IPV6 not working on pfSense but does on opnsense
-
Please see screens here: https://imgur.com/a/SIpDBch
My ISP is Sky Fibre and they provide IPV6 addresses with a 56 bit delegation though DHCP6.
With a few google searches I was able to get the basics setup on pfSense but IPV6 was never fully working. I can get an IPV6 address on the LAN interface but nothing goes through it or even ping from the router.
To eliminate hardware issues I tried opnsense with the same setup and it did route IPV6.
Do you have any ideas for getting pfSense working also?
Thanks
-
Does ping work specifically from the WAN Interface? If it does, did you reboot the machine once? That fixed that issue for me personally, since I did not get out of my LAN, but specifically pinging from the WAN Interface did work.
If it doesn't did you try deselecting "Only request a prefix, not an address"?
-
What are your LAN firewall rules?
What does
netstat -rn6
show?Do you know you need things like Do not wait for RA with this ISP?
-
@flynn No, it wouldn't ping from any interface selection. However I have got it to work by deselecting "Only request a prefix, not an address". The trouble is there are a lot of dhcp6c log entries generated https://imgur.com/a/oPnlILj which indicates it is not entirely correct.
-
Lan rules are left as default ![alt text]:(https://i.imgur.com/N9UbhDD.png)
Routing table is like so:
[2.4.5-DEVELOPMENT][root@pfSense]/root: netstat -rn6 Routing tables Internet6: Destination Gateway Flags Netif Expire default fe80::21d:aaff:fe92:775c%hn0 UGS hn0 ::1 link#2 UH lo0 2a02:c7f:a422:4300::/64 link#6 U hn1 2a02:c7f:a422:4300:215:5dff:fe01:20c link#6 UHS lo0 fe80::21d:aaff:fe92:775c fe80::21d:aaff:fe92:775c%hn0 UGHS hn0 fe80::%lo0/64 link#2 U lo0 fe80::1%lo0 link#2 UHS lo0 fe80::%hn0/64 link#5 U hn0 fe80::215:5dff:fe01:20a%hn0 link#5 UHS lo0 fe80::%hn1/64 link#6 U hn1 fe80::1:1%hn1 link#6 UHS lo0
As for "Do not wait for RA", the Sky Fibre is well known for requiring that. Deselecting it in opnsense (named "Directly send SOLICIT") breaks IPV6 completely.
-
@norffc So are you now able to get out from the LAN Interface as well? If yes, you should change some other setting and see if that changes anything.
Did you turn off the debugging option and see if that makes any difference? (I don't know what that does, maybe that's the issue)
I had to basically use trial and error with my ISP to get it to work, since their support was beyond useless. At one point it was suggested that the ISP does not provide the IPv6 addresses for my network and I would have to use local addresses (I guess the guy from "support" thought that IPv6 topology is still the same as it was with IPv4...).
-
Do you think this line in the ipv6 routing table could be causing my problems?
What would have caused it to be created, and is there any way to prevent it?
Thanks -
looks fine to me.
can you
ping6 fe80::21d:aaff:fe92:775c%hn1
from the shell??? -
yes, ping 6 working fine.
[2.4.4-RELEASE][admin@pfSense]/root: ping6 fe80::21d:aaff:fe92:775c%hn1 PING6(56=40+8+8 bytes) fe80::215:5dff:fe01:20c%hn1 --> fe80::21d:aaff:fe92:775c%hn1 16 bytes from fe80::21d:aaff:fe92:775c%hn1, icmp_seq=0 hlim=255 time=0.755 ms 16 bytes from fe80::21d:aaff:fe92:775c%hn1, icmp_seq=1 hlim=255 time=0.739 ms 16 bytes from fe80::21d:aaff:fe92:775c%hn1, icmp_seq=2 hlim=255 time=3.010 ms 16 bytes from fe80::21d:aaff:fe92:775c%hn1, icmp_seq=3 hlim=255 time=1.028 ms 16 bytes from fe80::21d:aaff:fe92:775c%hn1, icmp_seq=4 hlim=255 time=0.840 ms 16 bytes from fe80::21d:aaff:fe92:775c%hn1, icmp_seq=5 hlim=255 time=1.603 ms