Unable to pass IPv6 Tests
-
You need to have a few things.
1st I recommend having DNS running that works with IPV6 also. What are you using for DNS?
Second, and this could be very important, what browser are you using?
-
I've run the tests in Chrome and IE.
As for DNS, please see attached.
-
Switch your IPV6 DNS to "none" and see what happens.
Chrome for sure should work out of the box with IPV6.also try these as your IPV6 DNS - just to test.
2001:4860:4860::8888
2001:4860:4860::8844I don't use those, but I know they work.
-
Should I also remove the DNS entry or just change the gateway to none?
The thing is, IPv6 lookups work in the current setup (eg. I can ping ipv6.google.com and receive a reply).
-
Try just setting gateway to none and try using the two IPV6 DNS I provided.
-
why do you have your rules in floating and not on the actual interface - out of curiosity?
-
The pfSense UI will not allow me to enter those DNS servers without configuring gateway interfaces.
As for the floating rules, there's a few other VLANs which they apply to, I'm just not concerned with IPv6 on those VLANs.
-
Thats strange to me…
I have 5 interfaces and, up till recently "none" was selected for all my dns server interfaces. IPV4 and IPV6.
Anyway - obviously whatever box you are on is getting IPV6 obviously. I assume you are not testing connectivity from pfsense, but rather are using the same machine you are attempting to browse the internet from?
-
Correction, I was able to implement these without specifying the gateway interface and I got the same result.
2001:4860:4860::8888
2001:4860:4860::8844I also disabled the firewall on my workstation for good measure. Still fails the IPv6 tests.
-
But your WORKSTATION is able to ping, for example, those two IPV6 addresses I gave you?
-
Yes, that is correct.
Pinging 2001:4860:4860::8888 with 32 bytes of data:
Reply from 2001:4860:4860::8888: time=29ms
Reply from 2001:4860:4860::8888: time=29ms
Reply from 2001:4860:4860::8888: time=30msPinging 2001:4860:4860::8844 with 32 bytes of data:
Reply from 2001:4860:4860::8844: time=29ms
Reply from 2001:4860:4860::8844: time=29ms
Reply from 2001:4860:4860::8844: time=29ms -
I've resolved this issue. The firewall rule IPv4+6 was not applying correctly. Listing an explicit IPv6 Any -> Any rule fixed the problem. I'll work to explore these rules in more detail.
-
Strange - Just to look into chrome, past this in your chrome browser:
chrome://net-internals/#dns
Then click "clear host cache"
Probably will make zero difference, but why not…
If that doesn't work, take a look to see if there is some strange rule in your firewall (or lack of a pass rule) that is letting ICMP pass but not allowing HTTP/HTTPS.
-
Ahh - so not passing IPV6 correctly (-;
Works now?
-
And again why do you have them in floating in the first place? Are they set to quick, rules in floating are for SPECIAL rules..
For example
" I'm just not concerned with IPv6 on those VLANs."But you had a rule that should allow ipv6 out, which would be applied to ALL interfaces.. I don't recommend putting anything in floating unless it really needs to go there.
