DHCPV6 stuff getting blocked.

  • Hello

    I could really need some help here, i cant reach some of my servers with a dhcp6 assigned ip but static works just fine.

    C:\Users\Andreas>telnet proxmox.xxx.xxx8006
    Opretter forbindelse til proxmox.xxx.xxx...
    C:\Users\Andreas>nslookup netgate.com xxxx:xxxx:de0f::10
    Server:  UnKnown
    Address:  xxxx:xxxx:de0f::10
    Non-authoritative answer:
    Name:    netgate.com
    Addresses:  2610:160:11:11::84
    C:\Users\Andreas>telnet xxxx:xxxx:de0f::10 53
    Opretter forbindelse til xxxx:xxxx:de0f::10...Der kunne ikke oprettes forbindelse til værten, på port 53: Forbindelsen blev ikke oprettet.

    0_1537563623168_ipv6 blocked.png

    but if i use a static ipv6 everything is fine

    also this is a HE.net Tunnel

  • I think it has something to do with Link local address


  • I got a guess

    It´s because i set my other servers with a static IPV6, and that do not work with router advertisements when the client is trying to reach it.

    i can do a nslookup from my pc to pfsense on port 53

    So the good question is can i get this to work with a static ip on the servers or should i just use DHCP for them?

    just tested, works fine if the servers ip is assigned via dhcp

  • Is this forum dead?

  • No, but you really haven't provided us much to work with. I use SLAAC here and it works fine.

  • LAYER 8 Netgate

    DHCPv6 works fine too.

    How did you configure the DHCPv6 Server for that interface?

    What are your settings in Router Advertisements for that interface?

  • Hello

    Im using Router Mode Managed

    and the servers is configured with static ip and the GW is the pfsense Ipv6 LAN IP

    i just put in my range in the DHCPV6 tap

  • Have you used Wireshark or Packet Capture to see what DHCPv6 traffic there is? And relevant details of those packets?

  • Some versions of Windows won't work with DHCPv6 unless a registry key is changed (as I've learned the hard way).

    Also, we need to see your DHCPv6 config and RA config. IIRC, DHCPv6 should be handing out a list of available DNS servers when in Managed Mode.

    Also.... DHCPv6 listens on UDP port 547, so the telnet test is not correct. Nslookup is the correct way to test if a DNS server is working.

  • I have a similar situation here, running 2.4.4 on bare metal and my firewall log is giving me this:

    Oct  8 17:29:27 fw2-hvk filterlog: 145,,,11000,ixl0.504,match,block,in,6,0x00,0x0f7c6,1,UDP,17,114,fe80::16cc:20ff:fe94:3f97,ff02::1:2,546,547,114
    2.4.4-RELEASE (amd64)
    built on Thu Sep 20 09:03:12 EDT 2018
    FreeBSD 11.2-RELEASE-p3

    I'm running CARP while this machine is master.

    I deactivated all rules that have IPv6 in it for that given interface. Requests still being blocked. I deactivated Block Bogon for that interface. Problem persists.
    I have no floating rule whatsoever and I really don't know why that is being blocked. I need DHCPv6 for prefix delegation. SLAAC works fine. IIRC it used to work under 2.4.3.

    After some time of testing I created an explicit rule that allows traffic type UDP to port 547 to the firewall. Eversince then DHCPv6 returned to normal again. I don't think this should be necessary, right?

    You can find further logs in the attached file. The Forum wouldn't let me embed it. It got marked as SPAM then.0_1539096402880_pfsense_attachment.txt

Log in to reply