PfSense not responding to IPv6 Ping

ipv6kid

Having trouble getting my pfSense install to respond to pings. It will respond on it's IPv4 address, but not IPv6. I can browse to IPv6 websites fine, and connect back to the routers web interface using IPv6 web proxies, but not ping. Anybody have any ideas? I'm not a pfSense or Firewalling newbie but I cannot figure it out. Thanks in advance.

cmb

Respond from where? Assuming you're showing your HE.net tunnel there, that rule will only allow pinging from the Internet.

jimp

If you do a traceroute6 from another host in, using icmp, how far does it get?

That first rule for ICMP should be allowing it, does it show as blocked in your firewall logs?

If so, click the 'x' and see what rule did the blocking, and show the log entry here.

ipv6kid

Thanks guys. I completely disabled the firewall in pfSense, still could not ping the gateway from an outside IPv6 address.

I did a traceroute from an outside website: http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-traceroute.php

The results are as follows:

TraceRoute IPv6 Output:
traceroute to www.t********r.com (2001:470:c:132c::2), 30 hops max, 40 byte packets
1  2a02:348:82::1 (2a02:348:82::1)  0.199 ms  0.226 ms  0.251 ms
2  xl-internetservices.nl.ip6.jointtransit.nl (2a02:10:0:1::e:3)  0.961 ms  0.980 ms  2.253 ms
3  hurricane-electric.nikhef.nlsix.net (2001:7f8:13::a500:6939:1)  6.407 ms  6.205 ms  6.441 ms
4  10gigabitethernet1-4.core1.lon1.he.net (2001:470:0:3f::1)  14.631 ms  15.022 ms  14.868 ms
5  10gigabitethernet7-4.core1.nyc4.he.net (2001:470:0:128::1)  75.466 ms  74.583 ms  74.565 ms
6  10gigabitethernet5-3.core1.lax1.he.net (2001:470:0:10e::1)  136.581 ms  136.629 ms  135.161 ms
7  ordns.he.net (2001:470:20::2)  145.481 ms  139.272 ms  142.351 ms
8  * * *
9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

Finished!

I cannot figure this out!

ipv6kid

I found a partial solution to the problem: If I ping the IPv6 address directly, it works fine. If I ping the domain name, it doesn't work even though I have AAAA addresses setup for the domain going to the same IP as I am pinging.

ipv6kid

To update this:

I think it ended up being the IPv6 Ping website I was using located in Denmark. I've since tried other ones and the ping seems to be working correctly.

Thank you for your responses.