• Hello! I recently decided to setup IPv6 via an HE tunnel in my lab. My lab is connected as follows

    [pfLabA] <---> [pfLabB]
       |              |
       ---------  [US-16-XG]  -------- Internet (VLAN)
                      \/
                [Other Devices]
    

    I'm having an issue with ICMPv6 of some kind. My internet comes in to my switch on a VLAN to be piped to the two firewalls. The two firewalls are in an HA pair. The LAN is then a different VLAN back through the switch. When I setup my HE tunnel, I got my /64 configured on my LAN and setup DHCPv6/RA (Stateless DHCP). Almost immediately, all my devices got an IPv6 address and Internet access with it. Great! My next step was to go through and assign static IPv6 address to my devices that are easier to remember. When assigning IPs, I didn't assign a gateway b/c I want them to select a default gateway via High priority and Low priority RAs. About a day after I assign statics to all my devices, they loose their auto configured IPs and their default routes. Ok, I think. They need a static gateway. I go to my firewalls and create a CARP IPv6 address. The CARP address then shows up as master on both of my routers. At this point, I believe that there is something wrong with ICMPv6 on my LAN. I can ping between devices on the same network and if I static assign one of my routers' LAN IPs as a gateway I can ping Internet IPv6 addresses. What should I be looking at first?


  • Solution: Looks like two separate issues. I figured out the RA issue which was my preferred solution so I won't look into the other. I left the DNS server section of the RA config blank so that if would use the system DNS servers. I had 4 DNS servers configured and it looks like the RA server will only start with 3 or less. I manually configured just two servers and restarted the service and everything worked. I figured this out by running:

    /usr/local/sbin/radvd -C /var/etc/radvd.conf -mstderr -n
    

  • @mecjay12 here my SA Issue:

    [2.4.5-RELEASE][admin@routeme.local.lan]/root: /usr/local/sbin/radvd -C /var/etc/radvd.conf -mstderr -n
    [Dec 07 07:57:20] radvd (90698): version 2.18 started
    /var/etc/radvd.conf:9 error: syntax error
    [Dec 07 07:57:20] radvd (90698): exiting, failed to read config file


  • @kaj here the begin of the config file: /usr/local/sbin/radvd:

    Automatically Generated, do not edit

    Generated for DHCPv6 Server opt1

    interface lagg0 {
    AdvSendAdvert on;
    MinRtrAdvInterval 5;
    MaxRtrAdvInterval 20;
    AdvLinkMTU 1500;
    AdvDefaultPreference low;
    prefix ::101:101/128 {
    DeprecatePrefix on;
    AdvOnLink on;
    AdvAutonomous on;
    AdvRouterAddr on;
    AdvValidLifetime 86400;
    AdvPreferredLifetime 14400;
    };
    route ::/0 {
    AdvRoutePreference low;
    RemoveRoute on;
    };
    RDNSS ::10.10.10.1 { };
    DNSSL local.lan { };
    };

    in the web IU under router adverticement i use router mode: "unmanaged" without changing anything (default configuration parameters)

    after an update of squidguard and pfblockerng yesterday the radvd service would not start anymore


  • True, line 9 :
    @kaj said in ICMPv6 Trouble?:

    prefix ::101:101/128 {

    is not ok at all.