IPv6 over PPPoE, wrong default gateway



  • So I have a 2.1 RC1 firewall that gets an inet connection via pppoe, which is delivered over VDSL. 
    A characteristic is the PPPoE session is delivered on VLAN ID 10.

    My V4 connectivity is fine, my V6 connection appears to have a gateway accessed by the wrong interface.
    My ISP routes me a static prefix of 2400:6900:ffff:1::/64 and I have :1:1 as my LAN IP on the firewall
    There is a v6 webserver at www.criggie.org.nz with address 2400:6900:ffff:1::1:2

    Here's the top of    netstat -f inet6 -arn

    Internet6:
    Destination                      Gateway                      Flags      Netif Expire
    default                          fe80::c664:13ff:fe9e:bf80%em0_vlan10 UGS    em0_vlan
    ::1                              ::1                          UH          lo0
    2400:6900:ffff:1::/64            link#1                        U          em0
    2400:6900:ffff:1::1:1            link#1                        UHS        lo0

    If I ping that fe80 link local gateway IP via em0_vlan10 it fails.

    [2.1-RC1][root@pfsense.criggie.org.nz]/root(11): ping6 fe80::c664:13ff:fe9e:bf80%em0_vlan10
    PING6(56=40+8+8 bytes) fe80::5cbc:fec9:135b:d4b0%em0_vlan10 –> fe80::c664:13ff:fe9e:bf80%em0_vlan10
    ^C
    --- fe80::c664:13ff:fe9e:bf80%em0_vlan10 ping6 statistics ---
    13 packets transmitted, 0 packets received, 100.0% packet loss

    If I ping the same address via the pppoe1 interface then it works.

    [2.1-RC1][root@pfsense.criggie.org.nz]/root(13): ping6 fe80::c664:13ff:fe9e:bf80%pppoe1
    PING6(56=40+8+8 bytes) fe80::8c0c:702f:b61a:eb3b%pppoe1 –> fe80::c664:13ff:fe9e:bf80%pppoe1
    16 bytes from fe80::c664:13ff:fe9e:bf80%pppoe1, icmp_seq=0 hlim=64 time=18.937 ms
    16 bytes from fe80::c664:13ff:fe9e:bf80%pppoe1, icmp_seq=1 hlim=64 time=19.548 ms
    16 bytes from fe80::c664:13ff:fe9e:bf80%pppoe1, icmp_seq=2 hlim=64 time=19.197 ms
    16 bytes from fe80::c664:13ff:fe9e:bf80%pppoe1, icmp_seq=3 hlim=64 time=19.025 ms
    ^C
    --- fe80::c664:13ff:fe9e:bf80%pppoe1 ping6 statistics ---
    4 packets transmitted, 4 packets received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 18.937/19.177/19.548/0.234 ms

    So why does PPPoE get the wrong interface for its default gateway?
    I can't statically configure the IPv6 interface because then it needs to come up via PPPoE.

    I have good access to my ISP, but its a learning process for all concerned.  They have customers with working IPv6 Ciscos and Juniper routers, so gut instinct says I don't understand V6 enough to get it right.

    Any suggestions?



  • @Criggie:

    Here's the top of    netstat -f inet6 -arn
    Internet6:
    Destination                      Gateway                      Flags      Netif Expire
    default                          fe80::c664:13ff:fe9e:bf80%em0_vlan10 UGS    em0_vlan

    This is a terrible solution, but it works.
    route change -inet6 default fe80::c664:13ff:fe9e:bf80%pppoe1

    I manually set the default gateway via the PPPoE interface and it all works.  This is so wrong - but is the cause my config or what my ISP is sendings?



  • So even though you get pppoe for v4 even your v6 traffic need to flow through your v4 link?
    You get your configuration of v6 from dhcp i can assume?

    That seems a bit….kludgy.

    Can you confirm that you need to have your v6 traffic running across your pppoe established link?
    If yes, a new tunable needs to be added use v4 link for v6 not together with the use v4 link to get v6 address.



  • @ermal:

    So even though you get pppoe for v4 even your v6 traffic need to flow through your v4 link?
    You get your configuration of v6 from dhcp i can assume?

    That seems a bit….kludgy.

    Can you confirm that you need to have your v6 traffic running across your pppoe established link?
    If yes, a new tunable needs to be added use v4 link for v6 not together with the use v4 link to get v6 address.

    Not quite sure, but it seems the v6 traffic has to go over the pppoe interface, rather than the bare interface address.  Since pppoe1 is an interface with both v4 and v6 addresses on it.  But is that pppoe PADI and PADO traffic on em1_vlan10 v4 or v6?  Let's check!

    [2.1-RELEASE][root@pfsense.criggie.org.nz]/root(19): tcpdump -i em0_vlan10 -nn ip6
    tcpdump: WARNING: em0_vlan10: no IPv4 address assigned

    So, after 8 hours no IPv6 traffic visible outside the PPPoE interface.  So PPPoE is negotiated on v4 addressing.

    Some of the other users have IPv6 working correctly with Juniper or Cisco, I'm the only one with pfSense.

    BTW I had to read my own post to remember what the change command was :-\



  • Hello,

    Here in France with the NERIM ISP, i have the same problem. I need to manually change the default ipv6 gateway to the pppoe interface.

    Ipv6 adress on the pppoe interface is staticaly configured.



  • Hi,

    I am having the same issues wrong interface for my default ipv6 route.

    This showed up shortly after the Aug Snapshots came out and hasn't been fixed or corrected yet.

    My ISP in Canada uses Ipv6CP to configure the ipv6 side of the connection at the same time it's doing the ipv4 stuff through PPPOE

    Logs showing this happening…

    Sep 24 14:45:32 ppp: [wan] 894c:be78:d0b8:0407 -> 0090:1a00:0243:0fe0
    Sep 24 14:45:32 ppp: [wan] IPV6CP: LayerUp
    Sep 24 14:45:32 ppp: [wan] IPV6CP: state change Ack-Sent –> Opened
    Sep 24 14:45:32 ppp: [wan] IPV6CP: rec'd Configure Ack #1 (Ack-Sent)
    Sep 24 14:45:32 ppp: [wan] IPV6CP: state change Req-Sent –> Ack-Sent
    Sep 24 14:45:32 ppp: [wan] IPV6CP: SendConfigAck #161
    Sep 24 14:45:32 ppp: [wan] IPV6CP: rec'd Configure Request #161 (Req-Sent)

    that part is fine from what I can tell. It is somehow putting the wrong interface in using the actual devices interface instead of the negotiated new pppoe one. I fix it by changing the default route interface but it's a nuisance if I can't have it automatically like it did before. Everytime the pppoe is reset or rebooted I will have to go in cli and change the info again. So any thoughts on what to do to make this a perm fix or why it's doing this in the first place? had no issues prior to Aug Snapshots though.



  • @darwin2:

    Here in France with the NERIM ISP, i have the same problem. I need to manually change the default ipv6 gateway to the pppoe interface.

    Version 2.1.1 fixed this for me, the outbound IPv6 traffic gets the correct interface now.