IPv6 Gateway problems on 25.11
-
Hi there!
I've been trying to configure IPv6 on my router since my ISP put me on CGNAT recently and I've been having some problems with the router's internal communication to the internet. My devices connected to the router seem to work just fine with IPv6 but internal functions like updating packages seem to have a problem whenever my IPv6 Gateway is online. If I disable the IPv6 Gateway they work again.
Gateways
Problems with the IPv6 Gateway Enabled
With the IPv6 Gateway Disabled things work again
Here's my Dashboard:
My IPv6 config:
I'd appreciate some help with this one and if you need more info, let me know. -
My IPv6 configuration for my ISP (Nio Fibra from Brazil):
System > Advanced > Networking
Interfaces > WAN
Interfaces > LAN
Services > Router Advertisement > LAN
Services > DHCPv6 Server > LAN (I cut my static leases at the end)
-
@gseidler on first glance your setting look correct.
if I understood you correctly, your clients can connect to the internet by IPv6 just fine. You can ping e.g. 2620:fe::fe (Quad9) from a client. Does an IPv6 test site succeed, like https://ipv6-test.com/?
Then from pfSense, can you ping 2620:fe::fe and does DNS work on pfSense itself? E.g.
/root: host files.netgate.com files.netgate.com has address 208.123.73.207 files.netgate.com has address 208.123.73.209 files.netgate.com has IPv6 address 2610:160:11:18::209 files.netgate.com has IPv6 address 2610:160:11:18::207 -
@patient0 said in IPv6 Gateway problems on 25.11:
Then from pfSense, can you ping 2620:fe::fe and does DNS work on pfSense itself? E.g.
I tried some commands with the IPv6 gateway enabled and I'm even more confused since the IPv6 variants of the commands work just fine on pfSense, only pkg doesn't.
This is the output from a client:
And this is the output from pfsense:
-
@gseidler it's at least good to see that IPv6 wise it works as it should.
Maybe you can go through some point in the Netgate Troubleshooting guide. If pfSense runs on ZFS, create a snapshot beforehand.
https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors
The section Repository Metadata Version Errors:
pkg-static bootstrap -fIt looks as if something with in relation with
pkgis f-up. -
@patient0 said in IPv6 Gateway problems on 25.11:
The section Repository Metadata Version Errors:
pkg-static bootstrap -f
It looks as if something with in relation with pkg is f-up.
Looks like it. Here's the output I get:
I'm doing a reinstall of all packages with:
pkg-static -4 upgrade -fI'll reboot and see if it changes anything.
-
Update: No dice. The behavior continues the same.
-
@gseidler I don't anything else to do, maybe @stephenw10 can help.
I don't know to what
pfsense-plus-pkg.netgate.comshould resolve.It's defined in
/usr/local/etc/pfSense/pkg/repo/pfSense-repo-0000.conf, you got that file (and the others with the name but different extensions)? -
@patient0 said in IPv6 Gateway problems on 25.11:
/usr/local/etc/pfSense/pkg/repo/
I don't I only have a include directory at /usr/local/etc/pfSense
I'll try to do a fresh reinstall and see if I can get it fixed.
-
@gseidler not
/usr/local/pfSensebut/usr/local/*etc*/pfSense/pkg/repo/ -
So I basically did a fresh reinstall and things seem to be working so far. I ditched my saved config and I'm now 60% though on the fight to remember all my configs. Thanks for all the help, @patient0.
-
@gseidler if it help you can restore parts of a config file.
-
@SteveITS Thanks! I'm taking the opportunity to review and learn from this reconfiguration effort. Especially the IPv6 part and NAT.
-
I've been following this thread because I have the same issues. I have to say, I'm very disappointed with the Microsoft like solution of - just reinstall. First I had the VIP issue with pfblocker. Really, they have to uninstall it then reinstall the new and it looses this configuration?? Now I'm down to the IPv6 problems. Everyone's happy with IPv6 but pfsense. It can't update packages or pfblocker feeds with IPv6 enabled.
I've been running pfsense for several years without issue but honestly if I have to start over I'd have to look closely whether pfsense is the answer or not.
-
@jerryj I had problems updating lists in pfBlockerNG right after I upgraded to 25.11, that's what got me into the command line and discover the problems with pkg. Sadly I wasn't able to figure out where the problem was, maybe I could troubleshoot it a little more. I disables services, uninstalled packages, disabled firewall rules and nothing changed. Since I had already messed around my configuration as it was, reinstalling was a logical next step for me anyway. With the basic now working I can focus on other stuff like DNS NAT reflecting to a couple of services I have running on my local network. HAProxy seems a bit daunting for my taste.
Good luck!
-
@gseidler Thanks, I get that. After troubleshooting I was close to reinstalling but I was afraid just reloading the old configuration would likely put me back where I was. Thanks for @SteveITS comment, I didn't know you could reload only parts.
IPv6 was a pain to get working. I'm going to disable it for now and then go back through all the related settings to see if I have something misconfigured.
-
@jerryj so far I got Limiters, Access to Modem interface, IPv6, local DNS with static leases, pfBlockerNG and a few FW rules all working with no bad side effects. But I'm doing it all by hand, no config restoration.
-
This :
should work, but you could select the obvious :
as that's what I have.
But it won't resolve your issue.
This is what I did : https://forum.netgate.com/topic/199602/maybe-some-one-else-sees-it-..../5 - it forces pfSense to uses Ipv4 for it's own stuff, and suddenly, updates are back again.
Not a solution, see it as a temp "fix". -
@Gertjan I did both and it didn't work. You can see the second solution (Prefer to use IPv4...) activated on one of my screenshots. Reinstalling did work and things are running smoothly now.
