When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface
-
I have no problem pinging an IPv6 address from pfSense.
-
@jknott I do have problems. Would someone like to investigate it?
-
@jknott If you tell me what additional information you need, I gladly provide it. The problem arose with this update and in two different environments. All the configuration worked in previous versions of Pfsense for more than a year. I also tried it with the default configuration and with the same result.
-
From WAN:
PING6(56=40+8+8 bytes) 2800:bf0:9fff:xxxx:xxx:xxxx:xxxx:xxxx --> 2606:4700:30::681c:d34--- rebelion.org ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet lossFrom LAN:
PING6(56=40+8+8 bytes) 2800:bf0:xxxx:xxxx:xxx:xxxx:xxxx:xxxx --> 2606:4700:30::681c:d34
16 bytes from 2606:4700:30::681c:d34, icmp_seq=0 hlim=53 time=96.966 ms
16 bytes from 2606:4700:30::681c:d34, icmp_seq=1 hlim=53 time=97.079 ms
16 bytes from 2606:4700:30::681c:d34, icmp_seq=2 hlim=53 time=96.010 ms--- rebelion.org ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 96.010/96.685/97.079/0.480 ms -
I am seeing the same thing with my SG-3100 applicance running on 2.4.4...
I can ping6 from LAN devices without a problem, but I cannot from a shell on the router.
And same as you, software updates take a long time as the router tries IPv6 first and only when it times out does it try IPv4. -
me too no problems. check your 4th okted, maybe there is something wrong? traceroute?
-
@yellowbrick Thanks for your report. That helped someone ask questions, the questions are important for the discovery, answering only that you do not have the problem is not very helpful. A hug.
-
@pfadmin A huge thank you for your questions. I know you do not have the problem, but I do and I'm not the only one, as you can see in the previous comment.
Traceroue output:
traceroute from wan:
1 2800:bf0:9fff:f110::1 2.702 ms 1.517 ms 2.673 ms
2 2800:bf0:9fff:f100::1 2.790 ms 2.471 ms 2.793 ms
3 fc00:0:0:600::1 1.756 ms 1.622 ms 1.733 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *Traceroute from LAN:
1 2800:bf0:9fff:f111::1 4.482 ms 1.862 ms 3.859 ms
2 2800:bf0:9fff:f100::1 3.641 ms 2.359 ms 2.915 ms
3 fc00:0:0:600::1 1.691 ms 3.023 ms 1.492 ms
4 * * *
5 2800:2a0:10:101:11::211 72.568 ms 77.331 ms 74.598 ms
6 2001:1900:2100::238d 70.480 ms 70.430 ms 72.982 ms
7 2001:1900::3:132 75.741 ms 76.288 ms 75.676 ms
8 2001:1900:4:3::18e 88.305 ms 75.839 ms 70.418 ms
9 2001:41a8:4020::13 84.835 ms 70.486 ms 70.600 ms
10 2001:41a8:4020:2::c2 97.255 ms 97.499 ms 93.197 ms
11 2400:cb00:17:1024::a29e:79b2 96.907 ms
2400:cb00:17:1024::a29e:784d 100.754 ms
2400:cb00:17:1024::a29e:7805 100.615 msAs I said above I tried with the factory settings and the result is the same. The current configuration had no problems and I have not changed it since version 2.4.2.
On 4th okted I would appreciate you explain to me to verify. I do not find information on this on the internet.
-
@fabianburpf said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
2606:4700:30::681c:d34
From one of my customer boxes. Comcast connection.
PING6(56=40+8+8 bytes) 2001:558:xxxxxxxxxxxxxxxxxxxx --> 2606:4700:30::681c:d34
16 bytes from 2606:4700:30::681c:d34, icmp_seq=0 hlim=58 time=16.638 ms
16 bytes from 2606:4700:30::681c:d34, icmp_seq=1 hlim=58 time=12.921 ms
16 bytes from 2606:4700:30::681c:d34, icmp_seq=2 hlim=58 time=13.744 ms
16 bytes from 2606:4700:30::681c:d34, icmp_seq=3 hlim=58 time=13.252 ms--- 2606:4700:30::681c:d34 ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 12.921/14.139/16.638/1.472 msWorks fine. May be something your ISP is doing??
-
@chpalmer Regarding your question: "Works fine. May be something your ISP is doing???" I can assure you that the problem starts with version 2.4.4. When I have been able to install a previous virtual version, from a snapshot, directly connected to the optical fiber ONT, everything works the way it is expected. I really do not think that event coincides with something the ISP does. I repeat that it worked fine, with the same configuration, before the update to 2.4.4
-
@fabianburpf said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
fc00:0:0:600::1
https://en.wikipedia.org/wiki/IPv6_address
fc00::/7 is a ULA
What happens if you use the option -s ?
Usage: traceroute [-adDeFInrSvx] [-f first_ttl] [-g gateway] [-i iface]
[-m max_ttl] [-p port] [-P proto] [-q nqueries] [-s src_addr]
[-t tos] [-w waittime] [-A as_server] [-z pausemsecs] host [packetlen][2.4.4-RELEASE][admin@pfsense]/root: traceroute6 -s 2a02:xxxx:xxxx:xxxx::1 2a02:8010:1:0:212:23:3:100
traceroute6 to 2a02:8010:1:0:212:23:3:100 (2a02:8010:1:0:212:23:3:100) from 2a02:xxxx:xxxx:xxxx::1 , 64 hops max, 20 byte packets
1 lo-0.cor2.lond1.ptn.zen.net.uk 10.671 ms 9.486 ms 9.277 ms
2 ae-13.cor2.manc1.ptn.zen.net.uk 17.043 ms 28.985 ms 20.455 ms
3 ae-22.cor1.manc1.ptn.zen.net.uk 16.278 ms 21.254 ms 21.568 ms
4 ae-23.cor1.roch1.ptn.zen.net.uk 20.429 ms 16.365 ms 16.597 ms
5 2a02:8010:0:a00:: 14.285 ms 28.466 ms 15.194 ms
6 2a02:8010:0:207::2 14.772 ms 14.343 ms 14.794 ms
7 cache01.dns.zen.net.uk 15.447 ms !P 14.768 ms !P 14.754 ms !P
[2.4.4-RELEASE][admin@pfsense]/root:Maybe do a packet capture on the WAN and open it in wireshark.
-
@nogbadthebad
from WAN:
traceroute6 -s 2800:bf0:9fff:xxxx:xxx:xxxx:xxxx:xxxx 2a02:8010:1:0:212:23:3:100
traceroute6 to 2a02:8010:1:0:212:23:3:100 (2a02:8010:1:0:212:23:3:100) from 2800:bf0:9fff:xxxx:xxx:xxxx:xxxx:xxxx, 64 hops max, 20 byte packets
1 2800:bf0:9fff:f110::1 2.599 ms 2.243 ms 2.207 ms
2 2800:bf0:9fff:f100::1 2.394 ms 2.369 ms 2.441 ms
3 fc00:0:0:600::1 1.994 ms 1.637 ms 1.683 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
31 * * *
32 * * *
33 * * *
34 * * *
35 * * *
36 * * *
37 * * *
38 * * *
39 * * *
40 * * *
41 * * *
42 * * *
43 * * *
44 * * *
45 * * *
46 * * *
47 * * *
48 * * *
49 * * *
50 * * *from LAN:
traceroute6 -s 2800:bf0:81c0:xxxx:xxx:xxxx:xxxx:xxxx 2a02:8010:1:0:212:23:3:100
traceroute6 to 2a02:8010:1:0:212:23:3:100 (2a02:8010:1:0:212:23:3:100) from 2800:bf0:81c0:xxxx:xxx:xxxx:xxxx:xxxx, 64 hops max, 20 byte packets
1 2800:bf0:9fff:f111::1 3.459 ms 2.361 ms 3.280 ms
2 2800:bf0:9fff:f100::1 3.107 ms 2.593 ms 2.265 ms
3 fc00:0:0:600::1 1.763 ms 1.724 ms 1.795 ms
4 * * *
5 2800:2a0:10:101:11::211 71.608 ms 76.455 ms 75.247 ms
6 xe-9-2-0.edge2.LosAngeles9.Level3.net 70.580 ms 71.078 ms 70.428 ms
7 * * *
8 NTT-level3-1x10G.Madrid.Level3.net 70.580 ms 77.561 ms 83.484 ms
9 ae-7.r04.miamfl02.us.bb.gin.ntt.net 72.544 ms 72.455 ms 72.457 ms
10 ae-8.r20.miamfl02.us.bb.gin.ntt.net 70.412 ms 70.779 ms 70.630 ms
11 ae-4.r23.asbnva02.us.bb.gin.ntt.net 100.332 ms 99.949 ms 99.625 ms
12 ae-0.r22.asbnva02.us.bb.gin.ntt.net 94.707 ms 100.264 ms 97.873 ms
13 ae-5.r25.nycmny01.us.bb.gin.ntt.net 99.857 ms 100.454 ms 100.296 ms
14 ae-1.r24.nycmny01.us.bb.gin.ntt.net 97.993 ms 99.637 ms 98.212 ms
15 ae-9.r24.londen12.uk.bb.gin.ntt.net 165.782 ms 165.254 ms 169.869 ms
16 ae-8.r02.londen03.uk.bb.gin.ntt.net 166.849 ms 165.433 ms 170.634 ms
17 xe-0-1-0-1-7.r02.londen03.uk.ce.gin.ntt.net 176.106 ms 163.838 ms 164.328 ms
18 ae0.cr1.th-lon.zen.net.uk 189.817 ms 196.175 ms 202.502 ms
19 ae4-0.cr1.wh-man.zen.net.uk 180.254 ms 180.711 ms 214.937 ms
20 ae0-0.dr1.sp-roch.zen.net.uk 183.841 ms 183.225 ms 183.929 ms
21 2a02:8010:0:205::2 176.856 ms 179.267 ms 180.045 ms
22 cache01.dns.zen.net.uk 188.908 ms !P 190.330 ms !P 185.477 ms !P -
@nogbadthebad Please explain the packages you should capture and the way to do it. Thank you
-
@fabianburpf said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
@chpalmer I really do not think that event coincides with something the ISP does. I repeat that it worked fine, with the same configuration, before the update to 2.4.4
So if mine and everyone else's works why do you think your issue is a problem caused by pfsense other than "it worked before"?
(Please explain the packages you should capture and the way to do it. Thank you) -
/diag_packet_capture.php
[2.4.4-RELEASE][admin@xxxxxx.xxxxxxx.org]/root: traceroute6 -s 2xxxxxxxxx 2a02:8010:1:0:212:23:3:100
traceroute6 to 2a02:8010:1:0:212:23:3:100 (2a02:8010:1:0:212:23:3:100) from 2001:xxxxxxxxxxxxxxxxxxxx, 64 hops max, 20 byte packets
1 2001:558:600a:cf::1 13.859 ms 9.883 ms 9.237 ms
2 po-107-rur01.tumwater.wa.seattle.comcast.net 9.899 ms 9.964 ms 9.775 ms
3 po-2-rur02.tumwater.wa.seattle.comcast.net 8.105 ms 11.319 ms 9.661 ms
4 be-44-ar01.seattle.wa.seattle.comcast.net 13.879 ms 13.628 ms 13.768 ms
5 be-33650-cr01.seattle.wa.ibone.comcast.net 15.052 ms * 16.749 ms
6 *
be-10847-pe02.seattle.wa.ibone.comcast.net 13.869 ms *
7 ae-31.a00.sttlwa01.us.bb.gin.ntt.net 13.663 ms 15.770 ms 13.494 ms
8 ae-9.r04.sttlwa01.us.bb.gin.ntt.net 14.514 ms 13.721 ms
ae-14.r05.sttlwa01.us.bb.gin.ntt.net 14.077 ms
9 ae-2.r22.sttlwa01.us.bb.gin.ntt.net 13.764 ms 14.382 ms
ae-1.r22.sttlwa01.us.bb.gin.ntt.net 17.675 ms
10 ae-0.r24.nycmny01.us.bb.gin.ntt.net 88.579 ms 101.201 ms 85.140 ms
11 ae-9.r24.londen12.uk.bb.gin.ntt.net 156.562 ms 151.233 ms 150.401 ms
12 ae-8.r02.londen03.uk.bb.gin.ntt.net 153.440 ms 153.703 ms 148.896 ms
13 xe-0-1-0-1-7.r02.londen03.uk.ce.gin.ntt.net 156.026 ms 158.485 ms 158.553 ms
14 ae0.cr1.th-lon.zen.net.uk 158.899 ms 153.132 ms 155.254 ms
15 ae4-0.cr1.wh-man.zen.net.uk 166.248 ms 193.078 ms 166.346 ms
16 ae0-0.dr1.sp-roch.zen.net.uk 164.142 ms 184.691 ms 161.297 ms
17 2a02:8010:0:205::2 173.480 ms 168.982 ms 159.820 ms
18 cache01.dns.zen.net.uk 161.215 ms !P 165.877 ms !P 169.071 ms !P
[2.4.4-RELEASE][admin@xxxxx.xxxxx.org]/root: -
@chpalmer said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
So if mine and everyone else's works why do you think your issue is a problem caused by pfsense other than "it worked before"?
I do not understand this question. I think it is not a help, but it can be a difficulty with the interpretation of the language or culture, if not, I do not see how we move forward.
-
@fabianburpf said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
@chpalmer said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
So if mine and everyone else's works why do you think your issue is a problem caused by pfsense other than "it worked before"?
I do not understand this question. I think it is not a help, but it can be a difficulty with the interpretation of the language or culture, if not, I do not see how we move forward.
Im trying to reason with you. You obviously have a problem that we do not have. We cannot diagnose your issue because it does not exist for us.
Do you know how to take screen shots and post them?
-
Show us this page.
-
-
@chpalmer Yes I know how to capture screens and publish them
-
@fabianburpf said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
I get native Ipv6 through my ISP
This is what you said...
But according to your gateway your ISP is using SLAAC which is a tunneling protocol. This was important to state up front.
I do not have such a connection to test with.