• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Windows Device gets multiple IPv6 gateways from RA

Scheduled Pinned Locked Moved IPv6
8 Posts 2 Posters 1.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    lufu83
    last edited by Jan 30, 2021, 1:15 AM

    Hello everyone,

    my Windows 10 clients are getting IPv6 addresses from LAN and DMZ when Router Advertisement is set to unmanaged in pfsense, even tough they are only connected to LAN and do not have an Interface in DMZ. When RA is set to managed on Interface LAN and DMZ, the Windows client only gets one IPv6 Address from DHCPv6 but once again multiple default Gateways.
    No matter what RA Mode i use, on the Client i always end up getting a IPv6 configuration with multiple default Gateways and in certain cases also multiple IP Addresses.

    ipconfig (with RA Mode set to managed and DHCPv6 enabled on LAN and DMZ)
    23712cf8-dfff-4279-a76f-1a1ca5f37f45-grafik.png
    ipconfig (with RA Mode set to unmanaged and DHCPv6 disabled on LAN and DMZ)
    488fe656-42ef-4eeb-81ef-eece9a020e0b-grafik.png
    The first IPv6 you see with containing :15c2:5d30: belongs to the DMZ and shouldn't be assigned to the NIC since it only has a connection to my LAN Network.
    The second IPv6 is the right one.

    DHCPv6 Server for LAN (DMZ has the same Settings except for the range which is ::30:1000 to ::30:2000)
    d2007a10-97d9-4cca-a57c-ed1cfef4846e-grafik.png

    route print (with RA Mode set to managed and DHCPv6 enabled on LAN and DMZ)
    19000884-74e3-4444-a7ab-3ce373bb9a07-grafik.png

    route print (with RA Mode set to unmanaged and DHCPv6 disabled on LAN and DMZ)
    a1f0e572-6dbb-4890-ae43-ee6f6b1b776d-grafik.png

    WAN Configuration:
    0d0f50a9-cfc6-4d8c-91ba-0bae865f26fb-grafik.png
    4493e7e1-60fe-4f43-9859-426f2a5c7525-grafik.png

    LAN Configuration:
    08502e8f-08cf-4616-aa7a-cbf584baddc4-grafik.png

    DMZ Configuration:
    9577f137-9306-427a-87a3-61f43486bf81-grafik.png

    RA Configuration:
    3f5b9011-67d2-4dc2-892e-ac6f0018f9a6-grafik.png
    6f7b08db-1513-4847-a63a-ba38ed0cc83f-grafik.png

    The fun part is that this problem only affects Windows clients.
    I don't have any Problems with Linux clients in the same LAN.

    route -A inet6
    5798a056-f962-4cd3-9926-182af7763aa6-grafik.png

    Does anyone know what is going wrong with my setup?

    Thank you.

    1 Reply Last reply Reply Quote 0
    • J
      JKnott
      last edited by Jan 30, 2021, 2:23 AM

      Fire up Wireshark and watch icmp6. See what's in the RAs. It sounds like something is leaking somewhere.

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      L 1 Reply Last reply Jan 30, 2021, 11:08 AM Reply Quote 1
      • L
        lufu83 @JKnott
        last edited by Jan 30, 2021, 11:08 AM

        @jknott
        i can see Router Advertisement pakets from both pfsense Nics.
        5a655491-673a-47fb-9453-3258feab0347-grafik.png
        I will check my Switch config to see if there is something bridging both networks

        J L 2 Replies Last reply Jan 30, 2021, 11:29 AM Reply Quote 0
        • J
          JKnott @lufu83
          last edited by Jan 30, 2021, 11:29 AM

          @lufu83

          Any chance you're running VLANs through a TP-Link switch or AP?

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • L
            lufu83 @lufu83
            last edited by Jan 30, 2021, 11:40 AM

            @lufu83
            for some strange reason i can see Router Advertisement pakets from all vlans in my Wireshark trace if the Port configuration on my Ubiquiti Switch is set to "All".
            Changing the port profile to a specific value like "LAN" or "DMZ" does the trick.

            J 1 Reply Last reply Jan 30, 2021, 4:46 PM Reply Quote 0
            • L
              lufu83
              last edited by Jan 30, 2021, 12:05 PM

              There is also a related Topic on the the Ubiquiti Forum for all those struggleing with the same Problem:
              https://community.ui.com/questions/5-7-23-still-a-problem-with-VLANs-and-IPv6-RAs/6618f213-8b51-478a-832b-8e32463978bd

              1 Reply Last reply Reply Quote 0
              • J
                JKnott @lufu83
                last edited by Jan 30, 2021, 4:46 PM

                @lufu83

                I don't have a Ubiquiti switch, but when I configured my Cisco switch, I configured the pfsense and AP ports to pass the needed VLANs and the other ports just got the main LAN.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                L 1 Reply Last reply Jan 31, 2021, 4:14 PM Reply Quote 0
                • L
                  lufu83 @JKnott
                  last edited by Jan 31, 2021, 4:14 PM

                  @jknott
                  A Unifi Switch has its Ports set to the profile "All" by default.
                  In Cisco terms this would mean that every Port is set to Trunk Mode with native VLAN 1 and every other VLAN tagged

                  What helped was to set a specific Profile where only one VLAN is selected.
                  In other words, the port now is in Access Mode and has no tagged VLANs

                  1 Reply Last reply Reply Quote 0
                  8 out of 8
                  • First post
                    8/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received