[solved] RA Subnets
-
I have an interface which tracks WAN. On this interface I also wanted to have an ULA prefix, so I through it into Subnets in RA.
Problem, there was no connectivity and also no routes where shown.Is this expected? In which case is RA Subnets useful?
-
I have ULA enabled on 4 different interfaces and they all work. What version of pfsense are you running. If prior to 2.5.0, you have to add the original GUA prefix to the interface in the same was as you did the ULA.
-
@jknott I track interface so I just entered the ula prefix under RA.
-
So do I. What version are you running. As I mentioned, there's a problem with older versions.
-
@jknott I am running 2.5.0. Track interface is for the GUA. Adding the ULA Prefix where I did first looked good, clients got it, but I couldn't use the IPs, for example pinging wasn't possible. I then looked at routes in pfSense and there where none for this prefix.
Do you see your GUA-prefix in RA Subnets in routing?
-
I haven't tried routing one of those addresses.
-
@jknott But what would it be worth, if it is not route-able.
-
ULA is routeable, but not over the Internet, just like RFC1918 addresses. It's link local addresses that's aren't routeable.
-
@jknott But that is what I meant, I couldn't even use the ULA locally on pfSense, couldn't even ping another host on another local interface.
So what did I do wrong? That is what I hope to find out here, please no more useless replies. -
Run Packet Capture, filtering on ICMP6, to see what's happening. You should see RAs for both GUA and ULA prefixes.
-
@jknott I am not good at looking at Packet Captures, so shouldn't I see that ULA in Diagnostics Routes in the first place?
-
I use packet capture all the time and it's not hard to read. Given that you can't even ping on the local network, it's not a routing issue. It sounds more like those addresses aren't even working. Can you see them on the devices?
Here's a capture I just ran. When you open it with Wireshark and examine the router advertisements, you'll see prefixes listed for both the GUA and ULA addresses. If you don't see the ULA, it will never work.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@jknott said in RA Subnets:
It sounds more like those addresses aren't even working. Can you see them on the devices?
Yes, Devices got them.
-
@jknott So I think it is a routing problem. And so again my question, a last time, can you see the prefix in Diagnostics / Routes. I would think that at least the interface itself would show there.
-
-
@jknott And I got those only where I have Static IPv6 Configuration set (with ULA), but not on that interface, which has track interface for GUA and ULA in RA Subnet. The ULA prefix doesn't show up in pfSense.
Also the interface only got the GUA.
-
Where are you looking? The web interface doesn't show them, but ifconfig does.
-
@jknott said in RA Subnets:
but ifconfig does.
Ok, trying it right now, but ifconfig is showing the same as the webinterface, so no ULA I set on ra subnet, just the GUA via track interface.
I guess, no one does that, GUA by track interface and ULA by ra subnet? Or are my settings wrong?
I also use the DHCPv6 Server and have a static mapping configured, so I want to use both.
-
You wouldn't track the interface for ULA, as you manually assign it on the Router Advertisement page. When you track an interface, the prefix is provided by the ISP and they'd have nothing to do with your ULA, though they might have them on the WAN interface.
You have to ensure you actually have a ULA address on the interface. If you have that, then try pinging another ULA on the same subnet. Once you have that, then you can try routing between subnets.
-
@jknott I have none, I have a GUA.
So it is a bug.
