Kernel cannot forward src



  • pfSense 2.4.4 and previous versions on ESXi home lab.
    Configured DualstackWAN IPv4+IPv6 via Tunnelbroker with MultiWAN in failover mode (no balancing).
    In general system log I see many errors:
    Kernel - cannot forward src fe80:3::1111:2222:3333:, dst 2a02:1111:2222::3333:4444, nxt 6, rcvif vmx2, outif gif1

    VMX2 is LAN and GIF1 is tunnel brocker interface.
    Point in that src and destination from one error to another are changing and Main problem:
    I don't have IPs fe80:3::1111:2222:3333 in LAN for every case, but I have IPs fe80::1111:2222:3333 for each of them, how it can bee? pfSense add :3:: after fe80 don't get why.


  • Rebel Alliance Developer Netgate

    Some client is incorrectly attempting to send traffic from a link-local address to a remote destination. You can't do that, so it gets dropped and logged.

    fe80::/10 link local traffic can't leave its segment.

    pfSense may not list that address since it's only on the local segment. It's an address that a device would assign to itself. The :3: would not come from pfSense, that may be a different interface on the client.