Unable to communicate with https://packages.pfsense.org.
Is it able to check for updates at the dashboard?
In my case, yes, it seems to communicate and confirm that I'm on the latest version…
![Captura de pantalla - 110215 - 09:12:51.png](/public/imported_attachments/1/Captura de pantalla - 110215 - 09:12:51.png)
![Captura de pantalla - 110215 - 09:12:51.png_thumb](/public/imported_attachments/1/Captura de pantalla - 110215 - 09:12:51.png_thumb)
Have you ever used a custom package repository?
Try fetching the package list directly from the command line:
[2.2-RELEASE][root@pfSense.localdomain]/root: fetch -o /dev/null https://www.pfsense.org/packages/pkg_config.10.xml /dev/null 100% of 73 kB 313 kBps 00m00s
Also are you using the DNS forwarder or resolver? You don't have localhost as one of your listed dns servers.
Hi, I've noticed that ping6 directly to the ipv6 number couldn't reach even my GW (this is accesible from any ping from the web without any problems).
About the DNS I have it as a forwarder not as a resolver (please see attached img)
I could successfully fetch from the command line (also attached to te image)
![Captura de pantalla - 120215 - 16:55:46.png](/public/imported_attachments/1/Captura de pantalla - 120215 - 16:55:46.png)
![Captura de pantalla - 120215 - 16:55:46.png_thumb](/public/imported_attachments/1/Captura de pantalla - 120215 - 16:55:46.png_thumb)
If you have a broken v6 connection try this:
You might consider entering a IPV6 DNS server at the bottom of the list of DNS servers…
Or disabling IPV6 altogether if you just don't quite understand it?
@stephenw10, that solved the error contacting http://packages.pfsense.org, now I have a working list :-)
@kejianshi, as it fails pinging6 from the pfsense server to the default external GW using the ipv6 address directly, no DNS can be contacted either.
(*) ipv6 was configured-uncofngured here by a long-gone sysadmin who made some strange things here.
I too think that disabling ipv6 completely could have resolved this quickly but I really would like to have this ipv6 working, it would be really helpful if anyone knows a good document to start the config over.
Thank you very much again!
You want IPV6 working? we can do that too…
IPV6 seems easier to me than IPV4 - Maybe I'm strange.
Yeah, you're strange. ;)
Impossible to really give you much advise without knowing a lot more about your network but a good place to start would be here:
Its as easy as IPV4 and no NAT issues. Sure its base 16 but I have 8 fingers on each hand, so no problem. (-;
I love that I can easily give anything I want a public IP and easily firewall it.
For Audio/Video this will be great as soon as people accept it.
My biggest issue is that most things are IPV6 ready but not really being skinned in most GUIs yet.
@stephenw10, thank you again but that seems pretty general, one thing in my network is that we don't have DMZ :-)
@kejianshi, great you find it v6 easier than v4, I'm still grasping it
I want to install squid (or squid3?) + squidgauard (or dansguard?) and I'm reading that these packages have problems with ipv6, is this right?
A little context if you could use it for some advice…
Our public ipv6 addresses are
network 2800:160:17C5:0:0:0:0:0/48 GW 2800:160:17C5:0:0:0:0:1
My pfsense server info
2.2-RELEASE (amd64) built on Thu Jan 22 14:03:54 CST 2015 FreeBSD 10.1-RELEASE-p4 You are on the latest version.
This server has 3 network i/f and 3 vlans
cablenic WAN up 100baseTX <full-duplex> 184.108.40.206 2800:160:17c5::2 cablenic intsi up 1000baseT <full-duplex> 192.168.32.253 cablenic intsm up 1000baseT <full-duplex> 192.168.18.245 cablenic VLANCER up 1000baseT <full-duplex> 172.28.255.254 2800:160:17c5::1:1 (here are 50% of network PCs) cablenic VLANTI up 1000baseT <full-duplex> 192.168.168.1 cablenic VLANSEM up 1000baseT <full-duplex> 192.168.14.254 (here are 50% of network PCs)</full-duplex></full-duplex></full-duplex></full-duplex></full-duplex></full-duplex>
Thank you again!!
The best piece of advise I can give you is to start with a basic configuration and build it up testing at each stage. Don't try and do everything in one go.
@ kejianshi: Hexadecimal limbs, why didn't I think of that. ;)
So what IPv6 are you using on the lan side if that is your public?
owner: Gtd Internet S.A.
responsible: Manuel Suanez Berrios
address: Moneda, 920, Piso 11
address: 6500712 - Santiago - RM
@johnpoz, I had this previous config which might have changed as I was playing around…
VLANCER, 2800:160:17c5::1:1 /52 VLANSEM, 2800:160:17c5::1:2 /52 and so on...
@stephenw10, you are correct, step-by-step, the only thing I want by now is to establish connection from my pfsense server to my default public GW first then to the world using ipv6 address –no DNS at first :-)
Our DNS servers would be
Thanks for your kind replies!
/52 ?? yeah that would not be correct..
Sleeping - Look at this when I wake.
@johnpoz /52 is not correct? I thought it could be subdivided in 16 networks with this… any suggestion?
min size of ipv6 segment is suppose to be /64, you can get a /48 for example from say tunnel broker HE, they route that to you via your tunnel then you can break that up into as many /64 you want.
But those VLANs have the same subnet, no?
I have had great success with a /48 for WAN and handing out /64s on all interfaces, including openvpn interfaces.
I do want to experiment with something like a /52 on the WAN and handing out a limited number of /64s after. (tried before and failed)
Why? Because some data centers for some odd reason are still hesitant to hand me a /48. Maybe all they have is a /48 themselves?
I know thats a crap configuration, but it would solve problems for me also to get that to work.
I will soon have a chance to try that… "soon" according to the data center.
However, as previously stated, if you want IPV6 now, getting a HE IPV6 tunnel works super well.
@stephenw10, yes, those VLANs had the same /52…
@kejianshi, I will better go with /64, so I will post here how it goes...
In any case my "problem" is pinging from pfsense to my default route (even though both ips answer from the Internet)...
pfsense <----> default GW 2800:160:17c5::2/48 <----> 2800:160:17c5::1 /48
I don't know why but I'm still thinking the ipv4 way, I resist to waste so many addresses :-)
Thank you guys for following up…
/64 on the wan is near useless. You really want to be able to give each LAN/OPT interface a /64
@kejianshi I'm sorry I wasn't clear… I want first to get this two addresses to communicate each other (pf <-> gw) using the /48 mask... only then I will change the /52 to /64 configs for my internal networks...
Any suggestion as to how troubleshoot this pf <-> gw issue? It's worth saying that this problem presents only for ipv6. It works fine in ipv4...
I'm folllowing this document, but I have done it twice for the WAN part and I still don't find anything :-
Thank you again
Just to let you know that I finally could establish comm between pf <-> gw . I'm almost sure it was a fw rule, but I touched so many little things… now I'm going to subnet using /64... Thank you all for your kind support.
Its really difficult to help figure out IPV6 without seeing your settings. For me anyway. But I'm glad its working for you.
Just to let you know that my IPv6 is working now, again it seemed to be a faulty firewall rule. Once the connection established between my "pfsense" <-> "default isp gw" everything else went fine.
. public addresses 2800:160:17C5::/48
. internal addresses 2800:160:17C5:1~4::/64
Initially I messed up with dhchpv6, then manual ipv6, finally stateless :-) and it works all right!
Again, thank you all for your great comments and support!