IPV6 not working on pfSense but does on opnsense



  • Please see screens here: https://imgur.com/a/SIpDBch

    My ISP is Sky Fibre and they provide IPV6 addresses with a 56 bit delegation though DHCP6.

    With a few google searches I was able to get the basics setup on pfSense but IPV6 was never fully working. I can get an IPV6 address on the LAN interface but nothing goes through it or even ping from the router.

    To eliminate hardware issues I tried opnsense with the same setup and it did route IPV6.

    Do you have any ideas for getting pfSense working also?

    Thanks



  • Does ping work specifically from the WAN Interface? If it does, did you reboot the machine once? That fixed that issue for me personally, since I did not get out of my LAN, but specifically pinging from the WAN Interface did work.

    If it doesn't did you try deselecting "Only request a prefix, not an address"?


  • LAYER 8 Netgate

    What are your LAN firewall rules?

    What does netstat -rn6 show?

    Do you know you need things like Do not wait for RA with this ISP?



  • @flynn No, it wouldn't ping from any interface selection. However I have got it to work by deselecting "Only request a prefix, not an address". The trouble is there are a lot of dhcp6c log entries generated https://imgur.com/a/oPnlILj which indicates it is not entirely correct.



  • @derelict

    Lan rules are left as default ![alt text]:(https://i.imgur.com/N9UbhDD.png)

    Routing table is like so:

    [2.4.5-DEVELOPMENT][root@pfSense]/root: netstat -rn6
    Routing tables
    
    Internet6:
    Destination                       Gateway                       Flags     Netif Expire
    default                           fe80::21d:aaff:fe92:775c%hn0  UGS         hn0
    ::1                               link#2                        UH          lo0
    2a02:c7f:a422:4300::/64           link#6                        U           hn1
    2a02:c7f:a422:4300:215:5dff:fe01:20c link#6                     UHS         lo0
    fe80::21d:aaff:fe92:775c          fe80::21d:aaff:fe92:775c%hn0  UGHS        hn0
    fe80::%lo0/64                     link#2                        U           lo0
    fe80::1%lo0                       link#2                        UHS         lo0
    fe80::%hn0/64                     link#5                        U           hn0
    fe80::215:5dff:fe01:20a%hn0       link#5                        UHS         lo0
    fe80::%hn1/64                     link#6                        U           hn1
    fe80::1:1%hn1                     link#6                        UHS         lo0
    
    

    As for "Do not wait for RA", the Sky Fibre is well known for requiring that. Deselecting it in opnsense (named "Directly send SOLICIT") breaks IPV6 completely.



  • @norffc So are you now able to get out from the LAN Interface as well? If yes, you should change some other setting and see if that changes anything.

    Did you turn off the debugging option and see if that makes any difference? (I don't know what that does, maybe that's the issue)

    I had to basically use trial and error with my ISP to get it to work, since their support was beyond useless. At one point it was suggested that the ISP does not provide the IPv6 addresses for my network and I would have to use local addresses (I guess the guy from "support" thought that IPv6 topology is still the same as it was with IPv4...).



  • 0_1549054954704_6d3c3373-6b16-45b7-a080-f9dd066f2b7b-image.png

    Do you think this line in the ipv6 routing table could be causing my problems?
    What would have caused it to be created, and is there any way to prevent it?
    Thanks


  • LAYER 8 Netgate

    looks fine to me.

    can you ping6 fe80::21d:aaff:fe92:775c%hn1 from the shell???



  • @derelict

    yes, ping 6 working fine.

    [2.4.4-RELEASE][admin@pfSense]/root: ping6 fe80::21d:aaff:fe92:775c%hn1
    PING6(56=40+8+8 bytes) fe80::215:5dff:fe01:20c%hn1 --> fe80::21d:aaff:fe92:775c%hn1
    16 bytes from fe80::21d:aaff:fe92:775c%hn1, icmp_seq=0 hlim=255 time=0.755 ms
    16 bytes from fe80::21d:aaff:fe92:775c%hn1, icmp_seq=1 hlim=255 time=0.739 ms
    16 bytes from fe80::21d:aaff:fe92:775c%hn1, icmp_seq=2 hlim=255 time=3.010 ms
    16 bytes from fe80::21d:aaff:fe92:775c%hn1, icmp_seq=3 hlim=255 time=1.028 ms
    16 bytes from fe80::21d:aaff:fe92:775c%hn1, icmp_seq=4 hlim=255 time=0.840 ms
    16 bytes from fe80::21d:aaff:fe92:775c%hn1, icmp_seq=5 hlim=255 time=1.603 ms
    

Log in to reply