IPv6 Routing Problems

supermega

Hey pfsense experts :)

On my pfsense box I need a separate LAN for testing.

Following Configuration I want to have.

WAN –> static IPv4, static IPv6 addresses      working

LAN --> static IPv4 172.16.0.0/16                  working

OPT1--> static IPv4 10.255.255.254/8, static IPv6 4001:8e0:106a::1  only IPv4 works

I can ping the pfsense (both IPv4, IPv6) from the OPT1 LAN. With IPv4 I can reach the Internet.

With IPv6 only DNS lookups are working to the Internet.

On the OPT1 I done 2 Rules one for IPv4 any any and one for IPv6 any any.

Any Ideas? Did I have to do something special for the routing of IPv6 on the pfsense box?

Best regards

supermega

PS: Sorry for my bad english

supermega

Nobody  :'(

I can ping the IPv6 of the WAN Interface from a Client behind dä firewall.

The pfsense box can reach IPv6 Addresses without any problems.

wallabybob

Are you using a snapshot build of pfSense 2.1? (I suspect IPv6 is not really "supported" in pfSense 2.0.x and earlier.)

Does your pfSense box have an IPv6 default route? If not, the pfSense box might not know where to forward your IPv6 traffic to get it close to its destination. pfSense shell command```

netstat -r -n

podilarius

If you are using 2.1, is the IPV6 addresses in the same subnet as the WAN IPV6 addresses?

supermega

Oke so I check the IPv6 default gatway.

The WAN Interface get his IPv6 address over DHCP from the ISP. With netstat -r -n I can see a default gatway.

Internet6:
Destination                      Gateway                      Flags      Netif                                                                                                                      Expire
default                          fe80::221:a0ff:XXXX:XXXX%pppoe0 UGS      pppoe

The WAN Interface can ping IPv6 google address or something else without any problems.

On the OPT I set a static IPv6 with the same default gateway as the WAN Interface. The problem is still there :'(

I'm using the newest pfsense 2.1. I do the Updates weekly.

regards

supermega

podilarius

Are you using the subnet assigned to you from the ISP? If not, the you are probably going to have to do a track interface (not sure there). If so, did you go in and setup either DHCPv6 or at least the routing advertisement (RA). For those to work, you need to use a /64 or higher bit mask (64-127).
Again, for LAN the default gateway is only used in very special cases and need not be set. Please don't set a default gateway for LAN. It is only there because other interface types need it to be there. (WAN, WAN2 … etc).

Just out of curiosity, and I know it is slightly off topic, but why do you have such a large IPv4 range on OPT1?

supermega

Thans for your reply podilarius.  :)

I find it out. I put in the wrong WAN Prefix on the WAN Interface. Now I can reach the Internet with IPv6.  ;) ;) ;) ;)

The LAN Adapter is for internal uses.

The OPT1 is now for testing. :) I have a vCloud Director installation behind.

Every machine in the Cloud need one IPv4 and one IPv6. Webserver or something like that will be only v6 reachable. But the machines must also reach the Internet with IPv4.

Because of this reason I have such a big range on the OPT1.

Thank you all

regards

supermega