changed LTE router, now heavy delay, but down/up Speed is fine
-
The rules are generally used to allow traffic in. I've never seen a rule to allow IPv6 to be used on a LAN. So, then perhaps someone has created a rule they shouldn't have.
-
The default ruleset has an allow rule for IPv6 on LAN.
If that has been removed or disabled but LAN is still handing out v6 IPs to clients this is exactly what you'll see.
I've done it myself and spent time troubleshooting it.
Steve
-
I don't have LAN anything in my rules, yet IPv6 works fine. In addtion to my main LAN, I have a test LAN, a VLAN and OpenVPN, all using IPv6.
-
Well you certainly have some rule passing IPv6 traffic or it would be blocked.
-
I have rules that allow specific destinations, just not the entire LAN.
-
You see this is a rule on the LAN to allow clients to connect out using IPv6 rule right? Nothing to do with LAN as a destination.
-
The word "LAN" appears nowhere in my rules. I do have a * with destination WAN for IPv6.
-
You will probably need to show your rules.
-
Hello,
thank you ... I changed the WAN Interface from static to dhcp, because I get a static IP from my provider. Maybe because of this the gateways are not correct?
Here are some screenshots:
-
-
It looks like it's not pulling a gateway via DHCP. But I assume, since you have redacted it, that is is pulling an IP address?
Is the gateway outside the WAN subnet perhaps?
Steve
-
Wouldn't a bad or no gateway address cause complete failure, rather than just slow?
-
I would think so, yes. But I assumed the change to dhcp might have broken everything.
Though there are 900 states and it appears able to check for updates....
-
Hello,
the gateway by DHCP are ok:
So how could I fix it in "Status/Gateway" ?
-
First thing I would do is restart the dpinger service if you have not already.
Then check the system and gateways log for errors.
Steve
-
Hello,
I already restarted pfSense.
-
I delete the static Gateway and the DHCP Gateway seems ok. The Gateway is not ping able ... so he show "Offline"
-
Ok, then change the gateway monitor target to something external that does respond to ping.
https://docs.netgate.com/pfsense/en/latest/book/routing/gateway-settings.html#monitor-ip
Steve
-
ok, thank you. use 1.1.1.1
Its now showing online
-
Keep in mind that 1.1.1.1's primary goal is harvesting your DNS requests. Not replying on your ICMP requests, so if they (1.1.1.1) decide to stop doing that, for example for bandwidth reasons, your WAN could get marked as offline.
