Access webConfigurator via link-local IPv6?
-
Hi guys
I've got native IPv6 and have my LAN set to Track. ISP gives me a /56 and I have the first /64 assigned to my LAN. So all is fine there and I can access the pfSense GUI at e.g. https://[2604:2000:xxxx:xxxx:xxxx:a2ff:fe0a:zzzz]. But if that WAN goes down, the IPv6 gets removed from the LAN interface, and the webGUI becomes unavailable (have to switch to IPv4). I tried to instead browse to the link-local IP which should always be there regardless of WAN status, but it doesn't work- https://[fe80::1:1%igb0] just gives me an error (tried Chrome, Safari, Firefox…)
Does anyone know if this is possible to do? Is nginx even listening on this address? Is this even a thing? thanks
https://msdn.microsoft.com/en-us/library/windows/desktop/ms740593(v=vs.85).aspx -
Sadly the problem is that IPv6 link-local IPv6 addresses must include a scope when used, like you show ending in %igb0 (but using your client PC's network card name!), but browsers have decided that figuring out scoped addresses is too hard and they won't make it work.
https://bugs.chromium.org/p/chromium/issues/detail?id=70762
https://bugzilla.mozilla.org/show_bug.cgi?id=700999I spent some time testing it out a while back, I could not get any current browser to work with it.
The daemon is bound there, and responds when queried. From a command prompt I can hit the port with nc, and I can ssh to the box using the scoped address.
The problem is entirely the browser.
-
Gotcha, thank you for the great explanation. It confirms what I thought but I wanted to be sure. I submitted PR#3636 yesterday to at least partially work around the "issue".
-
Why are you using %igb0? For that to work you'd need a BSD GUI desktop with an Intel NIC. If you're on Linux or Windows %igb0 is wrong.
-
Why are you using %igb0? For that to work you'd need a BSD GUI desktop with an Intel NIC. If you're on Linux or Windows %igb0 is wrong.
Yes, I'd tried %en0 and %en1 as well. No luck.
-
It just has to match whatever the name of the network card is. On Linux I can use %eth0 and it works for other things (ping, ssh, etc), on Mac %en0 works, on Windows %0 works if it's the first nic (second would be %1 and so on)
That doesn't matter to browsers since they won't properly interpret the scoped URL.
I did forget one thing, but it's kind of useless. There is one browser that does work with scoped URLs. The text-only console browser, Links.
-
That tangent had nothing to do with this thread topic so I split it off.
-
As mentioned, browsers don't work with link local IPv6 addresses. What I do when I don't have an IPv6 address is just manually enter the IPv4 address. It's easy enough to remember 172.16.1.1.
BTW, that's a secret address, so don't tell anyone. ;)
-
If you only have IPv6 or want to use fe80::1:1, You could also ssh to the link-local address and use an ssh forward and load up localhost:443
