ipv6: can ping GUA address in different VLAN, but not ULA.
-
@tanya said in ipv6: can ping GUA address in different VLAN, but not ULA.:
In your case, maybe the GUA stays in place because you have defined them as static rather than track interface?
Your using "Track Interface"? If so what interface are you tracking?
-
That's the WAN interface I'm tracking.
Even if I wanted to, the dropdown list doesn't let me select anything else. It's WAN or nothing.
The Track Interface part in itself is working.
It's just that when I add an IP alias (and reboot) that it stops working: the GUA is no longer assigned to the interface, but the virtual IP is.
(even though the configuration it itself is unchanged)That is IIRC a known bug or issue, I've seen it in a few other posts as well.
-
Any other suggestions?
I have tried everything that was suggested and everything I could think of, but no success so far.
Two weeks ago I have created a bug report for the scenario I described above (post 15) where a working setup with ULA addresses stopped functioning after only reboot of the firewall.
Sadly, that too has generated little interest (none in fact) and has been shuffled back to page 2 of the bugtracker. -
Sadly pfsense is atm not fully IPv6 compliant imho, the freeBSD underlying parts are, but not the management parts of pfsense.
It's like in any other linux project, u still get only answers if the developers are interested. :/
For the rest of us, we need to invent the wheel every day again and again.
-
Just to check some more, in my test setup (3 virtual machines) I have replaced pfSense with one of its competing products, and applied the same minimal configuration.
Unlike pfSense, this setup keeps working after a reboot of the firewall/router.This once again confirms that what I intend to do should just work, doesn't it?
Finally, I removed the competing product, and once more installed pfSense from scratch, and again applied the minimal config.
Sadly, it again stops working once the firewall has been rebooted.I really would like to continue using pfSense, but I do need some help to make this work.
-
U have to setup the routes statically since pfsense does all over gui wrappers.
What happens after an reboot is, that the IP ordering GUA/ULA changes and, after all, so some of the needed routes get "lost" this way.
imo i tracked down the error to the interfaces.inc, but since netgate remains silent, i do not see to fix that(have similar IPv6 problems)
-
You mean: this is a bug/feature and unless someone solves it, I will never get it to work?
-
It isnt a feature, but yeah if u cant solve the ordering issue for self u have to wait and someone of the developers has to fix that bug. And its surely a bug when one setup has different results ->before reboot/after reboot.
Btw, what was the competing product if i may ask?
-
Ah ok, know that too but i still tried pfsense to get to work in this case. I need pfblocker for example, so it isnt so easy to change for me.
In your case i would choose the one which does job best, at the end all are a fork of something else.
So vote with your foots and dont stay silent if the support is crap for u, not only the paying customers are customers.
-
to the interfaces.inc file:
The specific parts of the script just checks for link local and an interface ipv6, but since IPv6 knows more than one type of an interface IP (GUA and ULA handled by a single function and stops if an matching IP is found)This could be the reason for the behavior i ve seen for my problem and at the end for ur's too.
For me an ifconfig in a console, i ll get all IPv6 IP's of an specific interface...if i do same in the gui i ll just only get two IP's
So u get for example in GUI an LL+GUA or an LL+ULA, but NOT ULA+GUA+LLSince most configs generate from the pfsense scripts, the underlying "real" IP's are ignored in this case.
At the end u have missing routes, cause the routes are build from only the half of informations needed
But my programming skills are not so deep to evaluate my thinking, im an hardware guy. :/
