Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 routing issues

    Scheduled Pinned Locked Moved IPv6
    12 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jcascante
      last edited by

      About the LAN rules, I have an any any rule through the IPv6 gateway for IPv6 traffic
      3b593b43-6340-4e61-845b-219cfd261869-image.png

      But I'm able only to ping the LAN gateway, when I try to ping, for example, goole IPv6 the following is the result:

      5497cb85-0318-4c52-84d0-27c803a56a1b-image.png

      1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad
        last edited by NogBadTheBad

        Try a packet capture on the WAN interface IPv6 only and filter on the IPv6 address your trying to ping, does traffic exit the WAN interface.

        You should see requests & replies if it's working.

        10:18:21.558373 IP6 2a02:xxxx:xxxx:2::14 > 2a00:1450:4009:800::200e: ICMP6, echo request, seq 0, length 16
        10:18:21.566280 IP6 2a00:1450:4009:800::200e > 2a02:xxxx:xxxx:2::14: ICMP6, echo reply, seq 0, length 16
        10:18:22.559258 IP6 2a02:xxxx:xxxx:2::14 > 2a00:1450:4009:800::200e: ICMP6, echo request, seq 1, length 16
        10:18:22.567319 IP6 2a00:1450:4009:800::200e > 2a02:xxxx:xxxx:2::14: ICMP6, echo reply, seq 1, length 16
        10:18:23.559258 IP6 2a02:xxxx:xxxx:2::14 > 2a00:1450:4009:800::200e: ICMP6, echo request, seq 2, length 16
        10:18:23.567432 IP6 2a00:1450:4009:800::200e > 2a02:xxxx:xxxx:2::14: ICMP6, echo reply, seq 2, length 16
        10:18:24.559257 IP6 2a02:xxxx:xxxx:2::14 > 2a00:1450:4009:800::200e: ICMP6, echo request, seq 3, length 16
        10:18:24.567121 IP6 2a00:1450:4009:800::200e > 2a02:xxxx:xxxx:2::14: ICMP6, echo reply, seq 3, length 16
        10:18:25.560106 IP6 2a02:xxxx:xxxx:2::14 > 2a00:1450:4009:800::200e: ICMP6, echo request, seq 4, length 16
        10:18:25.568160 IP6 2a00:1450:4009:800::200e > 2a02:xxxx:xxxx:2::14: ICMP6, echo reply, seq 4, length 16
        10:18:26.560302 IP6 2a02:xxxx:xxxx:2::14 > 2a00:1450:4009:800::200e: ICMP6, echo request, seq 5, length 16
        10:18:26.568500 IP6 2a00:1450:4009:800::200e > 2a02:xxxx:xxxx:2::14: ICMP6, echo reply, seq 5, length 16

        Why is the gateway set to CNFL_Gateway_IPv6, set it to default.

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • J
          jcascante
          last edited by

          Hello

          Thanks for your response

          I made the packet capture and there is only "echo request" traffic. There is no communication between the LAN and the IPv6 gateway because I tested and I'm able to ping my IPv6 WAN interface.

          03:38:17.994597 IP6 2803:xxxx:3:98:ac43:88d8:1808:602a > 2001:4860:4860::8888: ICMP6, echo request, seq 804, length 40
          03:38:22.758877 IP6 2803:xxxx:3:98:ac43:88d8:1808:602a > 2001:4860:4860::8888: ICMP6, echo request, seq 805, length 40
          03:38:27.759418 IP6 2803:xxxx:3:98:ac43:88d8:1808:602a > 2001:4860:4860::8888: ICMP6, echo request, seq 806, length 40
          03:38:32.779074 IP6 2803:xxxx:3:98:ac43:88d8:1808:602a > 2001:4860:4860::8888: ICMP6, echo request, seq 807, length 40
          03:38:37.762873 IP6 2803:xxxx:3:98:ac43:88d8:1808:602a > 2001:4860:4860::8888: ICMP6, echo request, seq 808, length 40
          03:38:42.759550 IP6 2803:xxxx:3:98:ac43:88d8:1808:602a > 2001:4860:4860::8888: ICMP6, echo request, seq 809, length 40
          03:38:47.759580 IP6 2803:xxxx:3:98:ac43:88d8:1808:602a > 2001:4860:4860::8888: ICMP6, echo request, seq 810, length 40
          03:38:52.772984 IP6 2803:xxxx:3:98:ac43:88d8:1808:602a > 2001:4860:4860::8888: ICMP6, echo request, seq 811, length 40
          03:38:57.759284 IP6 2803:xxxx:3:98:ac43:88d8:1808:602a > 2001:4860:4860::8888: ICMP6, echo request, seq 812, length 40
          03:39:02.758949 IP6 2803:xxxx:3:98:ac43:88d8:1808:602a > 2001:4860:4860::8888: ICMP6, echo request, seq 813, length 40

          About the gateway I changed it to default but there is the same performance, no IPv6 connection from LAN.

          Do you think the issue is on pfSense or maybe is in the ISP side?

          Regards

          JKnottJ 1 Reply Last reply Reply Quote 0
          • NogBadTheBadN
            NogBadTheBad
            last edited by

            @jcascante said in IPv6 routing issues:

            2001:4860:4860::8888

            Try a traceroute on the internet to your IP.

            https://www.ultratools.com/tools/traceRoute6

            Also post your full LAN rules.

            Andy

            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

            1 Reply Last reply Reply Quote 0
            • J
              jcascante
              last edited by

              Sorry for the question but do you mean a traceroute to the IP that I have in my PC or the one configured in interface WAN of pfSense?

              About my LAN rules, there are the following:

              For IPv4 Internet access
              474c14e8-9706-4d58-95d0-e4fe5d9a905b-image.png

              For IPv6 Internet access
              4cfcbb3a-1fb2-4226-a589-12d5c31b3174-image.png

              The other rules is are just for traffic between VLANs in specific ports such as, SSH, RDP, ICMP. This VLAN, the one I'm using that I'm using for testing, doesn't have a deny rule.

              NogBadTheBadN 1 Reply Last reply Reply Quote 0
              • NogBadTheBadN
                NogBadTheBad @jcascante
                last edited by NogBadTheBad

                @jcascante said in IPv6 routing issues:

                Sorry for the question but do you mean a traceroute to the IP that I have in my PC or the one configured in interface WAN of pfSense?

                A local LAN IP and try the WAN after, it could be an issue your ISP.

                I see from a previous post you have multi WAN set up, it could be an issue with that.

                https://forum.netgate.com/topic/131158/ipsec-multi-wan-failover-pfsense-2-4-2-release-p1

                You will need an IPv6 ICMP allow rule on the WAN interface.

                Here's how I have my USER interface set up and it works fine.

                Screenshot 2019-08-15 at 11.15.06.png

                Andy

                1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                J 1 Reply Last reply Reply Quote 0
                • JKnottJ
                  JKnott @jcascante
                  last edited by

                  @jcascante said in IPv6 routing issues:

                  The issue is with the computers behind the pfSense (LAN). I'm not able to ping
                  IPv6 address from the LAN interface.

                  This sounds like a routing issue. I had one a few months ago that turned out to be a problem at the ISP. Use Packet Capture or Wireshark to see what's actually happening. When you ping Google from the LAN, do you see the packets go out? Any reply? If you ping your firewall and computers on the LAN, from another device (I used a computer tethered to my cell phone), do you see them coming to the firewall?

                  PfSense running on Qotom mini PC
                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                  UniFi AC-Lite access point

                  I haven't lost my mind. It's around here...somewhere...

                  J 1 Reply Last reply Reply Quote 0
                  • JKnottJ
                    JKnott @jcascante
                    last edited by

                    @jcascante said in IPv6 routing issues:

                    There is no communication between the LAN and the IPv6 gateway because I tested and I'm able to ping my IPv6 WAN interface.

                    If you're not seeing the LAN pings going out, you have some configuration issue.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    1 Reply Last reply Reply Quote 0
                    • J
                      jcascante @NogBadTheBad
                      last edited by

                      @NogBadTheBad Thanks again for the response.

                      I made the traceroute test and found a routing issue. I'm checking right now with my ISP.

                      I will post a summary of the issue once this is resolved.

                      1 Reply Last reply Reply Quote 0
                      • J
                        jcascante @JKnott
                        last edited by

                        @JKnott Hi, thanks for your response. I'm checking right now the issue with my ISP, seems there are some missing routes that are causing this behavior.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.