Unable to figure out IPv6 on 2.1-RELEASE

doktornotor

@Onyx: The proxy note has not been for you.

Onyx

Aw. Well, any idea why my router isn't sharing any of that IPv6 love with the LAN subnet?

razzfazz

Nothing relevant in the logs (system, firewall)?

Onyx

Didn't think of the logs:

System General:

dhcp6c[6409]: client6_recvadvert: XID mismatch

A whole bunch of them

Firewall:
Nothing that stands out as relevant

Inq

Onyx, I'm on the same ISP. With the following settings i get a score of 10/10 on http://test-ipv6.com/:

Make sure you define a firewall rule to allow IPV6 icmp echo request on the WAN side; I also duplicated the "Default allow LAN to any rule" for all IPv6 traffic (i hope this is not a security risk). For a strange reason nothing works if i check "Block bogon networks" on WAN interface. Reboot and check that radvd is running.

On a side note, i get a lot of internal server errors every time i apply changes to any interface (ALIX2D3, no package installed).

Onyx

Thank you Inq! Disabling (Block bogon networks) followed by a reboot and turning on the router advertisement daemon did the job wonderfully, but there are still a couple of strange things, firstly I was wondering if there is any firewall rule I can add to get IPv6 working without disabling (Block bogon networks). Second question is why does the IPv6 address appear under LAN instead of WAN?

(Perfectly drawn arrow in paint to display what I mean by IP showing in the wrong position)

A third question would be where I can set the default DNS servers for IPv6 like I can on the IPv4 version (DHCP Server @ DNS servers)?

doktornotor

It shows in perfectly correct place for PD. You obviously use the delegated prefix on LAN, not WAN.

Note: I've filed https://redmine.pfsense.org/issues/3214 for the bogons{,v6} borkage. Too many threads here mentioned it kills all sorts of DHCP at least.

Inq

1. It seems to be a problem with the bogon rules and DHCP prefix delegation.
2. Regarding the IPv6 address on the WAN check "Status: Interfaces" you'll see a "IPv6 Link Local" address there and every station gets its public IPv6 by prefix delegation. I "THINK" that is the way DHCPv6 with prefix delegation is supposed to work ( someone correct me if i'm wrong).
3. You set the default DNS servers in "System: General Setup"… you don't have to fiddle with the DHCP server on the IPv6 side. The ISP is allocating the IPv6 addresses.

Onyx

Alright, makes sense. Got it all working now after adding 2001:4860:4860::8888 and 2001:4860:4860::8844 to the General Setup. I was expecting to have IPv6 DNS Server set to fe80::1:1%12 just like IPv6 Default Gateway is, but I'm glad its working now! Thanks alot both of you.

bkraptor

I'm having the same issue where the WAN IPv6 address does not show up anywhere in the GUI or the SSH menu and also the "WAN address" alias can not be used for firewall rules.

At the same time, doing an ifconfig on the WAN interface shows there is a public IPv6 address bound to it.

This has been the same for the last month of the 2.1-RC builds and is also the same in 2.1-RELEASE. Supposedly the fix will arrive in 2.1.1-RELEASE.