Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Updated] Puzzling loss of IPv6 from Starlink

    Scheduled Pinned Locked Moved IPv6
    3 Posts 2 Posters 469 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      Mission-Ghost
      last edited by Mission-Ghost

      [Update] I had an opportunity during a lull in network usage to reboot the 4200+. Doing so brought back the Starlink IPv6. So it appears there is something going on in the router that caused the loss of the IPv6 connectivity and would not resolve without a complete normal reboot.

      [Original post]

      I have a Netgate 4200 converted to a plus running v24.11, as I have been since last year.

      The Starlink router is in bypass mode. I have T-Mobile Home Internet as a backup in the failover gateway group.

      I have also been getting Starlink IPv6 for many months without problems. No changes to the firewall recently. Early this morning, IPv6 (only) on my Starlink died:

      Aug 27 05:05:11 	php-fpm 	8972 	/rc.filter_configure_sync: GW States: Killing states for down gateway: STARLINKA_DHCP6, fe80::200:5eff:fe00:101%igc3
Aug 27 05:05:11 	php-fpm 	96904 	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'STARLINKA_DHCP6'
Aug 27 05:05:09 	check_reload_status 	691 	Reloading filter
Aug 27 05:05:09 	check_reload_status 	691 	Restarting OpenVPN tunnels/interfaces
Aug 27 05:05:09 	check_reload_status 	691 	Restarting IPsec tunnels
Aug 27 05:05:09 	check_reload_status 	691 	updating dyndns STARLINKA_DHCP6
Aug 27 05:05:09 	rc.gateway_alarm 	58850 	>>> Gateway alarm: STARLINKA_DHCP6 (Addr:2001:4860:4860::8844 Alarm:1 RTT:19.294ms RTTsd:4.341ms Loss:52%)

      IPv4 did not die and remained running normally. No failover to TMHI, as is correct. Starlink IPv6 stayed dead until I had time to look at it this afternoon.

      After the IPv6 connection failed, the dashboard flagged it as down.

      However, my Starlink IPv6 (which is my only IPv6) was still functioning on various endpoints on my network. From my Mac I could successfully ping Google's IPv6 dns, which is also my monitoring destination. Test-ipv6.com returned a 10/10 success.

      So I tried some experiments. I opened System>Routing>Edit the Starlink IPv6 gateway, then saved without making any changes and reloaded. No change to the gateway on the dashboard. Pings from the Mac to IPv6 destinations, including Google, Cloudflare and Quad9 continued normally. Star Debug app showed IPv6 and all other aspects normal.

      I think went to Interfaces>Starlink and saved without making any changes and reloaded. The dashboard for Starlink IPv6 went to pending-unknown for the Starlink IPv6 gateway:

      c2d89c7d-67de-4326-8cfc-9ab9ace7428b-image.png

      Pings from the Mac to Google, Cloudflare and Quad9 all became unsuccessful and Test-ipv6.com failed.

      The dish status page appears normal:

      a56de0bf-c9f1-4ace-beb8-ffe022c31240-image.png

      Star Debug then showed no IPv6.

      So I then rebooted the dish. Failover went to TMHI as expected then returned to the dish IPv4 after the reboot completed, but IPv6 is still dead.

      I've found no issues with Starlink reported on Down Detector.

      How can I diagnose this further? What could be the problem?

      Thank you!

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @Mission-Ghost
        last edited by

        @Mission-Ghost said in [Updated] Puzzling loss of IPv6 from Starlink:

        After the IPv6 connection failed

        Keep in mind : it is possible that there is no problem at all with your IPv6 connection.
        If, for some reason, "2001:4860:4860::8844" ( the IPv6 counterpart of 8.8.8.8, which is a DNS resolver, and never meant to be a ping test IP ) decides NOT to reply to pings, as that isn't what it normally should be sued for, then pfSense assumes "the IPv6 connection is bad" and starts to apply the action : resetting the IPv6 interface.
        Also : ICMP is a low priority protocol, so if the connection is (over) loaded locally or somewhere upstream, routers start to ditch ICMP packets first .... and this will introduce the same action ...

        So : if you can : if Starlink has a fixed IPv6 more close to you, use that one.
        Not an IPv6 from a satellite above your head, as they keep on popping up, and moving away under the horizon ^^

        Does your WAN uses dhcp6c as a IPv6
        If so : here is help :
        fac88772-228f-495c-821f-d926becfb7a2-image.png

        and from now on the DHCP log will show if a WAN IPv6 and prefixe(s) are obtained.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        M 1 Reply Last reply Reply Quote 0
        • M Offline
          Mission-Ghost @Gertjan
          last edited by

          @Gertjan Thank you for responding.

          I get your point about the ping targets. It's been difficult for me to find one in Starlink's own network at our point-of-presence.

          After digging some more, I tried today to see if Gemini could come up with one and it found an ipv4 and ipv6 at the Phoenix PoP that appears to tie in Starlink to the peering network. I've switched to those and will see how it goes. I'll also turn on IPv6 debug in Kea. Thanks for the idea.

          So, even with that, I'm skeptical it was just an issue with Google's dns not responding, since immediately after rebooting pfSense Google responded to ipv6 gateway status pings again. Previously, I'd tried the gateway save/reload and interface save/reload steps without recovering the status ping.

          So something must be going on at reboot to recover the gateway status ping functionality that does not go on at the other attempted reload times.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.