IPv6 Gateway monitoring broken in 2.6.0?
-
@gertjan said in IPv6 Gateway monitoring broken in 2.6.0?:
@kimble said in IPv6 Gateway monitoring broken in 2.6.0?:
still work for you in 2.6.0?
Just pick one, test if it repleis to IPv6 ICMP, and use it.
My problem isn't choosing a monitor address. My ISP provides one for the purpose, and it replies to ICMP ping just fine.
The isssue I've found is that, for reasons that aren't entirely clear, pfsense doesn't start a dpinger process to monitor the gateway when a) I'm using a monitor IP and b) there's no global IPv6 address on the WAN interface.
Anyway, this is no longer a problem for me, as I've worked around the known bug that was preventing the WAN interface acquiring a global address.
-
@kimble said in IPv6 Gateway monitoring broken in 2.6.0?:
or reasons that aren't entirely clear, pfsense doesn't start a dpinger process to monitor the gateway when a) I'm using a monitor IP and b) there's no global IPv6 address on the WAN interface.
How would you ping some IPv6 IP if you don't have a global IPv6 address to ping it from.. So that seems kind of blatantly clear to why dpinger couldn't or wouldn't start pinging something if it doesn't have an address to ping from ;)
-
@jknott said in IPv6 Gateway monitoring broken in 2.6.0?:
@kimble said in IPv6 Gateway monitoring broken in 2.6.0?:
So, does it still work for you in 2.6.0?
Yes.
Looking at gwlb.inc it seems that it won't start dpinger while the IPv6 interface is tentative. Which I assume is the difference between "no global address because there isn't supposed to be one" and "no global address because dhcp6c isn't working properly".
Which means it's just a symptom of the multiple dhcp6c instances bug.
-
@johnpoz said in IPv6 Gateway monitoring broken in 2.6.0?:
@kimble said in IPv6 Gateway monitoring broken in 2.6.0?:
or reasons that aren't entirely clear, pfsense doesn't start a dpinger process to monitor the gateway when a) I'm using a monitor IP and b) there's no global IPv6 address on the WAN interface.
How would you ping some IPv6 IP if you don't have a global IPv6 address to ping it from.. So that seems kind of blatantly clear to why dpinger couldn't or wouldn't start pinging something if it doesn't have an address to ping from ;)
Good question and beyond my expertise - binding to a link-local address is only going to work for pinging the endpoint. It appears to be working for @JKnott though?
-
@kimble said in IPv6 Gateway monitoring broken in 2.6.0?:
It appears to be working for @JKnott though?
BS - sorry but you can not ping a global IPv6 address if you only have a link local address as the source.. Just not freaking possible.. That might be your route, but you still need a valid source IP to use..
How would you ever get an answer?
You could ping your router, or your gateway via the link local, but you wouldn't be able to ping some global IPv6 address without a global IPv6 address as your source.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.03 | Lab VMs 2.7.2, 24.03 -
@kimble said in IPv6 Gateway monitoring broken in 2.6.0?:
It appears to be working for @JKnott though?
Good question.
I think he did what I did : I focussed at the subject that states :
IPv6 Gateway monitoring broken in 2.6.0?
and my IPv6 Gateway monitoring works very well under 2.6.0.
@kimble said in IPv6 Gateway monitoring broken in 2.6.0?:
Which means it's just a symptom of the multiple dhcp6c instances bug.
You have more then one IPv6 WAN ?
-
@johnpoz said in IPv6 Gateway monitoring broken in 2.6.0?:
@kimble said in IPv6 Gateway monitoring broken in 2.6.0?:
It appears to be working for @JKnott though?
BS - sorry but you can not ping a global IPv6 address if you only have a link local address as the source.. Just not freaking possible.. That might be your route, but you still need a valid source IP to use..
How would you ever get an answer?
You could ping your router, or your gateway via the link local, but you wouldn't be able to ping some global IPv6 address without a global IPv6 address as your source.
Maybe it's clever enough to bind to a LAN address in that instance? I've no idea.
Otherwise it's something that cloud do with a more explicit error message, rather than the gateway being stuck on 'pending'.
-
@gertjan said in IPv6 Gateway monitoring broken in 2.6.0?:
@kimble said in IPv6 Gateway monitoring broken in 2.6.0?:
It appears to be working for @JKnott though?
Good question.
I think he did what I did : I focussed at the subject that states :
IPv6 Gateway monitoring broken in 2.6.0?
Yes, I did try to edit the OP to make that clearer when I worked out what was going on, but it was out of time.
and my IPv6 Gateway monitoring works very well under 2.6.0.
@kimble said in IPv6 Gateway monitoring broken in 2.6.0?:
Which means it's just a symptom of the multiple dhcp6c instances bug.
You have more then one IPv6 WAN ?
Yes. Depending on the vagaries of the mobile provider I'm using for a backup connection.
-
I have a global WAN address, as well as the link local address. The first hop is a link local address, as is common. I cannot use that link local address, but I can use a global address beyond. Also, I cannot even ping that link local address from the command line, so I suspect my ISP has turned off echo.
-
@johnpoz said in IPv6 Gateway monitoring broken in 2.6.0?:
BS - sorry but you can not ping a global IPv6 address if you only have a link local address as the source.. Just not freaking possible.. That might be your route, but you still need a valid source IP to use..
All you need is a valid global address and the ping6 command allows setting a source address with the -S option, so any valid address on pfsense can be used. I just tried it, using my LAN global address to ping the address I used for the monitor.
So, even if you don't have a global WAN address, you can still ping a global address by using the LAN address.
This is one area where things can get really "interesting".
-
@kimble said in IPv6 Gateway monitoring broken in 2.6.0?:
Maybe it's clever enough to bind to a LAN address in that instance? I've no idea.
You have to specify a source address by using the -S option in ping. I just did it, using my LAN global address.
-
This post is deleted! -
This post is deleted!
