[Solved] Unable to ping pfSense's LAN interface on IPv6
-
My RA is currently set to Assisted. Should I switch it to managed?
On another note: I can't seem to establish an IPv6 connection to the outside world. My LAN rules are correct (they allow all IPv6 traffic), and the only thing I can ping is HE's IPv6 address. Is this a DNS issue?
Edit: Probably not a DNS issue. I don't know what it is, though.
-
Which HE ipv6 address are you pinging?
What would dns have to do with pinging? Are you saying you can not resolve an IPv6 address? Do a ipv6 traceroute.. So see attached examples from my windows box..
So I can resolve ipv6 stuff, it resolves via using my ipv6 address of pfsense on the lan.
I can ping ipv6 stuff on the internet
Trace shows that it hits my pfsense lan IPv6, it then hits the other end of the tunnel with HE. And then internet ipv6 until it gets to the target. Those are 2 different networks in the first 2 hops.. I can PM them too you if you want to see, but didn't want to post those public since they are global ipv6 addresses (ie public)As to your RA.. if your going to want to run a dhcp server and you don't want autoconfig ipv6 then yeah you would set it to managed not assisted. Or if your just want to get ipv6 up and running with playing with all the fun that is RA and DHCPv6 at a later time just turn off RA and dhcp6 and setup statics so you have validated your ipv6 traffic is working and going through the tunnel, etc.. Then you can start playing with using dhcpv6 and RA stuff. Happy to turn it on and provide assistance, but its just easier to use static for how I currently use ipv6. For example my windows machine wasn't even using ipv6 until I needed to show you a trace and ping, etc. I just enabled it remotely for that post.. Then I will turn it back off ;)
-
-
yeah doesn't look like your tunnel is working. You seem to be able to hit your pfsense box.. But then not going out the tunnel. And you seem to be defaulting to using dns via ipv4 and don't even have a PTR setup.. Is that your Windows dns box - you need to setup a reverse zone for your 10.1.1 network so your client can resolve the PTR it does when you use nslookup.
Does pfsense show your tunnel up?
-
Yeah, the pfSense box shows that my tunnel is reachable (20ms). My DNS servers are 10.1.1.1 and 10.1.1.2. I fixed the PTR records. Should I run it again?
-
what are you gateways setup like and your lan rules - your not forcing out a specific gateway are you?
-
Not that I know of… (http://i.imgur.com/gFQDAgH.png) (http://i.imgur.com/DqdWouD.png)
-
http://i.imgur.com/peLYol7.png
(test-ipv6.com) -
So this was weird… I rebooted the router, and rebooted my PC.
http://i.imgur.com/ckElooZ.png
It works!
I have no idea what changed, but it works now.Thanks for your help, it means a lot :)
-
@tomsparklabs said in [Solved] Unable to ping pfSense's LAN interface on IPv6:
rebooted the router
Hmm, thanks from the future...I set up an HE tunnel tonight and though the router could get out over IPv6, and PCs got IPv6 addresses, I found the PCs could not ping the router, dig to pfSense DNS over IPv6 to the LAN IPv6 was blocked by the default block firewall rule despite already having a LAN IPv6 to any rule, and new rules I added for DNS.
Restarting pfSense (2.5.1) got IPv6 working fine from the PCs.
Oddly https://test-ipv6.com/ worked...I guess over IPv4? But it showed IPv6 working, 10/10.