[SOLVED] IPV6 issues. no default route via DHCP in Windows, no routing outside
I'm currently facing two issues that I'm not sure I know how to handle and would like some assistance with resolving.
The two issues are:
A LAN computer connected to the router is able to get a DHCP IP address and can ping the LAN interface of the router however is not able to ping outside. Rules have been created on the WAN, OPT1 and LAN interfaces for IPv6 allowing traffic from any to any (wide open). The DHCP server is running in Assisted mode and when pulled using a Linux box, I get an IP and a default route for IPv6 as expected. A windows VM bridged to the same ethernet interface gets an IP but no default route. Both hosts can ping the LAN IPv6 interface and a ping from the LAN interface to a host on the local network responds as expected.
None of the hosts (DHCP or statically assigned) can ping externally or resolve external DNS. There does not appear to be any firewall rules blocking access, the WAN, OPT1 and LAN interfaces for IPv6 are set to allow traffic from any to any. A test using Hurricane Electric's Looking Glass confirms that they can reach my end of the tunnel. DNS Hostname lookups and pings on the router confirms that the tunnel is operational and I am able to ping ipv6.google.com, etc..
My pfSense version is 2.1-DEVELOPMENT (i386) built on Tue Sep 13 17:28:43 EDT 2011 FreeBSD 8.1-RELEASE-p4 and was just updated earlier this morning (current versioning shown).
If possible, I would prefer to fix the routing issue as I am not as concerned with Windows getting fixed as I am about routing working in general. The routing issue would be far more beneficial.
Please assist. It feels like I have the two connections up and running, just don't have the magic to get the two to talk to each other. If you need any additional information, I will be more than happy to provide whatever information that may prove useful. I would really love to get this figured out!
Thank you for your time.
Edited to add: I used the instructions from http://doc.pfsense.org/index.php/Using_IPv6_on_2.0 to set up IPv6 on this router.
I decided to manually assign IPs to the test boxes however I still can't get out to the public Internet. My end of the IPv6 tunnel is still pingable from the outside and I can still access my inside hosts by their IPv6 addresses. I was able to manually assign a route on the test boxes pointing to the IPv6 address of the LAN port of the router however I am still not able to get outside.
One thing I noticed is that a traceroute performed on the test boxes shows a !H for the IP address of that host:
traceroute to ipv6.google.com (2001:4860:4002:802::1014), 30 hops max, 80 byte packets
1 2001:470:XXXX:YYYY::3 3001.302 ms !H 3001.290 ms !H 3001.272 ms !H
The !H indicates no route however there IS a route defined!
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:470:XXXX:YYYY::/64 :: U 256 0 1 eth0
2000::/3 2001:470:1f0f:ed8::1 UG 1 0 42 eth0
Does anyone have any suggestions as to what could be causing this? I would greatly appreciate any assistance with this issue.
For some reason and thanks to johnpoz in this forum post http://forum.pfsense.org/index.php/topic,43295.0.html I started looking around at the box from a commandline perspective. I found that rtadvd (or radvd) was NOT running. I found the binary in /usr/sbin/rtadvd and a conf file in /var/etc/rtadvd.conf (attached below)
Cannot 'start' rtadvd. Set rtadvd_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.
Manual attempts to start rtadvd showed this error:
rtadvd: <getconfig>non zero router lifetime is specified for em1, which must not be allowed for hosts. you must change router lifetime or enable IPv6 forwarding.
After investigating further, I decided to start digging into why em1 was not considered a routing interface. I came across the sysctl command which I hadn't thought to check as according to the HOWTO, it should have already been enabled!
sysctl: illegal option -- -
usage: sysctl [-bdehiNnoqx] name[=value] …
sysctl [-bdehNnoqx] -a
net.inet6.ip6.forwarding: 0 -> 1
Turning on this option allowed me to start rtadvd:
rtadvd: <ra_timer_update>RA timer on em1 is set to 16:0
<main>set timer to 15:999607. waiting for inputs or timeout
<main>set timer to 0:568. waiting for inputs or timeout
<main>set timer to 0:300. waiting for inputs or timeout
<main>set timer to 0:169. waiting for inputs or timeout
<main>set timer to 0:136. waiting for inputs or timeout
<main>set timer to 0:117. waiting for inputs or timeout
<main>set timer to 0:97. waiting for inputs or timeout
<main>set timer to 0:77. waiting for inputs or timeout
<main>set timer to 0:58. waiting for inputs or timeout
<main>set timer to 0:39. waiting for inputs or timeout
<main>set timer to 0:20. waiting for inputs or timeout
<main>set timer to 0:1. waiting for inputs or timeout
rtadvd: <ra_timeout>RA timer on em1 is expired
rtadvd: <ra_output>send RA on em1, # of waitings = 0
rtadvd: <ra_timer_update>RA timer on em1 is set to 16:0
<main>set timer to 16:0. waiting for inputs or timeout
and again without foreground and debug enabled:
root 63514 0.0 0.2 3316 1168 ?? Ss 12:09PM 0:00.00 /usr/sbin/rtadvd -c /var/etc/rtadvd.conf em1
root 5119 0.0 0.3 3524 1260 0 S+ 12:09PM 0:00.00 grep rtadvd
And now, I am finally able to connect to ipv6 addresses using my v6/v4 computer. The question is why weren't these options set (at least the IPv6 routing forwarding)? Was there some step I missed in getting radvd started? It's not listed on the DHCP page nor is it listed under Status->Services as a startable option.
I did re-git my router this morning, but it does not appear that the versioning has changed:
built on Tue Sep 13 17:28:43 EDT 2011
The only issue now is DNS resolution however I think it's just firewall weirdness and I can get that sorted out later on. The segment is running v4/v6 and ipv4 DNS server answers ipv6 queries (forwards) so I'm good there.</main></ra_timer_update></ra_output></ra_timeout> </main>
databeestje last edited by
If you do nog reboot after the first time hou gitsync those won't be set.
When I performed the resync the first time, my shell session got "terminated" (got kicked back to local prompt) and I had to login again so I thought the router had rebooted. I resynched it just a moment ago and rebooted it again after my session got terminated and it looks like everything's working. I can access ipv6.google.com and a test site so all appears well now.
Thank you for your assistance.
Note to newbies: If you're planning on implementing IPv6, it's best to use a v6/v4 dual-homed network. Running IPV6-only will leave you with very little to do on the Internet. (example: www.v6.facebook.com only works halfway. Facebook's fault. :P )