Neighbor Solicitation is lost via NPt
-
So, I've got an NPt going to route IPv6 ULA to /64 block available on WAN from ISP gateway. Using packet capture I see that outbound traffic correctly gets translated from private to public scope, but no ping replies get back. Instead I see that ISP gateway is attempting to Solicit a neighbor information for the public IPv6 from which the ping request has came in, but solicitation does not itself get translated back to LAN's ULA scope or show up on the packet capture of the LAN interface.
How can I handle neighbor solicitations with NPt?
Alas I cannot route the entire / dedicated /64 block to the pfsense, nor does Protocol 41 (IPv6 over v4) gets back to the DMZ host (pfsense). Gateway does not come with an option of a bridge mode, so NPt is my current, best, hope.
-
I now realize that the solicitations may also be missing because they are sent with Hop limit of 255, meaning that the router drops them? Not quite sure if I understood this correctly or the best way to rebroadcast them on the lan.
-
You appear to be trying to configure an unsupported role. The /64 for NPt must be routed to pfSense. If the upstream expects it to respond to NDP on the WAN segment, that cannot work. pfSense does not support the concept of proxying NDP requests.
If you have a handful of static addresses on the inside, you could setup IP alias VIPs on the WAN for those, but automatic assignment wouldn't be possible.
