Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DHCPV6 stuff getting blocked.

    IPv6
    5
    10
    522
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      monster4000 last edited by monster4000

      Hello

      I could really need some help here, i cant reach some of my servers with a dhcp6 assigned ip but static works just fine.

      C:\Users\Andreas>telnet proxmox.xxx.xxx8006
      Opretter forbindelse til proxmox.xxx.xxx...
      
      
      C:\Users\Andreas>nslookup netgate.com xxxx:xxxx:de0f::10
      Server:  UnKnown
      Address:  xxxx:xxxx:de0f::10
      
      Non-authoritative answer:
      Name:    netgate.com
      Addresses:  2610:160:11:11::84
                208.123.73.84
      
      
      C:\Users\Andreas>telnet xxxx:xxxx:de0f::10 53
      Opretter forbindelse til xxxx:xxxx:de0f::10...Der kunne ikke oprettes forbindelse til værten, på port 53: Forbindelsen blev ikke oprettet.
      

      0_1537563623168_ipv6 blocked.png

      but if i use a static ipv6 everything is fine

      also this is a HE.net Tunnel

      1 Reply Last reply Reply Quote 0
      • M
        monster4000 last edited by

        I think it has something to do with Link local address

        0_1537568619275_3035691fc26b443ef7c7dbb7eb3b731d.png

        1 Reply Last reply Reply Quote 0
        • M
          monster4000 last edited by monster4000

          I got a guess

          It´s because i set my other servers with a static IPV6, and that do not work with router advertisements when the client is trying to reach it.

          i can do a nslookup from my pc to pfsense on port 53

          So the good question is can i get this to work with a static ip on the servers or should i just use DHCP for them?

          just tested, works fine if the servers ip is assigned via dhcp

          1 Reply Last reply Reply Quote 0
          • M
            monster4000 last edited by

            Is this forum dead?

            1 Reply Last reply Reply Quote 0
            • JKnott
              JKnott last edited by

              No, but you really haven't provided us much to work with. I use SLAAC here and it works fine.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 64 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                DHCPv6 works fine too.

                How did you configure the DHCPv6 Server for that interface?

                What are your settings in Router Advertisements for that interface?

                Chattanooga, Tennessee, USA
                The pfSense Book is free of charge!
                DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • M
                  monster4000 last edited by monster4000

                  Hello

                  Im using Router Mode Managed

                  and the servers is configured with static ip and the GW is the pfsense Ipv6 LAN IP

                  i just put in my range in the DHCPV6 tap

                  1 Reply Last reply Reply Quote 0
                  • JKnott
                    JKnott last edited by

                    Have you used Wireshark or Packet Capture to see what DHCPv6 traffic there is? And relevant details of those packets?

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 64 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    1 Reply Last reply Reply Quote 0
                    • M
                      msf2000 last edited by

                      Some versions of Windows won't work with DHCPv6 unless a registry key is changed (as I've learned the hard way).

                      Also, we need to see your DHCPv6 config and RA config. IIRC, DHCPv6 should be handing out a list of available DNS servers when in Managed Mode.

                      Also.... DHCPv6 listens on UDP port 547, so the telnet test is not correct. Nslookup is the correct way to test if a DNS server is working.
                      https://en.wikipedia.org/wiki/DHCPv6

                      1 Reply Last reply Reply Quote 0
                      • junicast
                        junicast last edited by junicast

                        I have a similar situation here, running 2.4.4 on bare metal and my firewall log is giving me this:

                        Oct  8 17:29:27 fw2-hvk filterlog: 145,,,11000,ixl0.504,match,block,in,6,0x00,0x0f7c6,1,UDP,17,114,fe80::16cc:20ff:fe94:3f97,ff02::1:2,546,547,114
                        
                        2.4.4-RELEASE (amd64)
                        built on Thu Sep 20 09:03:12 EDT 2018
                        FreeBSD 11.2-RELEASE-p3
                        

                        I'm running CARP while this machine is master.

                        I deactivated all rules that have IPv6 in it for that given interface. Requests still being blocked. I deactivated Block Bogon for that interface. Problem persists.
                        I have no floating rule whatsoever and I really don't know why that is being blocked. I need DHCPv6 for prefix delegation. SLAAC works fine. IIRC it used to work under 2.4.3.

                        After some time of testing I created an explicit rule that allows traffic type UDP to port 547 to the firewall. Eversince then DHCPv6 returned to normal again. I don't think this should be necessary, right?

                        You can find further logs in the attached file. The Forum wouldn't let me embed it. It got marked as SPAM then.0_1539096402880_pfsense_attachment.txt

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post