Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WebGUI slow on IPv6 on WAN

    Scheduled Pinned Locked Moved
    webGUI
    ipv6 gui access slow speed wan wan on vlan
    2
    4
    827
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kalledk
      last edited by

      Hi

      I got an APU2D4 with pfSense my ISP gives me a single public ipv4 via dhcp, an ipv6 address via dhcp, and a /48 ipv6 net delegated, all this on vlan 101 on the wan interface.

      If I connect to the gui from LAN on the ipv4 / ipv6, then all is fine. If I connect to the gui from the wan side, then the ipv4 is fine, but the ipv6 is really slow. If I connect from outside to one of the ipv6 delegated ip's that is on a server, then no problem , so routing the ipv6 is no problem. Connecting to the ipv6 adresse from inside is no problem, only from outside. Connecting to ssh via ipv6 from outside is no problem, only the webgui. And again if i tried to use the ipv4 from outside, no problem... So its only the combination of Outside + webgui + ipv6 that seems to trigger it. Problem is both on https and http.

      What the problems seems to boil down to is... If you are on the outside, and connect to the webGui on any ipv6 adresses, then the webpage is slow.

      I did a packetcapture on the pfsense, and what I saw was that every requests (tcp) that my browser did, would only get a response upto a second later. So the delay is not in retransmit, but simply in waiting for something internally to response to the requests

      Seconds
      0.0 REQ ->
      1.0 RESP <-
      1.1 REQ ->
      1.9 RESP <-
      2.0 REQ ->
      3.2 RESP <-

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        Check if the DNS works as well for IPv4 as for IPv6.
        falling back from IPv6 to IPv4 because the latter isn't working will introduce delays.
        Btw : I admit I'm not sure if it is a DNS issue.

        Also : accessing the web GUI from WAN ? That's, normally, a non-issue as you shouldn't even do that ;)
        Use a VPN if you have to access the WebGUI from the outside.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        K 1 Reply Last reply Reply Quote 0
        • K
          kalledk @Gertjan
          last edited by

          Hi

          Pretty sure it's not dns, as that problem should be the same when I try it from the inside.

          From test-ipv6.com
          ---|----
          Test with IPv4 DNS record | ok (0.130s) using ipv4
          Test with IPv6 DNS record | ok (0.108s) using ipv6
          Test with Dual Stack DNS record | ok (0.106s) using ipv6
          Test for Dual Stack DNS and large packet | ok (0.091s) using ipv6
          Test IPv6 large packet | ok (0.061s) using ipv6
          Test if your ISP's DNS server uses IPv6 | ok (0.107s) using ipv6
          Find IPv4 Service Provider | ok (0.017s) using ipv4 ASN 203953
          Find IPv6 Service Provider | ok (0.065s) using ipv6 ASN 203953

          I know that you shouldn't connect directly to WAN, but im pretty sure that https + firewall rules so only a few ipv6 adresses can reach it, is okay for a home user :)

          None the less, if it's a bug it should be fixed :)

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by Gertjan

            I tested my IPv6 access :

            I introduced a firewall rule on my HENET interface :

            32f30acb-b7d8-476a-bfd3-d69a3821dc1a-image.png

            I have a DNS record that point's to my WAN IPv4, not my WAN IPv6, so I had to use my IPv6 WAN IP to connect to the GUI.
            I had a cert warning from my browser, of course.

            But the access worked well :

            63a2eab4-54c2-4efa-9ef7-04825ab0f777-image.png

            "Well" means for me : knowing that my IPv6 is using a tunnel to tunnel.ne.net (Huricane IPv6 ISP) the speed was somewhat limited, about 10 Mbytes /sec.
            I could browse the entire pfSense GUI very well, no hick-ups ....

            edit : I'll leave the IPv6 access open for a while.
            PM me, and I can even send you an 'access' so you can test drive yourself.
            That is, if you promise not to change something, as this is a "live' environment ;)

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • First post
              Last post