I'll see the link-local ipv6 address of the firewall get populated under the default gateway. (Windows 7)
..ct
-
within a few seconds I'll see the link-local ipv6 address of the firewall get populated under the default gateway. (Windows 7)
And the issue with that is exactly what?
-
Is something not working?
Link-local addresses are expected for your next hop gateway. That's the way it works.
$ ifconfig vlan0 vlan0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500 options=3 <rxcsum,txcsum>ether 3c:07:aa:0c:23:16 inet6 fe80::3e07:54ff:fe0c:2316%vlan0 prefixlen 64 scopeid 0xa inet6 2001:470:cafe:223:3e07:aaff:fe0c:2316 prefixlen 64 autoconf inet6 2001:470:cafe:223:70d4:e50b:eee7:4fd6 prefixlen 64 autoconf temporary $ netstat -rn -finet6 Routing tables Internet6: Destination Gateway Flags Netif Expire default fe80::230:18ff:fea4:ec72%vlan0 UGc vlan0</rxcsum,txcsum></up,broadcast,running,simplex,multicast>I don't use DHCPv6. Not worth the hassle here. I leave it off and set RA to unmanaged and it all just works.
-
So I disabled the DHCPv6 and only rely on RA for now. Clients still don't get handed out any default routes on IPv6, and now with DHCPv6 disabled also don't get any IPv6 address assigned to them. Even though RA is set to "Unmanaged" and with priority "High".
- How can i debug radvd ?
- Are there any settings that could prevent RA to advertise?
-
Not having IPv6 enabled might.
There is, quite literally, nothing to configure. Set a public /64 on LAN, make sure radvd is enabled in unmanaged state on LAN and DHCPv6 is disabled.
You don't have to set the priority to high or set any name servers (as long as you have an IPv6 name server defined.)
What client are you trying to get working? I just tried a Windows 8.1 VM in bridged mode (first time I've tried windows on IPv6, believe it or not) and everything seems to work except I can't ping out to the internet. I can resolve names (So DNS is working), and I can ping other subnets on pfSense (so the default gateway is working) but I can't, for example, ping -6 www.he.net. Name resolves but I get nothing back. Out of time right now but you might want to post some cut and past or screen shots of the client on which you say radvd isn't working.
Yes, my default gateway on windows is link-local.
-
- How can i debug radvd ?
Assure yourself of the effects of reconfiguring IPv6 by reboot pfSense.
I don't do DHCP6-Server(), but have LAN Static IPv6 & Router Advertisements(Router Only) to avoid SLAAC.
And I imagine DHCP6-Server() & Router Advertisements(Router Only) could work for you. -
I had IPv6 working using a he.net tunnel and unmanaged mode, but then somewhere down the line it stopped working and I couldn't figure out why.
It turns out anything other than a /64 prefix makes the SLAAC/unmanaged mode stop working. I set it to /112 because I would have very limited clients, but that made pfSense stop handing out IPv6 IPs. Set it back to /64 and now everything works.
Is this a bug, or is this by IPv6 design?
-
That's a fact of how SLAAC works, it requires a /64 network to function.
-
No issues, my setup works fine.
…ct
