Can't ping link local address

zarje · Apr 14, 2016, 9:04 PM

You need to suffix the link local address with "%if", for example:
[2.3-RELEASE][admin@firewall.rdnzl.fi]/root: ping6 fe80::230:18ff:fea9:66cb%rl0
Where rl0 is my LAN interface.

Thanks for your help but I just found out what it is :o I had set the virtual IP of fe80::1 to have a subnet mask of 128. Oops. Changed it to /64 and all is good now.

My next question is, how can I tell the router advertisement (or however it is done) to tell clients to use fe80::1 as the default gateway? I'd much rather use a shorter simpler address like fe80::1 than fe80::230:18ff:fea9:66cb!

Thank you!

johnpoz · Apr 15, 2016, 11:50 AM

what does it matter how long the address is to the gateway, if the client finds it?? Your not having to hand code it..

zarje · Apr 15, 2016, 11:57 AM

@johnpoz:

what does it matter how long the address is to the gateway, if the client finds it?? Your not having to hand code it..

If I am troubleshooting, pinging fe80::1 is easy and convenient. Can this be done in pfesense?

johnpoz · Apr 15, 2016, 12:58 PM

why would you not just ping name anyway? Or do a simple traceroute to see what the first hop is going to, etc.

Or just copy paste anyway if IP is long.. What your asking to do is hard code the link local address in pfsense?

Sure you could do that via ifconfig you could add any address you want to an interface - see example attached.

Toady · Apr 15, 2016, 2:22 PM

I agree with the above - in both cases, I also usually configure (on Cisco hardware) short link local addresses for simplicity, but, IPv6 addresses are long - get used to it - use DNS ;)

zarje · Apr 15, 2016, 7:33 PM

@johnpoz:

why would you not just ping name anyway? Or do a simple traceroute to see what the first hop is going to, etc.

Or just copy paste anyway if IP is long.. What your asking to do is hard code the link local address in pfsense?

Sure you could do that via ifconfig you could add any address you want to an interface - see example attached.

I agree, use DNS wherever you can. But there will be times when I want to ping the routers IP address. fe80::1 is WAY simpler to use (and remember). Also, I can set each subnet to use the SAME IPv6 link local address of fe80::1 so it doesn't matter what machine I sit at for troubleshooting purposes or what subnet I am on as I will just know that the routers link local address is fe80::1. :) I know I can copy and paste the long address but I still want to use the short fe80::1 for each interfaces link local address.

So, how can I configure pfsense with a fe80::1 address on each LAN interface AND tell the router advertisement to use THIS short link local address rather than the long link local address? Can this be done? Currently I have just added a virtual IP under the firewall menu of fe80::1 on the LAN interface but on my test clients I am still only seeing the long link local address as the gateway address. (I can ping fe80::1 from my test clients)

Thanks for all your comments ;)

Toady · Apr 16, 2016, 8:38 AM

can it be done - yeah sure, I've done this in FreeBSD before, so sure its do-able.
Is the option available in the GUI - no, I can't find it either.

Its normal that the link local address is generated from the MAC address, so you could ghetto it into your hosts file ;)

MikeV7896 · Apr 16, 2016, 12:44 PM

I think if you look in your NDP table, you might find that fe80::1:1 is listed there… and there should be an entry for each of your internal network interfaces (for example, my NDP table shows fe80::1:1%igb1 and %igb2).

Those two interfaces on my box are "Track Interface: WAN" networks, so it's possible that it might not do it for a static IPv6 network.

zarje · Apr 17, 2016, 12:20 PM

I think what I'll do is leave it as is and just keep in the back of my mind that each subnets gateway address is fe80::1 AND the long link local address. I'll create a DNS entry for the long link local address for each gateway address on each subnet.

Thanks for the help :)

David_W · Apr 19, 2016, 8:01 PM

@virgiliomi:

I think if you look in your NDP table, you might find that fe80::1:1 is listed there… and there should be an entry for each of your internal network interfaces (for example, my NDP table shows fe80::1:1%igb1 and %igb2).

Those two interfaces on my box are "Track Interface: WAN" networks, so it's possible that it might not do it for a static IPv6 network.

pfSense uses fe80::1:1 for link local addresses if Track Interface is in use. In other IPv6 scenarios, pfSense likely uses an interface ID (the lower 64 bits) derived from the MAC address of one of the NICs in the machine, as per the IPv6 RFCs.

There are relatively few scenarios where you need to type a link local address manually. Unless the tool you intend to use gives some way other than the address of providing the scope, such as ping6's -I parameter, a link local address from DNS will not work as the scope (interface) is ambiguous. All machines are likely to have at least two interfaces - loopback and a physical NIC.

zarje · Apr 20, 2016, 6:38 PM

@David_W:

@virgiliomi:

I think if you look in your NDP table, you might find that fe80::1:1 is listed there… and there should be an entry for each of your internal network interfaces (for example, my NDP table shows fe80::1:1%igb1 and %igb2).

Those two interfaces on my box are "Track Interface: WAN" networks, so it's possible that it might not do it for a static IPv6 network.

pfSense uses fe80::1:1 for link local addresses if Track Interface is in use. In other IPv6 scenarios, pfSense likely uses an interface ID (the lower 64 bits) derived from the MAC address of one of the NICs in the machine, as per the IPv6 RFCs.

There are relatively few scenarios where you need to type a link local address manually. Unless the tool you intend to use gives some way other than the address of providing the scope, such as ping6's -I parameter, a link local address from DNS will not work as the scope (interface) is ambiguous. All machines are likely to have at least two interfaces - loopback and a physical NIC.

Yeah, I'm beginning to realise that link local addresses are limited and not used that much. I still think its "pretty" to use fe80::1 on the routers interface on each LAN.

Pardon my ignorance but what do you mean by: pfSense uses fe80::1:1 for link local addresses if Track Interface is in use

MikeV7896 · Apr 21, 2016, 1:47 AM

@zarje:

Pardon my ignorance but what do you mean by: pfSense uses fe80::1:1 for link local addresses if Track Interface is in use

If you receive a prefix from your ISP via DHCP then any inside interfaces (LAN, OPT1, etc.) that want to use a /64 from that prefix need to be configured for IPv6 as "Track Interface", then selecting the WAN interface as the interface being tracked, and the prefix ID to be used. With this setup, the pfSense interface will use a SLAAC address with the prefix, as well as configure itself as fe80::1:1 for link-local.

But if your interface has IPv6 configured static, then the fe80::1:1 link-local address isn't configured by pfSense.