pfSense stops routing IPv6 after a few days
-
@msmith100 said in pfSense stops routing IPv6 after a few days:
As I understand it, I could even not have a globally routable address on the WAN, and it would have no effect. I've seen some other people setup pfsense in that manner, actually - I think on Teksavvy?
Quite possibly your WAN address is not used for routing. Check your default route with the netstat -r command. Don't be surprised if you see a link local address.
-
Why on earth would you want to do that? NAT was created to get around the IPv4 address shortage. On IPv6, a single /64 contains 18.4 billion, billion addresses.
-
Seemed like a quick and dirty way of getting IPv6 if my ISP has a non-compliant setup? If it’s not the way to do it then that’s fine.
Someone elsewhere has mentioned that I should investigate enabling large ICMP and ICMP v6 since that’s not allowed on the WAN side of the firewall, but I’m not on site at the moment.
-
What do you mean by "large ICMP"? That would tend to indicate an attack.
-
They specifically mentioned to make sure the following was enabled:
- Allowing large ICMP
- Allowing v6 ICMP across the network
-
@jknott No it's not. Still useful to have for pfsense itself as a pseudo-privacy layer e.g. for DNS requests, and I assume there is at least some good if non-essential reason it's part of an RFC and done by default by my ISP.
-
@ijeff I have no idea how that would help you. AFAIK by default pfsense has rules that allow the bare minimum essential IPv6 ICMP traffic, so that shouldn't be the cause of your issue.
-
I think you're right, it looks like pfSense is doing everything it needs to by default.
I've been referred to this bug which seems to explain the exact issue I'm having. My ISP and the ISP mentioned in the bug actually use very similar network hardware (Cisco Nexus) so it may be completely related to that...
I might wait until 2.5.0 is released with this bug fixed before trying further troubleshooting...
-
I've upgraded to 2.5.0 today and will monitor and report back.
-
No further issues since upgrading to 2.5.0. Looks like the bugs have been squashed!