ipv6 over pppoe, openwrt works but pfsense doesnt
-
Hello,
My ISP uses pppoe for authentication. The modem they given is bridged to my pfsense router. Unfortunately, i dont get an ipv6 address when using pfsense. On the other hand I do get ipv6 when i use openwrt instead of pfsense.
The ISP uses dhcpv6 and following is my configuration of openwrt (TPlink Archer C7),
# cat /etc/config/network config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option ula_prefix 'fd2e:f3f7:1a7d::/48' config interface 'lan' option type 'bridge' option ifname 'eth1.1' option proto 'static' option netmask '255.255.255.0' option ip6assign '60' option ipaddr '172.20.1.1' config interface 'wan' option ifname 'eth0.2' option proto 'pppoe' option password 'mypassword' option ipv6 'auto' option username 'myusername' config interface 'wan6' option ifname 'eth0.2' option proto 'dhcpv6' option reqaddress 'try' option reqprefix 'auto' config switch option name 'switch0' option reset '1' option enable_vlan '1' config switch_vlan option device 'switch0' option vlan '1' option ports '2 3 4 5 0t' config switch_vlan option device 'switch0' option vlan '2' option ports '1 6t' config interface 'wwan' option proto 'dhcp
Using this openwrt shows the ipv6 address,
#ip a s 10: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN qlen 3 link/ppp inet xx.yy.zz.ww peer xx.yy.64.1/32 scope global pppoe-wan valid_lft forever preferred_lft forever inet6 2401:xxxx:yyyy:zzzz:8fff::58:4e5f/128 scope global dynamic valid_lft 85739sec preferred_lft 85739sec inet6 fe80::91d3:6cff:be4a:46eb/10 scope link valid_lft forever preferred_lft forever Protocol: Virtual dynamic interface (DHCPv6 client) Uptime: 0h 11m 51s IPv6: 2401:xxxx:xxxx:8fff::58:4e5f/128 IPv6-PD: 2401:xxxx:xxxx:535a::/64
With pfsense the configuration below does not give me an ipv6.
Why does openwrt work but pfSense doesnt?
-
I turned on the 'Do not wait for a RA' and now the interface shows an ipv6.
[2.5.2-RELEASE][root@pfSense.localdomain]/root: ifconfig pppoe1 pppoe1: flags=89d1<UP,POINTOPOINT,RUNNING,NOARP,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1492 description: WAN2 inet xx.yy.232.42 --> xx.yy.64.1 netmask 0xffffffff inet6 fe80::a236:9fff:fe19:8%pppoe1 prefixlen 64 scopeid 0x1e inet6 fe80::a236:9fff:fe19:9%pppoe1 prefixlen 64 scopeid 0x1e inet6 2401:xxxx:yyyy:zzzz::58:5510 prefixlen 128 nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
However ping to google doesnt work.
[2.5.2-RELEASE][root@pfSense.localdomain]/root: ping ipv6.google.com ping: cannot resolve ipv6.google.com: Unknown server error [2.5.2-RELEASE][root@pfSense.localdomain]/root: ping 2001:4860:4860::8888 ping: cannot resolve 2001:4860:4860::8888: Unknown host
Under System>Routing>Gateways a link local address assigned to WAN2 rather than a public ipv6 address,
In openwrt the routing table is,
# ip -6 route default from 2401:xxxx:yyyy:5f37::/64 via fe80::3e94:d5ff:fec8:b4fe dev pppoe-wan metric 4096 default from 2401:xxxx:yyyy:8fff::58:540f via fe80::3e94:d5ff:fec8:b4fe dev pppoe-wan metric 4096 2401:xxxx:yyyy:5f37::/64 dev br-lan metric 1024
Is this a problem of routing now?
-
@trumee said in ipv6 over pppoe, openwrt works but pfsense doesnt:
However ping to google doesnt work.
From pfsense or a computer on the LAN? Do devices on the LAN get an IPv6 address?
Under System>Routing>Gateways a link local address assigned to WAN2 rather than a public ipv6 address
Link local addresses are often used for routing. Entirely normal.
-
@jknott said in ipv6 over pppoe, openwrt works but pfsense doesnt:
@trumee said in ipv6 over pppoe, openwrt works but pfsense doesnt:
However ping to google doesnt work.
From pfsense or a computer on the LAN? Do devices on the LAN get an IPv6 address?
Both from pfsense and LAN. The LAN is getting an ipv6
LAN $ ip a s 2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP group default qlen 1000 link/ether ac:1f:6b:91:41:56 brd ff:ff:ff:ff:ff:ff altname enp0s31f6 inet 172.16.1.28/24 metric 10 brd 172.16.1.255 scope global dynamic eno1 valid_lft 5991sec preferred_lft 5991sec inet6 2401:xxxx:yyyy:66cd::ffaa/128 scope global dynamic noprefixroute valid_lft 5993sec preferred_lft 3293sec inet6 2401:xxxx:yyyy:66cd:ae1f:6bff:fe91:4156/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 85192sec preferred_lft 13192sec inet6 fe80::ae1f:6bff:fe91:4156/64 scope link $ ping ipv6.google.com ping: connect: Network is unreachable
Under System>Routing>Gateways a link local address assigned to WAN2 rather than a public ipv6 address
Link local addresses are often used for routing. Entirely normal.
-
Can you ping between devices on the LAN? What is the default route? It should be a link local address for pfsense. Have you used Packet Capture to see if the pings are leaving from the WAN port?
-
@jknott You are onto something. I cannot ping ipv6 between devices on the LAN.
ip address Desktop 2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP group default qlen 1000 link/ether ac:1f:6b:91:41:56 brd ff:ff:ff:ff:ff:ff altname enp0s31f6 inet6 2401:xxxx:yyyy:66cd::ffaa/128 scope global dynamic noprefixroute valid_lft 6873sec preferred_lft 4173sec inet6 2401:xxxx:yyyy:66cd:ae1f:6bff:fe91:4156/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 86072sec preferred_lft 14072sec inet6 fe80::ae1f:6bff:fe91:4156/64 scope link valid_lft forever preferred_lft forever NAS 3: vlan100br: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 3e:c7:b3:f8:ef:06 brd ff:ff:ff:ff:ff:ff inet6 2401:xxxx:yyyy:66cd::ff0a/128 scope global dynamic noprefixroute valid_lft 6028sec preferred_lft 3328sec inet6 2401:xxxx:yyyy:66cd:3cc7:b3ff:fef8:ef06/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 74937sec preferred_lft 2937sec inet6 fe80::3cc7:b3ff:fef8:ef06/64 scope link valid_lft forever preferred_lft forever
Ping to NAS from desktop
$ ping 2401:xxxx:yyyy:66cd:3cc7:b3ff:fef8:ef06 PING 2401:xxxx:yyyy:66cd:3cc7:b3ff:fef8:ef06(2401:xxxx:yyyy:66cd:3cc7:b3ff:fef8:ef06) 56 data bytes From 2401:xxxx:yyyy:66cd::ffaa icmp_seq=1 Destination unreachable: Address unreachable From 2401:xxxx:yyyy:66cd::ffaa icmp_seq=2 Destination unreachable: Address unreachable From 2401:xxxx:yyyy:66cd::ffaa icmp_seq=3 Destination unreachable: Address unreachable ^C --- 2401:xxxx:yyyy:66cd:3cc7:b3ff:fef8:ef06 ping statistics --- 4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3159ms $ ping 2401:xxxx:yyyy:66cd::ff0a ping: 2401:xxxx:yyyy:66cd::ff0a: Name or service not known
Route on desktop
$ route -6 -n Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If ::1/128 :: U 256 2 0 lo 2401:xxxx:yyyy:66cd::/64 :: Ue 10 3 0 eno1 fe80::/64 :: U 256 1 0 eno1 fe80::/64 :: U 256 1 0 vmnet1 fe80::/64 :: U 256 1 0 vmnet8 fe80::/64 :: U 256 1 0 enp3s0 ::/0 :: !n -1 1 0 lo ::1/128 :: Un 0 11 0 lo 2401:xxxx:yyyy:66cd::ffaa/128 :: Un 0 4 0 eno1 2401:xxxx:yyyy:66cd:ae1f:6bff:fe91:4156/128 :: Un 0 3 0 eno1 fe80::202:c9ff:fe4e:2194/128 :: Un 0 2 0 enp3s0 fe80::250:56ff:fec0:1/128 :: Un 0 5 0 vmnet1 fe80::250:56ff:fec0:8/128 :: Un 0 2 0 vmnet8 fe80::ae1f:6bff:fe91:4156/128 :: Un 0 4 0 eno1 ff00::/8 :: U 256 10 0 eno1 ff00::/8 :: U 256 1 0 vmnet1 ff00::/8 :: U 256 1 0 vmnet8 ff00::/8 :: U 256 6 0 enp3s0 ::/0 :: !n -1 1 0 lo
-
Capture on some router advertisements. Use Packet Capture and filter on ICMP6. Post the capture file here.
-
I just noticed something. You're using "ping" That works for IPv6 in Linux, but not FreeBSD which pfsense runs on. You have to use ping6 on it.
-
@jknott said in ipv6 over pppoe, openwrt works but pfsense doesnt:
I just noticed something. You're using "ping" That works for IPv6 in Linux, but not FreeBSD which pfsense runs on. You have to use ping6 on it.
[2.5.2-RELEASE][root@pfSense.localdomain]/root: ping6 ipv6.google.com PING6(56=40+8+8 bytes) 2401:xxxx:yyyy:8fff::58:5788 --> 2404:6800:4007:821::200e ^C --- ipv6.l.google.com ping6 statistics --- 8 packets transmitted, 0 packets received, 100.0% packet loss
-
Can you ping6 to other internal hosts?
Is pfSense handing out those IPs via dhcpv6? That would imply it's receiving a prefix from the ISP.
Steve