IPv6 Not able to ping WAN to LAN

johnpoz

And what are the rules on your wan.. Do allow ipv6 through to this clients IP

Out of the box pfsense is not going to allow anything into wan… So no you would not be able to ping through to ipv6 unless you allow it.

manishchawla2017

WAN Also IPv6 any is allowed
I am not able to send any packet from LAN to WAN
Nor WAN to LAN on IPv6

johnpoz

Can your client ping your lan ipv6 IP? Your going to need to post up your rules for your lan and your wan if you want someone to help you point out what your doing wrong.

Out of the box lan allows any any ipv6 on lan… So if your client is getting a vlan ipv6 on your lan segment it should be able to ping your lan ipv6 and your wan ipv6.

From the outside.. Nobody would be able to ping your wan ipv6 or your clients behind it on your lan unless you allow for it.

JKnott

What does netstat -r show for the default route on IPv6? It should be a link local address, as that's what IPv6 normally uses for routing.

manishchawla2017

I am able to ping following from my machine

LAN gateway ie LAN port of Pfsense
WAN Port of pfsense from LAN
WAN port of pfsense from Internet

I am not able to ping

anything other than WAN port such as 2001:4860:4860::8888 ( Google DNS is not ping)
I am not able to ping my LAN port from Internet
even though policy is IPv6 any to any

manishchawla2017

ubuntu@ipv6testBed:~$ ip -6 route show
2001:df7:7640:bc4a::/64 dev ens18 proto ra metric 100 pref medium
fe80::/64 dev ens18 proto kernel metric 256 pref medium
default via fe80::21a:64ff:fe78:e820 dev ens18 proto static metric 100 pref medium

johnpoz

What policy?? Post up your rules.. Both lan and wan

manishchawla2017

Yes my Client is able to ping both LAN port of pfsense and WAN port of pfsense but nothing beyond it
If i login to pfsense, I am able to ping anything on Ipv6 from pfsense shell

@johnpoz:

Can your client ping your lan ipv6 IP? Your going to need to post up your rules for your lan and your wan if you want someone to help you point out what your doing wrong.

Out of the box lan allows any any ipv6 on lan… So if your client is getting a vlan ipv6 on your lan segment it should be able to ping your lan ipv6 and your wan ipv6.

From the outside.. Nobody would be able to ping your wan ipv6 or your clients behind it on your lan unless you allow for it.

manishchawla2017

@johnpoz:

What policy?? Post up your rules.. Both lan and wan

![Screen Shot 2018-05-04 at 8.19.25 PM.png](/public/imported_attachments/1/Screen Shot 2018-05-04 at 8.19.25 PM.png)
![Screen Shot 2018-05-04 at 8.19.25 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-05-04 at 8.19.25 PM.png_thumb)
![Screen Shot 2018-05-04 at 8.18.55 PM.png](/public/imported_attachments/1/Screen Shot 2018-05-04 at 8.18.55 PM.png)
![Screen Shot 2018-05-04 at 8.18.55 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-05-04 at 8.18.55 PM.png_thumb)

johnpoz

where did you come up with those addresses. I don't show any AS number for your wan IP

No AS number was found for 2001:df7:7640:a000::6
No AS number was found for 2001:df7:7640:bc4a::1

You can not just make numbers up? And use them…

manishchawla2017

Don't worry I have changed my IP while posting query for security reasons, my actual ip is routable and has a very clear route-object

@johnpoz:

where did you come up with those addresses. I don't show any AS number for your wan IP

No AS number was found for 2001:df7:7640:a000::6
No AS number was found for 2001:df7:7640:bc4a::1

You can not just make numbers up? And use them…

johnpoz

Well impossible to help you without being able to see if traffic gets to your wan or not, etc. In a traceroute.

PM me your actual IPs

manishchawla2017

It is reaching upto my WAN port of Pfsense
I am not authorized to share IP details