Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 working but I have to disable gateway monitoring

    Scheduled Pinned Locked Moved IPv6
    36 Posts 6 Posters 4.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JKnottJ
      JKnott @Napsterbater
      last edited by JKnott

      @Napsterbater said in IPv6 working but I have to disable gateway monitoring:

      @JKnott said in IPv6 working but I have to disable gateway monitoring:

      If the next hop is also a link local address, he won't be able to ping it or any other LL address beyond the local link.

      If... Not all devices reply with their LL to ICMP (i.e. traceroute).. Such as pfSense itself. Hence a way to possibly sniff the GUA out.

      Also, further testing shows that /128 is not the next hop as I thought, at least not with my ISP. Regardless, the address can still be used for the monitor. I verified this by connecting my notebook computer directly to the modem and running the ip neigh show command, which lists all addresses on the local link. I didn't see that /128 address.

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @JKnott
        last edited by

        @JKnott

        I may have to give this a bit more thought (need some more beer). The link local address may be on the next hop, but since it's not with the prefix, it will be sent to the router, using it's MAC address. When I get a chance, I'll have to fire up Wireshark, to see what's actually happening. I find the networking tools in BSD to be limiting, compared to Linux.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • chpalmerC
          chpalmer
          last edited by

          Add :1 to the back of your gateway address and monitor that.

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          lohphatL 2 Replies Last reply Reply Quote 0
          • lohphatL
            lohphat @chpalmer
            last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • lohphatL
              lohphat @chpalmer
              last edited by lohphat

              @chpalmer That's essentially what worked but I had to use traceroute to find the correct form of the address to monitor.

              IPv6 Link Local
                  fe80::208:a2ff:fe0d:87ab%mvneta2
              IPv6 Address
                  2604:2000:cfc0:1b:xxxx:yyyy:zzzz:9d5b
              Subnet mask IPv6
                  128
              Gateway IPv6
                  fe80::217:10ff:fe88:285b
              

              The next upstream hop via traceroute was:

              2604:2000:cfc0:1b::1
              

              However I can't be assured that I'll get the same IPv6 assignment after the cablemodem reboot; so a manual gateway monitor assignment, although working now, is not the optimal solution in case I get a different /128 after a CPE reboot or my ISP reassigning address space on their side. There needs to be a bit more intelligence in the DHCP6 code.

              1 Reply Last reply Reply Quote 0
              • chpalmerC
                chpalmer
                last edited by

                @lohphat said in IPv6 working but I have to disable gateway monitoring:

                However I can't be assured that I'll get the same IPv6 assignment after the cablemodem reboot;

                That should not matter.. The address should still only be the same distance away and still monitorable.

                Triggering snowflakes one by one..
                Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                lohphatL 1 Reply Last reply Reply Quote 0
                • lohphatL
                  lohphat @chpalmer
                  last edited by

                  @chpalmer What if my ISP decides to change the local DHCP6 pool to 2604:2000:cfc0:17... then the hop is not longer valid

                  JKnottJ 1 Reply Last reply Reply Quote 0
                  • JKnottJ
                    JKnott @lohphat
                    last edited by

                    @lohphat said in IPv6 working but I have to disable gateway monitoring:

                    @chpalmer What if my ISP decides to change the local DHCP6 pool to 2604:2000:cfc0:17... then the hop is not longer valid

                    Why not use the Google DNS server? That's not likely to change. Also, I doubt they're likely to change the router addresses.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    lohphatL 1 Reply Last reply Reply Quote 0
                    • lohphatL
                      lohphat @JKnott
                      last edited by

                      @JKnott As someone who's run IT ops, it a matter of principle for me. I wouldn't want someone using my resources for unintended purposes. A kludge is a kludge -- the right solution needs priority, so I'll deal with the hand I'm dealt until the DHCP6 code gets a little smarter.

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate @lohphat
                        last edited by

                        @lohphat said in IPv6 working but I have to disable gateway monitoring:

                        @JKnott OK, I'll try that but the original question still stands: why can't the DHCP6 code figure all this out by itself as it can for the DHCP4 WAN interface?
                        I tried forcing the interface and it still doesn't work with the link local address.

                        Is this what is not working for you?

                        Works fine for DHCP6 on Cox.

                        WAN_DHCP6 fe80::d62c:44ff:fe7d:c819 fe80::d62c:44ff:fe7d:c819%igb5 25.051ms 55.226ms 0.0% Online Interface WAN_DHCP6 Gateway

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        lohphatL 1 Reply Last reply Reply Quote 0
                        • lohphatL
                          lohphat @Derelict
                          last edited by

                          @Derelict I think it's a CPE issue not Spectrum, but that's just a guess.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.