Update
-
-
If ping to an external address fails, but is OK to a local address, then you have a routing problem.
-
I just got home from work and decided to undo everything (go back to ipv4), reboot pfsense, set up ipv6 again (using dhcpv6 and RAs on the LAN), reboot again, then reboot the PCs. Now everything works. Will see if it persists over an hour or so).
I do have a few questions I hope you can indulge me on so I get a better understanding of what certain configs mean.
-
Using DHCPv6 and RAs. As implied, that functions much like traditional ipv4. But what is the alternative? Without those settings I only had a link-local address on the LAN side with no routes.
-
When performing external ipv6 testing (using https://test-ipv6.com/), I only get a 9/10 as teh testing states that the test is unable to reach ipv6-only DNS servers. I know it's not a problem and I realize that A and AAAA records can come from any DNS server that responds, but was wondering if there is anything else I should change to adjust that.
While typing up the email, I see my V6 WAN IP is now pending instead of Online (it was online). Did I miss another setting somewhere?? At the PC layer, things still work (ping and web traffic) and from pfsense, I can ping ipv6 addresses.
Thanks!!
Shawn -
-
that the test is unable to reach ipv6-only DNS
Might be a minor issue, as I see also often (technical support page - right top corner) :
Site(s) with failed connectivity Site Failed URL ........ https: https://ipv6.test-ipv6-vm3.comcast.net/images-nc/knob_green.png?&testdomain=test-ipv6.com&testname=sites&testdomain=test-ipv6.com&testname=sites(hint : there is a 'comcast' in there)
Your hiding a local IP .... like 192.168.1.1 ;)
This IP, what is it ?
What about using gateway and it's real IPv6 ? -
I understand that the LL address is technically the local address but just being cautious. But, I am unsure why the WAN_DHCP6 address is a LL and not a real address.
The failing address I have says it's a different URL:
But was only curious as to why it was flagged in the technical details.
So far everything still works, just not sure why the gateway address is a LL address versus a real IP.
-
But, I am unsure why the WAN_DHCP6 address is a LL and not a real address.
Link local addresses are used a lot in IPv6. For example, routers are often connected to via the link local address. Given a DHCP request doesn't have to leave the local network, there's no need for a "real" address.
-
Just surprised that comcast uses a link local address when they are giving out huge subnets for ipv6.
-
I'm on Rogers and they do the same thing. The point to remember is that a device only needs to know how to reach the next hop. A link local address is fine for that. In fact, on a point to point connection, you only need the interface that connects to the next hop. No need for any address then.
Also, by using link local, you're not wasting a precious global address.
Seriously, this is one of the areas where IPv6 differs from IPv4, in that link local addresses are used extensively, including for next hop routers. Part of this is security. By using a link local address, things like router advertisements can't come from anywhere else beyond the router. Another security feature is the hop limit is set to 255, which also makes it impossible for a packet to come from beyond the local LAN.
-
Just surprised that comcast uses a link local address when they are giving out huge subnets for ipv6.
And it gets even better : when I connect my (i)Phone to my Wifi, it obtains (creates ?) 2 or more fe80..... local links, and one or two real routable IPv6.
So this is DHCPv6 - as I'm using a local LAN DHCPv6server, assusted, RA - and some SLAAC (known as bad ?) happening in the background ? -
While I haven't seen 2 link local addresses in a device with only 1 interface, multiple routeable addresses are common. For example, this computer, once it's been up for a week, will have a total of 16 routeable addresses, 8 global and 8 unique local. Of those, one of each is consistent and MAC based and the others are privacy addresses, of which I get new ones every day, with them expiring after 7 days.
