Unable to figure out IPv6 on 2.1-RELEASE
-
I tried a while back to get IPv6 working but the support wasn't mature enough, after updating today to 2.1 and seeing all the IPv6 settings I decided to try again. My internet provider is RCS & RDS and they are aparently really proud for having the best IPv6 adoption rate.
Anyhow I seem to be able to ping ipv6.google.com (from pfsense):
But I'm getting no network access nor does the IPv6 test sites work, and I'm not getting a IPv6 address, only a IPv6 Link Local (which I'm not entirely sure what it means).
The pinging only works if I set (DHCPv6 Prefix Delegation size) to 64 and check (Request a IPv6 prefix/information through the IPv4 connectivity link). I also added a (IPv6 ICMP echoreq) WAN rule and (IPv6 * LAN net) LAN rule. The full WAN and LAN settings are:
http://i.imgur.com/MI2wkqU.png WAN
http://i.imgur.com/rk7uScQ.png LANI'm fairly new to the IPv6 thing, so I'm sorry if I'm making any misconceptions regarding the settings but I couldn't find any comprehensive examples. Also, I do have (Allow IPv6) checked in Advanced - Networking.
-
Set "IPv6 configuration type" for the LAN interface to "track interface" (specifically, it needs to track your WAN interface).
-
Is there any step after that? Because it doesn't seem to have changed anything at all except that on the Status: Interfaces page it says (IPv6 Link Local fe80::1:1%rl0) now instead of (IPv6 Link Local fe80::1%rl0). Restarted the windows network connection and did a ping to fe80::1:1 and even though it did work it still says I have no internet access over IPv6. Could it have anything to do with the fact that I do not have any default gateway or dns server set? If so, how can I get those set?
-
Looks like the same problem I have. I can ping to www.m0n0.ch from my windows PC and it resolves to an IPv6 address. But when I browse to http://www.m0n0.ch it shows the IPv4 website (I have a plugin that shows the IP address of the website). When I browse to an IPv6 only website http://ipv6.test-ipv6.com/ I got an error that I cannot access the network. When I browse to secure websites for example https://www.google.com or https://www.xs4all.nl it works great over IPv6. Only http websites seem to have the problem. Can you test this on your machines ans see if you have the same as me?
-
As already posted elsewhere - you seem to be behind broken HTTP proxy.
-
Can you test this on your machines ans see if you have the same as me?
I don't seem to be able to ping anything and have it resolve to ipv6, tried ping -6 ipv6.google.com, ping -6 m0n0.ch, ping -6 xs4all.nl, and they're all failing from windows machine, however they are working fine from pfsense.
PING6(56=40+8+8 bytes) 2a02:2f0c:501f:ffff::bc1a:3871 --> 2a02:200:3:1::101 16 bytes from 2a02:200:3:1::101, icmp_seq=0 hlim=53 time=48.388 ms 16 bytes from 2a02:200:3:1::101, icmp_seq=1 hlim=53 time=48.390 ms 16 bytes from 2a02:200:3:1::101, icmp_seq=2 hlim=53 time=48.713 ms --- m0n0.ch ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 48.388/48.497/48.713/0.153 msC:\Windows\system32>ping -6 m0n0.ch Ping request could not find host m0n0.ch. Please check the name and try again.As already posted elsewhere - you seem to be behind broken HTTP proxy.
Could you elaborate on that please? The problem I seem to be having is that only the pfsense router can ping IPv6, but no machines on the lan are able to.
Also, as stated before, pinging the router seems to work?.
C:\Windows\system32>ping -6 fe80::1:1 Pinging fe80::1:1 with 32 bytes of data: Reply from fe80::1:1: time=1ms Reply from fe80::1:1: time<1ms Reply from fe80::1:1: time<1ms Reply from fe80::1:1: time<1ms Ping statistics for fe80::1:1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms -
@Onyx: The proxy note has not been for you.
-
Aw. Well, any idea why my router isn't sharing any of that IPv6 love with the LAN subnet?
-
Nothing relevant in the logs (system, firewall)?
-
Didn't think of the logs:
System General:
dhcp6c[6409]: client6_recvadvert: XID mismatchA whole bunch of them
Firewall:
Nothing that stands out as relevant -
Onyx, I'm on the same ISP. With the following settings i get a score of 10/10 on http://test-ipv6.com/:
Make sure you define a firewall rule to allow IPV6 icmp echo request on the WAN side; I also duplicated the "Default allow LAN to any rule" for all IPv6 traffic (i hope this is not a security risk). For a strange reason nothing works if i check "Block bogon networks" on WAN interface. Reboot and check that radvd is running.
On a side note, i get a lot of internal server errors every time i apply changes to any interface (ALIX2D3, no package installed).
-
Thank you Inq! Disabling (Block bogon networks) followed by a reboot and turning on the router advertisement daemon did the job wonderfully, but there are still a couple of strange things, firstly I was wondering if there is any firewall rule I can add to get IPv6 working without disabling (Block bogon networks). Second question is why does the IPv6 address appear under LAN instead of WAN?
(Perfectly drawn arrow in paint to display what I mean by IP showing in the wrong position)A third question would be where I can set the default DNS servers for IPv6 like I can on the IPv4 version (DHCP Server @ DNS servers)?
-
It shows in perfectly correct place for PD. You obviously use the delegated prefix on LAN, not WAN.
Note: I've filed https://redmine.pfsense.org/issues/3214 for the bogons{,v6} borkage. Too many threads here mentioned it kills all sorts of DHCP at least.
-
1. It seems to be a problem with the bogon rules and DHCP prefix delegation.
2. Regarding the IPv6 address on the WAN check "Status: Interfaces" you'll see a "IPv6 Link Local" address there and every station gets its public IPv6 by prefix delegation. I "THINK" that is the way DHCPv6 with prefix delegation is supposed to work ( someone correct me if i'm wrong).
3. You set the default DNS servers in "System: General Setup"… you don't have to fiddle with the DHCP server on the IPv6 side. The ISP is allocating the IPv6 addresses. -
Alright, makes sense. Got it all working now after adding 2001:4860:4860::8888 and 2001:4860:4860::8844 to the General Setup. I was expecting to have IPv6 DNS Server set to fe80::1:1%12 just like IPv6 Default Gateway is, but I'm glad its working now! Thanks alot both of you.
-
I'm having the same issue where the WAN IPv6 address does not show up anywhere in the GUI or the SSH menu and also the "WAN address" alias can not be used for firewall rules.
At the same time, doing an ifconfig on the WAN interface shows there is a public IPv6 address bound to it.
This has been the same for the last month of the 2.1-RC builds and is also the same in 2.1-RELEASE. Supposedly the fix will arrive in 2.1.1-RELEASE.