Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 is not working if gateway address is outside of provided /64 subnet.

    Scheduled Pinned Locked Moved 2.3-RC Snapshot Feedback and Issues - ARCHIVED
    13 Posts 4 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q Offline
      qtlnx
      last edited by

      Copying from general IPv6 to this 2.3-BETA Snapshot Feedback and Issues topic.
      details here https://forum.pfsense.org/index.php?topic=106392.0
      please advise.

      1 Reply Last reply Reply Quote 0
      • Q Offline
        qtlnx
        last edited by

        Looks like nobody cares about IPv6 here.
        Meanwhile I had to switch back to Linux where things work just fine but require manual configuration in absence of really nice pfSense UI.
        Has anyone ever thought of ditching FreeBSD? No need to answer on that though….

        1 Reply Last reply Reply Quote 0
        • jimpJ Offline
          jimp Rebel Alliance Developer Netgate
          last edited by

          Lots of us care about IPv6, though that type of setup is rare and fundamentally flawed from a networking perspective. It doesn't shock me that it works on Linux, but that doesn't make it a good configuration.

          I don't think any of us here have access to a provider network that is designed that way, at least for IPv6, so it's tough to diagnose something we can't even see.

          Have you tried using those same route commands on a plain FreeBSD installation (10.2 or 10.3-BETA)? It may be broken in FreeBSD, in which case it needs reported upstream to them.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • Q Offline
            qtlnx
            last edited by

            I will gladly provide full access to my pfSense installation to anyone willing to figure out and/or report this problems upstream.

            Given the fact that in DHCP6 mode default gateway and routing are discovered correctly a workaround could be added to pfSense UI to allow user to specify desired IPv6 address/mask even if DHCP6 mode is selected. I believe it is a simplest shot term solution.

            BTW, in Linux there are two automatic modes: "Automatic" and "Automatic, DHCP6 only", pfSense offers only DHCP6.

            1 Reply Last reply Reply Quote 0
            • A Offline
              athurdent
              last edited by

              I don't get this. Why would one use a dynamic IP for a server? Why not go with something static that you can create DNS records for?
              I had a KVM with the same wierd IPv6 config some time ago, so I just used the Standard Gateways Link-Local address as default gateway. Did not try that with pfSense though, the cheapo KVM tech specs were to small. :)

              1 Reply Last reply Reply Quote 0
              • Q Offline
                qtlnx
                last edited by

                Please read the whole topic from the very beginning. Specifying DHCP6 will allow underlying FreeBSD networking to setup gateway and routing, I suppose via router advertisement, since there is no DHCP6 on the network. Manually setting up the same gateway and routing does not result in a a working IPv6. However if desired address is manually set via ifconfig after automatic routing discovery then everything is working but does not survive a reboot.

                1 Reply Last reply Reply Quote 0
                • A Offline
                  athurdent
                  last edited by

                  So if there is no DHCPv6 server and you want it to be dynamic, try SLAAC. That normally chooses the LL address as Standard Gateway anyway.

                  1 Reply Last reply Reply Quote 0
                  • Q Offline
                    qtlnx
                    last edited by

                    SLAAC does not make a difference. Gateway is being set automatically but it is not reachable unless IPv6 address netmask made sufficiently wide, e.g. /64 to reach gateway. I don't know what is behind pfSense DHCP6 client settings but routing is working only if DHCP6 is enabled. I am sure there isn't any DHCP6 server on the subnet. I already specified all details in original post in IPv6 section. 2.3-BETA adds a route to the gateway but gateway is not reachable.

                    1 Reply Last reply Reply Quote 0
                    • jimpJ Offline
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      Are you certain that you used the exact same settings from when it worked using DHCP?

                      Given the previous difference you showed, DHCP apparently added a link route:

                      prefix_48::/48                    link#1                        U        vtnet0
                      

                      That route was not present in your manual config output.

                      This command:

                      route add -inet6 -net prefix_48::/48 -interface vtnet0
                      

                      doesn't produce the same type of route, which may account for the difference, though it should have made an entry, it doesn't show. When I test here for example I get```
                      prefix::/48                        00:0c:29:xx:xx:xx            US            0  1500    vmx1

                      
                      Though it's possible that dhcp6c is able to set the route in some way that the user-space route command cannot. You can also try adding "-link" before "-interface" though it may not make a difference, it's worth trying.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • Q Offline
                        qtlnx
                        last edited by

                        I currently don't have access to original gateway /48, network /64 system, since it runs Linux right now.
                        Another system where gateway is on /64 but network /80 even DHCP6 mode does not help.
                        As you correctly noted the difference, a route command does not create "link#n" entries.
                        However I can deal with setting up wider subnet for now.

                        On another note, I am looking for FreeBSD command which on Linux looks like

                        ip neigh add proxy [ipv6_address] dev eth0

                        ndp manual page http://www.freebsd.org/cgi/man.cgi?query=ndp&sektion=8 is somewhat cryptic.

                        1 Reply Last reply Reply Quote 0
                        • Q Offline
                          qtlnx
                          last edited by

                          Going back to original topic - it looks like discrepancy between gateway and subnet among VPS providers is pretty common.
                          Here is another case:
                          https://clients.liteserver.nl/knowledgebase.php?action=displayarticle&id=2

                          1 Reply Last reply Reply Quote 0
                          • J Offline
                            JorgeOliveira
                            last edited by

                            Hello,

                            Have you tried going to:
                            System > Routing > Gateways > WAN_DHCP6 (default) > Edit (pencil icon) > Advanced Options

                            Then check "Use non-local gateway through interface specific route." and save.

                            It should work if you do that.

                            Regards,
                            Jorge M. Oliveira

                            My views have absolutely no warranty express or implied. Always do your own research.

                            1 Reply Last reply Reply Quote 0
                            • Q Offline
                              qtlnx
                              last edited by

                              @JorgeOliveira:

                              Hello,

                              Have you tried going to:
                              System > Routing > Gateways > WAN_DHCP6 (default) > Edit (pencil icon) > Advanced Options

                              Then check "Use non-local gateway through interface specific route." and save.

                              Of course I did. I was told to do in one of the responses to my original posting https://forum.pfsense.org/index.php?topic=106392.0 and upgraded to latest BETA specifically for this purpose.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.