Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Getting IPv6 SLAAC to work in my network

    Scheduled Pinned Locked Moved IPv6
    ipv6slaacguaulastateless
    31 Posts 4 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JKnottJ
      JKnott @IonutIT
      last edited by

      @ionutit

      I think you'll find capture filters work better than display filters. Capture filters affect what's captured and display filters affect what packets of the capture are displayed. Of course, you can use both for more flexibility. However, I mostly use capture filters. So, you'd filter on ICMP6, which should capture all ICMP6 packets. Once you have some of those, you can use display filters. However, just capturing ICMP6 and quickly scanning the captured packets should reveal the RAs.

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @Bob.Dig
        last edited by

        @bob-dig

        He's running Wireshark, which means he's using a computer on the LAN.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        I 1 Reply Last reply Reply Quote 0
        • JKnottJ
          JKnott @IonutIT
          last edited by

          @ionutit said in Getting IPv6 SLAAC to work in my network:

          I had to create a firewall rule to allow “any” to “ff02::fb” on UDP 5353.

          ????

          mDNS is using ff02, which means it's a link local multicast. It's not supposed to pass through a router.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          I 1 Reply Last reply Reply Quote 0
          • I
            IonutIT @JKnott
            last edited by

            @jknott

            Yeah but for some reason the source is ULA fdcd:: instead of the link-local address so it does go through the firewall. I think that hosts using mDNS broadcast through all available addresses.

            JKnottJ 1 Reply Last reply Reply Quote 0
            • JKnottJ
              JKnott @IonutIT
              last edited by

              @ionutit said in Getting IPv6 SLAAC to work in my network:

              Yeah but for some reason the source is ULA fdcd:: instead of the link-local address so it does go through the firewall.

              That's not an issue. packets for multicast addresses often come from ULA or GUA addresses. Since the address starts with ff02, it's scope is link local and won't pass through the router (pfSense).

              IPv6 has address scopes, which IPv4 does not. This means how far a packet can go depends on the destination address. An address that starts with ff02 is link local. Even on IPv4, you can have public or RFC1918 addresses as the source for local network only destinations.

              So, even though a router may receive a packet with a ff02 destination, it will not forward it.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              1 Reply Last reply Reply Quote 0
              • I
                IonutIT @JKnott
                last edited by

                @jknott and @Bob-Dig

                So after a bit more troubleshooting I finally found the source of my ULA network.

                It seems that the RA for this fdcd::/64 ULA network is my Apple TV 4K (2021), and the reason for it doing that is for Thread. Because the device is a Thread bridge, and because this protocol is IPv6 only, it pushes this ULA inside my network to be able to communicate with other Thread enabled devices inside the LAN.

                Hopefully this will be helpful for others searching for this issue in the future.

                M 1 Reply Last reply Reply Quote 0
                • M
                  MarioG @IonutIT
                  last edited by

                  @ionutit FYI I just read over on the avsforum that tvOS 16.1 beta fixed this. The advertisements stopped.

                  I 1 Reply Last reply Reply Quote 0
                  • I
                    IonutIT @MarioG
                    last edited by

                    @mariog

                    Really? I wasn’t aware that this was a bug, seeing that Thread needs IPv6 to function.

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      MarioG @IonutIT
                      last edited by

                      @ionutit I don't know, I just saw this and thought it was related: https://www.avsforum.com/threads/apple-tv-owners-thread-faq-in-first-post.1278071/page-2178#post-62047363
                      Hope it helps.

                      I 1 Reply Last reply Reply Quote 0
                      • I
                        IonutIT @MarioG
                        last edited by

                        @mariog Thanks for the link. I'll keep an eye on this.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.