When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface
-
@fabianburpf said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
fc00:0:0:600::1
https://en.wikipedia.org/wiki/IPv6_address
fc00::/7 is a ULA
What happens if you use the option -s ?
Usage: traceroute [-adDeFInrSvx] [-f first_ttl] [-g gateway] [-i iface]
[-m max_ttl] [-p port] [-P proto] [-q nqueries] [-s src_addr]
[-t tos] [-w waittime] [-A as_server] [-z pausemsecs] host [packetlen][2.4.4-RELEASE][admin@pfsense]/root: traceroute6 -s 2a02:xxxx:xxxx:xxxx::1 2a02:8010:1:0:212:23:3:100
traceroute6 to 2a02:8010:1:0:212:23:3:100 (2a02:8010:1:0:212:23:3:100) from 2a02:xxxx:xxxx:xxxx::1 , 64 hops max, 20 byte packets
1 lo-0.cor2.lond1.ptn.zen.net.uk 10.671 ms 9.486 ms 9.277 ms
2 ae-13.cor2.manc1.ptn.zen.net.uk 17.043 ms 28.985 ms 20.455 ms
3 ae-22.cor1.manc1.ptn.zen.net.uk 16.278 ms 21.254 ms 21.568 ms
4 ae-23.cor1.roch1.ptn.zen.net.uk 20.429 ms 16.365 ms 16.597 ms
5 2a02:8010:0:a00:: 14.285 ms 28.466 ms 15.194 ms
6 2a02:8010:0:207::2 14.772 ms 14.343 ms 14.794 ms
7 cache01.dns.zen.net.uk 15.447 ms !P 14.768 ms !P 14.754 ms !P
[2.4.4-RELEASE][admin@pfsense]/root:Maybe do a packet capture on the WAN and open it in wireshark.
-
@nogbadthebad
from WAN:
traceroute6 -s 2800:bf0:9fff:xxxx:xxx:xxxx:xxxx:xxxx 2a02:8010:1:0:212:23:3:100
traceroute6 to 2a02:8010:1:0:212:23:3:100 (2a02:8010:1:0:212:23:3:100) from 2800:bf0:9fff:xxxx:xxx:xxxx:xxxx:xxxx, 64 hops max, 20 byte packets
1 2800:bf0:9fff:f110::1 2.599 ms 2.243 ms 2.207 ms
2 2800:bf0:9fff:f100::1 2.394 ms 2.369 ms 2.441 ms
3 fc00:0:0:600::1 1.994 ms 1.637 ms 1.683 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
31 * * *
32 * * *
33 * * *
34 * * *
35 * * *
36 * * *
37 * * *
38 * * *
39 * * *
40 * * *
41 * * *
42 * * *
43 * * *
44 * * *
45 * * *
46 * * *
47 * * *
48 * * *
49 * * *
50 * * *from LAN:
traceroute6 -s 2800:bf0:81c0:xxxx:xxx:xxxx:xxxx:xxxx 2a02:8010:1:0:212:23:3:100
traceroute6 to 2a02:8010:1:0:212:23:3:100 (2a02:8010:1:0:212:23:3:100) from 2800:bf0:81c0:xxxx:xxx:xxxx:xxxx:xxxx, 64 hops max, 20 byte packets
1 2800:bf0:9fff:f111::1 3.459 ms 2.361 ms 3.280 ms
2 2800:bf0:9fff:f100::1 3.107 ms 2.593 ms 2.265 ms
3 fc00:0:0:600::1 1.763 ms 1.724 ms 1.795 ms
4 * * *
5 2800:2a0:10:101:11::211 71.608 ms 76.455 ms 75.247 ms
6 xe-9-2-0.edge2.LosAngeles9.Level3.net 70.580 ms 71.078 ms 70.428 ms
7 * * *
8 NTT-level3-1x10G.Madrid.Level3.net 70.580 ms 77.561 ms 83.484 ms
9 ae-7.r04.miamfl02.us.bb.gin.ntt.net 72.544 ms 72.455 ms 72.457 ms
10 ae-8.r20.miamfl02.us.bb.gin.ntt.net 70.412 ms 70.779 ms 70.630 ms
11 ae-4.r23.asbnva02.us.bb.gin.ntt.net 100.332 ms 99.949 ms 99.625 ms
12 ae-0.r22.asbnva02.us.bb.gin.ntt.net 94.707 ms 100.264 ms 97.873 ms
13 ae-5.r25.nycmny01.us.bb.gin.ntt.net 99.857 ms 100.454 ms 100.296 ms
14 ae-1.r24.nycmny01.us.bb.gin.ntt.net 97.993 ms 99.637 ms 98.212 ms
15 ae-9.r24.londen12.uk.bb.gin.ntt.net 165.782 ms 165.254 ms 169.869 ms
16 ae-8.r02.londen03.uk.bb.gin.ntt.net 166.849 ms 165.433 ms 170.634 ms
17 xe-0-1-0-1-7.r02.londen03.uk.ce.gin.ntt.net 176.106 ms 163.838 ms 164.328 ms
18 ae0.cr1.th-lon.zen.net.uk 189.817 ms 196.175 ms 202.502 ms
19 ae4-0.cr1.wh-man.zen.net.uk 180.254 ms 180.711 ms 214.937 ms
20 ae0-0.dr1.sp-roch.zen.net.uk 183.841 ms 183.225 ms 183.929 ms
21 2a02:8010:0:205::2 176.856 ms 179.267 ms 180.045 ms
22 cache01.dns.zen.net.uk 188.908 ms !P 190.330 ms !P 185.477 ms !P -
@nogbadthebad Please explain the packages you should capture and the way to do it. Thank you
-
@fabianburpf said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
@chpalmer I really do not think that event coincides with something the ISP does. I repeat that it worked fine, with the same configuration, before the update to 2.4.4
So if mine and everyone else's works why do you think your issue is a problem caused by pfsense other than "it worked before"?
(Please explain the packages you should capture and the way to do it. Thank you) -
/diag_packet_capture.php
[2.4.4-RELEASE][admin@xxxxxx.xxxxxxx.org]/root: traceroute6 -s 2xxxxxxxxx 2a02:8010:1:0:212:23:3:100
traceroute6 to 2a02:8010:1:0:212:23:3:100 (2a02:8010:1:0:212:23:3:100) from 2001:xxxxxxxxxxxxxxxxxxxx, 64 hops max, 20 byte packets
1 2001:558:600a:cf::1 13.859 ms 9.883 ms 9.237 ms
2 po-107-rur01.tumwater.wa.seattle.comcast.net 9.899 ms 9.964 ms 9.775 ms
3 po-2-rur02.tumwater.wa.seattle.comcast.net 8.105 ms 11.319 ms 9.661 ms
4 be-44-ar01.seattle.wa.seattle.comcast.net 13.879 ms 13.628 ms 13.768 ms
5 be-33650-cr01.seattle.wa.ibone.comcast.net 15.052 ms * 16.749 ms
6 *
be-10847-pe02.seattle.wa.ibone.comcast.net 13.869 ms *
7 ae-31.a00.sttlwa01.us.bb.gin.ntt.net 13.663 ms 15.770 ms 13.494 ms
8 ae-9.r04.sttlwa01.us.bb.gin.ntt.net 14.514 ms 13.721 ms
ae-14.r05.sttlwa01.us.bb.gin.ntt.net 14.077 ms
9 ae-2.r22.sttlwa01.us.bb.gin.ntt.net 13.764 ms 14.382 ms
ae-1.r22.sttlwa01.us.bb.gin.ntt.net 17.675 ms
10 ae-0.r24.nycmny01.us.bb.gin.ntt.net 88.579 ms 101.201 ms 85.140 ms
11 ae-9.r24.londen12.uk.bb.gin.ntt.net 156.562 ms 151.233 ms 150.401 ms
12 ae-8.r02.londen03.uk.bb.gin.ntt.net 153.440 ms 153.703 ms 148.896 ms
13 xe-0-1-0-1-7.r02.londen03.uk.ce.gin.ntt.net 156.026 ms 158.485 ms 158.553 ms
14 ae0.cr1.th-lon.zen.net.uk 158.899 ms 153.132 ms 155.254 ms
15 ae4-0.cr1.wh-man.zen.net.uk 166.248 ms 193.078 ms 166.346 ms
16 ae0-0.dr1.sp-roch.zen.net.uk 164.142 ms 184.691 ms 161.297 ms
17 2a02:8010:0:205::2 173.480 ms 168.982 ms 159.820 ms
18 cache01.dns.zen.net.uk 161.215 ms !P 165.877 ms !P 169.071 ms !P
[2.4.4-RELEASE][admin@xxxxx.xxxxx.org]/root: -
@chpalmer said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
So if mine and everyone else's works why do you think your issue is a problem caused by pfsense other than "it worked before"?
I do not understand this question. I think it is not a help, but it can be a difficulty with the interpretation of the language or culture, if not, I do not see how we move forward.
-
@fabianburpf said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
@chpalmer said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
So if mine and everyone else's works why do you think your issue is a problem caused by pfsense other than "it worked before"?
I do not understand this question. I think it is not a help, but it can be a difficulty with the interpretation of the language or culture, if not, I do not see how we move forward.
Im trying to reason with you. You obviously have a problem that we do not have. We cannot diagnose your issue because it does not exist for us.
Do you know how to take screen shots and post them?
-
Show us this page.
-
-
@chpalmer Yes I know how to capture screens and publish them
-
@fabianburpf said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
I get native Ipv6 through my ISP
This is what you said...
But according to your gateway your ISP is using SLAAC which is a tunneling protocol. This was important to state up front.
I do not have such a connection to test with.
-
@chpalmer Does not use SLAAC. Once I configured it that way and it stayed with that name, which I can not change from the original configuration. When performing a factory configuration, the gateway displays the correct name that is DHCP6.
-
@chpalmer said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
I get native Ipv6 through my ISP
What I say is true
-
-
@chpalmer I do not have the slightest interest in telling lies. thanks for your help
-
@chpalmer said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
SLAAC which is a tunneling protocol
Can you please refer me to a source that explains your say?
-
@fabianburpf said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
@chpalmer said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
SLAAC which is a tunneling protocol
Can you please refer me to a source that explains your say?
Looks like I remembered wrong. Doesn't matter though if your not using it.
On your WAN page.. go down to DHCP6 Client Configuration.. Can you uncheck "only request an IPv6 prefix, do not request an IPv6 address" and try again..
-
@chpalmer I did it now and the result was that ipv6 address was lost in LAN and WAN
-
With a prefix of 64 you can only have global IPv6 addresses on one Interface, either WAN or LAN. If you want to have them on both you need a smaller prefix like 56.
-
@grimson Thank you for your contribution. With that configuration you get ipv6 address in wan and in lan, under Pfsense 2.4.4 there is no ping from wan, yes from LAN. With the same configuration in Pfsense 2.4.3_p1 and earlier, I got ipv6 address in wan and in lan and I could also do piing from wan and from lan
I tried your suggestion of a prefix of 56, the result was that the IPV6 address in LAN was lost. In Wan you get IPV6 address, but it does not ping.
-
@fabianburpf said in When making the update to 2.4.4 it is impossible to ping IPV6 from the WAN interface:
@nogbadthebad Please explain the packages you should capture and the way to do it. Thank you
Diagnostics -> Packet Capture
When I traceroute to the 1st & 2nd hops I get nowhere.
Am I correct in saying your in Latin America ?
Last login: Wed Nov 21 08:17:09 on console
mac-pro:~ andy$ traceroute6 2800:bf0:9fff:f100::1
traceroute6 to 2800:bf0:9fff:f100::1 (2800:bf0:9fff:f100::1) from 2a02:xxxx:xxxx:2::14, 64 hops max, 12 byte packets
1 pfsense-user 1.950 ms 1.806 ms 1.812 ms
2 * * *
^C
mac-pro:~ andy$ traceroute6 2800:bf0:9fff:f110::1
traceroute6 to 2800:bf0:9fff:f110::1 (2800:bf0:9fff:f110::1) from 2a02:xxxx:xxxx:2::14, 64 hops max, 12 byte packets
1 pfsense-user 1.998 ms 1.769 ms 1.782 ms
2 * * *
^C
mac-pro:~ andy$