Odd ipv6 ping results.

tandyuk

Ok, So i have some sites I host which are dual stack.

First of all, Pings from my pfsense to one of the sites:

IPV4:

Ping output:

PING tandyuk.com (109.169.6.99): 56 data bytes
64 bytes from 109.169.6.99: icmp_seq=0 ttl=52 time=8.646 ms
64 bytes from 109.169.6.99: icmp_seq=1 ttl=52 time=8.736 ms
64 bytes from 109.169.6.99: icmp_seq=2 ttl=52 time=9.161 ms

--- tandyuk.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 8.646/8.848/9.161/0.225 ms

IPV6:

Ping output:

PING6(56=40+8+8 bytes) 2001:4d48:ad00:532f:21c:25ff:fe4d:f77d --> 2001:1b40:5000:22:1::85
16 bytes from 2001:1b40:5000:22:1::85, icmp_seq=0 hlim=55 time=9.124 ms
16 bytes from 2001:1b40:5000:22:1::85, icmp_seq=1 hlim=55 time=8.418 ms
16 bytes from 2001:1b40:5000:22:1::85, icmp_seq=2 hlim=55 time=9.405 ms

--- tandyuk.com ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 8.418/8.982/9.405/0.415 ms

So roughly the same times for ipv4 and v6 pinging from the pfsense.

Now the same test from a windows 8.1 machine behind the pfsense:

IPv4:

C:\WINDOWS\system32>ping -4 tandyuk.com

Pinging tandyuk.com [109.169.6.99] with 32 bytes of data:
Reply from 109.169.6.99: bytes=32 time=13ms TTL=51
Reply from 109.169.6.99: bytes=32 time=12ms TTL=51
Reply from 109.169.6.99: bytes=32 time=13ms TTL=51
Reply from 109.169.6.99: bytes=32 time=18ms TTL=51

Ping statistics for 109.169.6.99:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 12ms, Maximum = 18ms, Average = 14ms

IPv6:

C:\WINDOWS\system32>ping -6 tandyuk.com

Pinging tandyuk.com [2001:1b40:5000:22:1::85] with 32 bytes of data:
Reply from 2001:1b40:5000:22:1::85: time=1ms
Reply from 2001:1b40:5000:22:1::85: time=1ms
Reply from 2001:1b40:5000:22:1::85: time=1ms
Reply from 2001:1b40:5000:22:1::85: time=2ms

Ping statistics for 2001:1b40:5000:22:1::85:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 2ms, Average = 1ms

Now suddenly ipv6 claims to has 1ms ping to my remote system.

A traceroute is even stranger….

IPv4:

C:\WINDOWS\system32>tracert -4 tandyuk.com

Tracing route to tandyuk.com [109.169.6.99]
over a maximum of 30 hops:

  1     2 ms     1 ms     1 ms  pfsense.office.tandyukservers.co.uk [192.168.65.1]
  2     9 ms     9 ms    10 ms  lns16.the.dsl.enta.net [188.39.0.22]
  3    13 ms    13 ms    12 ms  gi1-6.the.dist.dsl.enta.net [188.39.0.21]
  4    12 ms    12 ms    11 ms  te2-2.telehouse-east3.dsl.enta.net [78.33.141.81]
  5    15 ms    13 ms    15 ms  te5-6.telehouse-east2.core.enta.net [62.249.192.125]
  6    11 ms     9 ms     9 ms  te4-4.telehouse-east.core.enta.net [188.39.127.75]
  7    10 ms    10 ms     9 ms  te8-4.core1.thn.as20860.net [195.66.224.207]
  8    12 ms    14 ms    13 ms  593.net1.north.dc5.as20860.net [62.233.127.174]
  9    12 ms    12 ms    20 ms  87.117.211.50
 10    21 ms    13 ms    10 ms  tandyuk.com [109.169.6.99]
Trace complete.

All normal so far, but now for IPv6:

C:\WINDOWS\system32>tracert -6 tandyuk.com

Tracing route to tandyuk.com [2001:1b40:5000:22:1::85]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  2001:4d48:ad53:2f00:1::

Trace complete.

So ipv6, gets 1 response from the pfsense, and thinks it reached its destination.

This issue causes major issues if the ipv6 gateway is down (or the pfsense thinks it is), as ALL ipv6 pings come back ok, even though the packet cant get past the pfsense.
The result is browsers etc just sitting there trying to connect via v6, but not getting the proper host/network unreachable response from the pfsense.

Any clues why this is happening and how I can get ipv6 ping/traceroutes to work properly.