Localhot cannot connect trough ipv6



  • Hello !

    On a fresh install, I have 2 NIC on my router, 1 WAN and 1 LAN and native ipv6 by my ISP.
    I use dhcp6 server on my LAN.
    All my computer have ipv6 networking (great !) but not the router himself (weird).

    When I try to install package I get  " Unable to retrieve package info from https://packages.pfsense.org"
    Ping6 with the default source address I got

    
    PING6(56=40+8+8 bytes) 2001:41d0:fde0::2109 --> 2a00:1450:4007:80b::200e
    
    --- google.com ping6 statistics ---
    3 packets transmitted, 0 packets received, 100.0% packet loss
    
    

    and with the localhost source adress

    
    PING6(56=40+8+8 bytes) ::1 --> 2a00:1450:4007:80b::200e
    ping6: wrote google.com 16 chars, ret=-1
    ping6: wrote google.com 16 chars, ret=-1
    ping6: wrote google.com 16 chars, ret=-1
    
    --- google.com ping6 statistics ---
    3 packets transmitted, 0 packets received, 100.0% packet loss
    
    

    2001:41d0:fde0::2109 is th ipv6 adress of my WAN NIC

    When I try ping6 with my LAN nic, it works.

    I don't know if it's because my router cannot resolve names because when I try ping the ipv6 address directly, I have the sames results.
    That's funny because it can connect with IPv4's. Everythings works well.

    When I diable IPv6 in the System: Advanced: Networking tab, everything back to normal.

    I'm quite confused but I hope you will give some lights !

    Thank you in advance !

    PS : as advise I add some screenshots
    For the screen of the firewall log, I pinged google.com in ipv4 and ipv6 just before taking it.



    ![rules wan.png](/public/imported_attachments/1/rules wan.png)
    ![rules wan.png_thumb](/public/imported_attachments/1/rules wan.png_thumb)
    ![rules lan.png](/public/imported_attachments/1/rules lan.png)
    ![rules lan.png_thumb](/public/imported_attachments/1/rules lan.png_thumb)


    ![route ipv4.png_thumb](/public/imported_attachments/1/route ipv4.png_thumb)
    ![route ipv4.png](/public/imported_attachments/1/route ipv4.png)
    ![route ipv6.png](/public/imported_attachments/1/route ipv6.png)
    ![route ipv6.png_thumb](/public/imported_attachments/1/route ipv6.png_thumb)



  • Maybe you could provide screenshots of all your firewall rules (all tabs), NAT rules and the entries in your system log (firewall) for the particular time you experience the problems.

    This will help others to identify your problems and find a solution.



  • Thank you for your advice ! I'm quite a noob  :P

    I just add them in the first post.



  • Some info is missing to troubelshoot.

    Please provide output of Diagnostics->Routes



  • Done  !

    thank you helping me !

    Note : I have my problem on the live usb and on the fresh install.

    Maybe it's due to my config ?

    2.2.6-RELEASE (amd64)
    built on Mon Dec 21 14:50:08 CST 2015
    FreeBSD 10.1-RELEASE-p25

    Platform pfSense
    CPU Type AMD Sempron™ Processor 3600+



  • According to the routing table:

    Your WAN interface is re0, has several IPs, one of them is 2001:41d0::7c5/128  (3rd line), and the other 2001:41d0:fde0::2109 (6th line).
    Problem #1: The 2001:41d0::7c5/128 address is not routed on the Internet, your ISP isn't publishing 2001:41d0::/64 or whatever size subnet it is in.
    If your box uses this IP to communicate outward, it will not work.

    Problem #2:
    Traceroute to your external IP 2001:41d0:fde0::2109 never gets there, and ends a hop #13. Maybe it is blocked by your firewall, that's ok.
    8. 2607:5300::16   
    9. 2607:5300::c1   
    10. 2001:41d0::13a 
    11. 2001:41d0::1bf 
    12. 2001:41d0::5c2 
    13. 2001:41d0::892
    14. ???

    Traceroute to your internal IP 2001:41d0:fc7c:7c00::1 also never gets there, but goes by a different route starting at hop #9.  So there is clearly a routing problem somewhere.
    8. 2607:5300::16   
    9. 2607:5300::9e   
    10. 2001:41d0::bf1 
    11. 2001:41d0::138 
    12. 2001:41d0::1bd 
    13. 2001:41d0::d21 
    14. ???

    Something doesn't make sense.
    Please post screenshots of LAN and WAN config pages for IPv6.



  • @awebster:

    According to the routing table:

    Your WAN interface is re0, has several IPs, one of them is 2001:41d0::7c5/128  (3rd line), and the other 2001:41d0:fde0::2109 (6th line).
    Problem #1: The 2001:41d0::7c5/128 address is not routed on the Internet, your ISP isn't publishing 2001:41d0::/64 or whatever size subnet it is in.
    If your box uses this IP to communicate outward, it will not work.

    I have never seen 2001:41d0::7c5/128 in my config nor ifconfig…
    2001:41d0:fde0::2109 is my ipv6 address of my WAN.

    @awebster:

    Problem #2:
    Traceroute to your external IP 2001:41d0:fde0::2109 never gets there, and ends a hop #13. Maybe it is blocked by your firewall, that's ok.
    8. 2607:5300::16   
    9. 2607:5300::c1   
    10. 2001:41d0::13a 
    11. 2001:41d0::1bf 
    12. 2001:41d0::5c2 
    13. 2001:41d0::892
    14. ???

    I'm agree with you.

    @awebster:

    Traceroute to your internal IP 2001:41d0:fc7c:7c00::1 also never gets there, but goes by a different route starting at hop #9.  So there is clearly a routing problem somewhere.
    8. 2607:5300::16   
    9. 2607:5300::9e   
    10. 2001:41d0::bf1 
    11. 2001:41d0::138 
    12. 2001:41d0::1bd 
    13. 2001:41d0::d21 
    14. ???

    2001:41d0:fc7c:7c00::1 is my LAN interface.
    This is strange indeed. But i can remember doing it before. I can ping all of my other machine provided with an ipv6.

    ![LAN config.png](/public/imported_attachments/1/LAN config.png)
    ![LAN config.png_thumb](/public/imported_attachments/1/LAN config.png_thumb)
    ![WAN config.png](/public/imported_attachments/1/WAN config.png)
    ![WAN config.png_thumb](/public/imported_attachments/1/WAN config.png_thumb)
    ![interfaces status.png](/public/imported_attachments/1/interfaces status.png)
    ![interfaces status.png_thumb](/public/imported_attachments/1/interfaces status.png_thumb)


  • Rebel Alliance Developer Netgate

    Your ISP appears to be pushing you a broken configuration where the assigned WAN subnet isn't routable. Time to call the ISP and hope you reach someone with IPv6 experience…



  • @jimp:

    Time to call the ISP and hope you reach someone with IPv6 experience…

    argll They are good but not that good…
    in fact not good but nice.

    Thanks a lot for yours lights, I'm quite relief, it's not my fault. :D

    I keep you inform.

    Librement,
    ryoanji