IPv6 over PPPoE, wrong default gateway
-
So I have a 2.1 RC1 firewall that gets an inet connection via pppoe, which is delivered over VDSL.
A characteristic is the PPPoE session is delivered on VLAN ID 10.My V4 connectivity is fine, my V6 connection appears to have a gateway accessed by the wrong interface.
My ISP routes me a static prefix of 2400:6900:ffff:1::/64 and I have :1:1 as my LAN IP on the firewall
There is a v6 webserver at www.criggie.org.nz with address 2400:6900:ffff:1::1:2Here's the top of netstat -f inet6 -arn
Internet6:
Destination Gateway Flags Netif Expire
default fe80::c664:13ff:fe9e:bf80%em0_vlan10 UGS em0_vlan
::1 ::1 UH lo0
2400:6900:ffff:1::/64 link#1 U em0
2400:6900:ffff:1::1:1 link#1 UHS lo0If I ping that fe80 link local gateway IP via em0_vlan10 it fails.
[2.1-RC1][root@pfsense.criggie.org.nz]/root(11): ping6 fe80::c664:13ff:fe9e:bf80%em0_vlan10
PING6(56=40+8+8 bytes) fe80::5cbc:fec9:135b:d4b0%em0_vlan10 –> fe80::c664:13ff:fe9e:bf80%em0_vlan10
^C
--- fe80::c664:13ff:fe9e:bf80%em0_vlan10 ping6 statistics ---
13 packets transmitted, 0 packets received, 100.0% packet lossIf I ping the same address via the pppoe1 interface then it works.
[2.1-RC1][root@pfsense.criggie.org.nz]/root(13): ping6 fe80::c664:13ff:fe9e:bf80%pppoe1
PING6(56=40+8+8 bytes) fe80::8c0c:702f:b61a:eb3b%pppoe1 –> fe80::c664:13ff:fe9e:bf80%pppoe1
16 bytes from fe80::c664:13ff:fe9e:bf80%pppoe1, icmp_seq=0 hlim=64 time=18.937 ms
16 bytes from fe80::c664:13ff:fe9e:bf80%pppoe1, icmp_seq=1 hlim=64 time=19.548 ms
16 bytes from fe80::c664:13ff:fe9e:bf80%pppoe1, icmp_seq=2 hlim=64 time=19.197 ms
16 bytes from fe80::c664:13ff:fe9e:bf80%pppoe1, icmp_seq=3 hlim=64 time=19.025 ms
^C
--- fe80::c664:13ff:fe9e:bf80%pppoe1 ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 18.937/19.177/19.548/0.234 msSo why does PPPoE get the wrong interface for its default gateway?
I can't statically configure the IPv6 interface because then it needs to come up via PPPoE.I have good access to my ISP, but its a learning process for all concerned. They have customers with working IPv6 Ciscos and Juniper routers, so gut instinct says I don't understand V6 enough to get it right.
Any suggestions?
-
Here's the top of netstat -f inet6 -arn
Internet6:
Destination Gateway Flags Netif Expire
default fe80::c664:13ff:fe9e:bf80%em0_vlan10 UGS em0_vlanThis is a terrible solution, but it works.
route change -inet6 default fe80::c664:13ff:fe9e:bf80%pppoe1I manually set the default gateway via the PPPoE interface and it all works. This is so wrong - but is the cause my config or what my ISP is sendings?
-
So even though you get pppoe for v4 even your v6 traffic need to flow through your v4 link?
You get your configuration of v6 from dhcp i can assume?That seems a bit….kludgy.
Can you confirm that you need to have your v6 traffic running across your pppoe established link?
If yes, a new tunable needs to be added use v4 link for v6 not together with the use v4 link to get v6 address. -
@ermal:
So even though you get pppoe for v4 even your v6 traffic need to flow through your v4 link?
You get your configuration of v6 from dhcp i can assume?That seems a bit….kludgy.
Can you confirm that you need to have your v6 traffic running across your pppoe established link?
If yes, a new tunable needs to be added use v4 link for v6 not together with the use v4 link to get v6 address.Not quite sure, but it seems the v6 traffic has to go over the pppoe interface, rather than the bare interface address. Since pppoe1 is an interface with both v4 and v6 addresses on it. But is that pppoe PADI and PADO traffic on em1_vlan10 v4 or v6? Let's check!
[2.1-RELEASE][root@pfsense.criggie.org.nz]/root(19): tcpdump -i em0_vlan10 -nn ip6
tcpdump: WARNING: em0_vlan10: no IPv4 address assignedSo, after 8 hours no IPv6 traffic visible outside the PPPoE interface. So PPPoE is negotiated on v4 addressing.
Some of the other users have IPv6 working correctly with Juniper or Cisco, I'm the only one with pfSense.
BTW I had to read my own post to remember what the change command was :-\
-
Hello,
Here in France with the NERIM ISP, i have the same problem. I need to manually change the default ipv6 gateway to the pppoe interface.
Ipv6 adress on the pppoe interface is staticaly configured.
-
Hi,
I am having the same issues wrong interface for my default ipv6 route.
This showed up shortly after the Aug Snapshots came out and hasn't been fixed or corrected yet.
My ISP in Canada uses Ipv6CP to configure the ipv6 side of the connection at the same time it's doing the ipv4 stuff through PPPOE
Logs showing this happening…
Sep 24 14:45:32 ppp: [wan] 894c:be78:d0b8:0407 -> 0090:1a00:0243:0fe0
Sep 24 14:45:32 ppp: [wan] IPV6CP: LayerUp
Sep 24 14:45:32 ppp: [wan] IPV6CP: state change Ack-Sent –> Opened
Sep 24 14:45:32 ppp: [wan] IPV6CP: rec'd Configure Ack #1 (Ack-Sent)
Sep 24 14:45:32 ppp: [wan] IPV6CP: state change Req-Sent –> Ack-Sent
Sep 24 14:45:32 ppp: [wan] IPV6CP: SendConfigAck #161
Sep 24 14:45:32 ppp: [wan] IPV6CP: rec'd Configure Request #161 (Req-Sent)that part is fine from what I can tell. It is somehow putting the wrong interface in using the actual devices interface instead of the negotiated new pppoe one. I fix it by changing the default route interface but it's a nuisance if I can't have it automatically like it did before. Everytime the pppoe is reset or rebooted I will have to go in cli and change the info again. So any thoughts on what to do to make this a perm fix or why it's doing this in the first place? had no issues prior to Aug Snapshots though.
-
Here in France with the NERIM ISP, i have the same problem. I need to manually change the default ipv6 gateway to the pppoe interface.
Version 2.1.1 fixed this for me, the outbound IPv6 traffic gets the correct interface now.
-
This defect has resurfaced again in pfSense 2.4.4
Which link-local address is that route change command being performed on?
i.e. is that the ISPs link-local or the link-local of the pfSense WAN port?
-
Likely something completely different. Start another thread.
Locking this one.
