Routing brakes if IPv6 is activated on the WAN interface

m0nKeY

Hi,

currently I'm trying to get to know and used to IPv6. My provider Vodafone/Unitymedia in North Rhine-Westphalia is supporting IPv4/IPv6 Dual Stack. My Setup is a AVM Fritzbox 6590 in Bridge-Mode behind my pfsense machine.

I wanted to start with configuring the WAN interface for IPv6 only at first. Assuming it would not break anything. So no DHCP6 server is running on the the LAN interface. Unfortunately, if I activate DHCP6 on the WAN interface it breaks the whole routing between WAN and LAN.

Here you can see, that my ISP has provided an IPv6 address:

This the WAN interface DHCP configuration:

Additionally, because I thought it maybe important, I wanted to say that I have set DNS upstream server for the DNS Resolver:

As I'm currently starting with IPv6, please go easy on me.

Thanks for the help in advance.

Greetings
m0nKeY

JKnott

@m0nkey

Since your ISP is providing dual stack, configure for both IPv4 and IPv6.

One of the settings is:
Use IPv4 connectivity as parent interface - Request a IPv6 prefix/information through the IPv4 connectivity link

SteveITS

@m0nkey *breaks :)

On Interfaces/LAN how is "IPv6 Configuration Type" set?

I would not expect enabling IPv6 would break IPv4 connectivity. As in pinging fails by IP (e.g. 8.8.4.4)? As opposed to DNS returning an IPv6 address?

m0nKeY

@m0nkey

Since your ISP is providing dual stack, configure for both IPv4 and IPv6.

One of the settings is:
Use IPv4 connectivity as parent interface - Request a IPv6 prefix/information through the IPv4 connectivity link

I will definitely try this, if I have later problems with the IPv6 connection. But as @steveits said, my IPv4 routing should still work and I have to take care of this issue first. One step after another.

@m0nkey *breaks :)

On Interfaces/LAN how is "IPv6 Configuration Type" set?

I would not expect enabling IPv6 would break IPv4 connectivity. As in pinging fails by IP (e.g. 8.8.4.4)? As opposed to DNS returning an IPv6 address?

"brakes"... Oh my gosh, what did I write. And I actually had a
thought "this sounds weird" or should I say "this sounds wired". Is it possible for me to correct it?

The "IPv6 Configuration Type" is set to DHCP6.

In some cases ping works and in some not. I did some tests:

Ping "google.de" from LAN with IPv4 -> Does not work
Ping "8.8.8.8" from LAN with IPv4 -> Works
Ping "google.de" from WAN with IPv4 -> Does not work
Ping "8.8.8.8" from WAN with IPv4 -> Works
Ping "google.de" from LAN with IPv6 -> Works
Ping "2a02:908:400:c::1bf9" from LAN with IPv6 -> Works
Ping "google.de" from WAN with IPv6 -> Works
Ping "2a02:908:400:c::1bf9" from WAN with IPv6 -> Works

This looks like my issue is related to DNS, but I don't know what to change and where to look.

SteveITS

@m0nkey Click the 3 dots in the lower right of your post and see if it lets you edit it.

I agree from your tests it looks like pinging IPv4 addresses works and DNS does not. Which seems odd. Is google.de not resolving over IPv4? What are your DNS Resolver settings?

m0nKeY

@steveits said in Routing brakes if IPv6 is activated on the WAN interface:

@m0nkey Click the 3 dots in the lower right of your post and see if it lets you edit it.

This seems only possible in the first 3600 seconds after creation of a thread, but thank. I guess, I have to live with the shame.

I agree from your tests it looks like pinging IPv4 addresses works and DNS does not. Which seems odd. Is google.de not resolving over IPv4?

It seems so. An recommendation for additional tests here? Should I try to reach a webpage via IP instead of name?

What are your DNS Resolver settings?

Here are my settings:

m0nKeY

Is there anyone, who is able to help me with my issue?

heper

@m0nkey is there a reason you enabled forwarding mode?

m0nKeY

@heper I'm not sure anymore. I guess I had activated it because I was experimenting with certificate offloading for my sub-services.

But basically, I don't know. Should I try to deactivate it?

heper

@m0nkey i don't know. maybe the upstream dns servers you use for forwarding are causing issues somehow?

m0nKeY

@heper Deactivated the option, but it issue still consists and nothing changes.

SteveITS

@m0nkey You might try unchecking:
Use SSL/TLS for outgoing DNS Queries to Forwarding Servers
DNSSEC data is required for trust-anchored zones.

m0nKeY

@steveits Thx, unchecked them, but it does not solve my problem.

Bob.Dig

@m0nkey Start a new thread in the German sub-forum and don't do anything s... special like:
"I wanted to start with configuring the WAN interface for IPv6 only at first".
Load the pfSense default setting first and maybe then someone is able to help you. If you have a full dual stack there shouldn't be a problem at all.

m0nKeY

@bob-dig Thank you, but why the German sub-forum?

In the end, I will have to try what you suggested. I was hoping to get to know, how to analyse such issues, to learn something and solve future problems by myself.