Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN Interface ping problem

    IPv6
    6
    21
    4.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      a1ien
      last edited by

      I have a problem ping pfsense from client by IPv6 address
      LAN interface (lan, em1)
      Status up
      MAC address 90:e2:ba:54:ff:eb - Intel Corporate
      IPv4 address 192.168.0.1
      Subnet mask IPv4 255.255.255.0
      IPv6 Link Local fe80::1:1 
      IPv6 address HIDE:HIDE:8e83:3::1:1 
      Subnet mask IPv6 64
      MTU 1500

      On client

      eth0      Link encap:Ethernet  HWaddr 60:a4:4c:60:66:d9 
                inet addr:192.168.0.100  Bcast:10.0.255.255  Mask:255.255.0.0
                inet6 addr: HIDE:HIDE:8e83:3:62a4:4cff:fe60:66d9/64 Scope:Global
                inet6 addr: fe80::62a4:4cff:fe60:66d9/64 Scope:Link
                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

      If I ping6 fe80::1:1%eth0 everything ok.
      But ping6 HIDE:HIDE:8e83:3::1:1

      ping6 HIDE:HIDE:8e83:3::1:1
      PING HIDE:HIDE:8e83:3::1:1(HIDE:HIDE:8e83:3::1:1) 56 data bytes
      From HIDE:HIDE:8e83:3:62a4:4cff:fe60:66d9 icmp_seq=1 Destination unreachable: Address unreachable

      Fails. Why.
      HIDE:HIDE::8e83:3::/64 dev eth0  proto kernel  metric 256  expires 86397sec pref medium
      fe80::/64 dev eth1  proto kernel  metric 256  pref medium
      fe80::/64 dev eth0  proto kernel  metric 256  pref medium
      default via fe80::1:1 dev eth0  proto ra  metric 1024  expires 57sec hoplimit 64 pref medium

      1 Reply Last reply Reply Quote 0
      • awebsterA
        awebster
        last edited by

        Your client device appears to be Linux of some sort.
        1. Check ipv6 neighbor table to be sure address resolution is working properly (ip -6 nei)
        2. Check that ip6tables configuration isn't blocking ipv6 that isn't on link-local (fe80::/64) addresses

        –A.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          what are you lan rules on pfsense?

          Yeah I would check to see if your get mac via NDP..

          pfsense
          em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
                  options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:00:00:02
                  inet6 fe80::250:56ff:fe00:2%em1 prefixlen 64 scopeid 0x2
                  inet 192.168.9.253 netmask 0xffffff00 broadcast 192.168.9.255
                inet6 2001:470:xxxx:xxxx::1 prefixlen 64
                  nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
                  status: active

          linux client
          user@clean:~$ ifconfig
          eth0      Link encap:Ethernet  HWaddr 00:0c:29:f0:74:06
                    inet addr:192.168.9.7  Bcast:192.168.9.255  Mask:255.255.255.0
                    inet6 addr: 2001:470:xxxx:xxxx::7/64 Scope:Global
                    inet6 addr: fe80::20c:29ff:fef0:7406/64 Scope:Link
                    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                    RX packets:375795 errors:0 dropped:0 overruns:0 frame:0
                    TX packets:97489 errors:0 dropped:0 overruns:0 carrier:0
                    collisions:0 txqueuelen:1000
                    RX bytes:158553951 (158.5 MB)  TX bytes:7798582 (7.7 MB)

          user@clean:~$ ping6 2001:470:xxxx:xxxx::1
          PING 2001:470:1f11:9c4::1(2001:470:xxxx:xxxx::1) 56 data bytes
          64 bytes from 2001:470:xxxx:xxxx::1: icmp_seq=2 ttl=64 time=0.741 ms

          user@clean:~$ ip -6 nei
          2001:470:xxxx:xxxx::40 dev eth0 lladdr 00:1f:29:54:17:14 STALE
          fe80::21f:29ff:fe54:1714 dev eth0 lladdr 00:1f:29:54:17:14 STALE
          2001:470:xxxx:xxxx::1 dev eth0 lladdr 00:50:56:00:00:02 router REACHABLE
          fe80::250:56ff:fe00:2 dev eth0 lladdr 00:50:56:00:00:02 router STALE

          is internet via ipv6 working from the client? Can you ping say google via ipv6?

          user@clean:~$ ping6 ipv6.google.com
          PING ipv6.google.com(yk-in-x8a.1e100.net) 56 data bytes
          64 bytes from yk-in-x8a.1e100.net: icmp_seq=1 ttl=56 time=32.6 ms
          64 bytes from yk-in-x8a.1e100.net: icmp_seq=2 ttl=56 time=34.3 ms
          64 bytes from yk-in-x8a.1e100.net: icmp_seq=3 ttl=56 time=31.4 ms

          user@clean:~$ ping6 -n ipv6.google.com
          PING ipv6.google.com(2607:f8b0:4002:c07::8a) 56 data bytes
          64 bytes from 2607:f8b0:4002:c07::8a: icmp_seq=1 ttl=56 time=34.1 ms
          64 bytes from 2607:f8b0:4002:c07::8a: icmp_seq=2 ttl=56 time=31.5 ms
          64 bytes from 2607:f8b0:4002:c07::8a: icmp_seq=3 ttl=56 time=31.6 ms</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast>

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • H
            hda
            last edited by

            @a1ien:

            eth0  Link encap:Ethernet  HWaddr 60:a4:4c:60:66:d9 
                      inet addr:192.168.0.100  Bcast:10.0.255.255  Mask:255.255.0.0
                      inet6 addr: HIDE:HIDE:8e83:3:62a4:4cff:fe60:66d9/64 Scope:Global
                      inet6 addr: fe80::62a4:4cff:fe60:66d9/64 Scope:Link
                      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

            Linux: inet6 addr: HIDE:HIDE:8e83:3:62a4:4cff:fe60:66d9  /128  Scope:Global

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              where ae you seeing /128 ?

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              1 Reply Last reply Reply Quote 0
              • H
                hda
                last edited by

                Why is a clienthost  a /64 ?

                1 Reply Last reply Reply Quote 0
                • awebsterA
                  awebster
                  last edited by

                  That's the way Linux works; all ipv6 addresses are /64.

                  eth0      Link encap:Ethernet  HWaddr 00:0C:29:D7:C8:3A 
                            inet addr:A.B.204.61  Bcast:A.B.207.255  Mask:255.255.248.0
                            inet6 addr: WWWW:XXXX:YYYY:ZZZZ::4:61**/64** Scope:Global
                            inet6 addr: WWWW:XXXX:YYYY:ZZZZ:20c:29ff:fed7:c83a**/64** Scope:Global
                            inet6 addr: fe80::20c:29ff:fed7:c83a**/64** Scope:Link
                            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                            RX packets:44200471 errors:0 dropped:0 overruns:0 frame:0
                            TX packets:43513869 errors:0 dropped:0 overruns:0 carrier:0
                            collisions:0 txqueuelen:1000
                            RX bytes:16773320157 (15.6 GiB)  TX bytes:31831765833 (29.6 GiB)

                  –A.

                  1 Reply Last reply Reply Quote 0
                  • H
                    hda
                    last edited by

                    My pfSense supplies as a dhcp6-server. This is the Raspberry(Linux) clienthost pick-up:

                    eth0      Link encap:Ethernet  HWaddr b8:27:eb:b8:b3:df
                              inet addr:192.168.2.201  Bcast:192.168.2.255  Mask:255.255.255.0
                              inet6 addr: 2001:9yx:abcd:2::28/128 Scope:Global
                              inet6 addr: fe80::ba27:ebff:feb8:b3df/64 Scope:Link
                              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                              RX packets:244171 errors:0 dropped:0 overruns:0 frame:0
                              TX packets:52845 errors:0 dropped:0 overruns:0 carrier:0
                              collisions:0 txqueuelen:1000
                              RX bytes:82687246 (78.8 MiB)  TX bytes:12890567 (12.2 MiB)

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      you shouldn't be getting a /128 on your pi…  The smallest prefix with ipv6 is /64..  And its not just linux that works that way its every OS there is that can work with IPv6..

                      anything other /64 is going to break all kinds of shit from working correctly..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                      1 Reply Last reply Reply Quote 0
                      • awebsterA
                        awebster
                        last edited by

                        Maybe just an artifact from PI Linux?
                        Just spun up a fresh CentOS 6.7 VM with ipv6 dhcp client, addresses come up as /64 as expected.

                        –A.

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          my pi is /64

                          Also dhcpv6 doesn't hand out a prefix length, that comes from the RA.. So maybe you have a problem there?  What does your configuration on the pi look like for interfaces?

                          piipv6.png
                          piipv6.png_thumb

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                          1 Reply Last reply Reply Quote 0
                          • awebsterA
                            awebster
                            last edited by

                            @johnpoz
                            Out of curiosity, what do you use your PI for?  An actual purpose or just a novelty?

                            –A.

                            1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator
                              last edited by

                              I have done quite a few things with it, currently it monitors one of my UPSes, I did at one time have it logging all the power in my house via a currentcost device plugged into via usb.  I have a project on the back burner to set it up as a stratum 1 ntp server..

                              But think I will just do that with the new one I am ordering, and waiting for the new cheaper $5 ones to be off back order ;) For a project to put my cigar humidor online..

                              This current ones final home is going to monitor the ups in my AV cabinet in the living room.. If I ever get around to moving it - its currently in my computer room connected the ups on my esxi box.  I got a new bigger ups for the esxi box (more run time)..  Kind of cool when whole block looses power and my internet works and even my wifi (poe) for like an hour.. Normally outages don't last any longer than that..

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                              1 Reply Last reply Reply Quote 0
                              • A
                                a1ien
                                last edited by

                                Ok I have another question.

                                If ISP give me /64 by SLAAC. How I need configure LAN interface

                                1 Reply Last reply Reply Quote 0
                                • D
                                  David_W
                                  last edited by

                                  @a1ien:

                                  If ISP give me /64 by SLAAC. How I need configure LAN interface

                                  You can't 'give a /64' by SLAAC - SLAAC allows devices to autonomously assign (single) IPv6 addresses within a prefix.

                                  Typically SLAAC is used to get a global IPv6 address for the ISP facing interface (the WAN interface of your device) and DHCP-PD is used to delegate IPv6 prefixes to your local interfaces. This is one variant of the typical ISP configuration defined in TR-187.

                                  If you use PPPoE or PPP to access your ISP, there's several important IPv6 fixes in 2.3.

                                  1 Reply Last reply Reply Quote 0
                                  • H
                                    hda
                                    last edited by

                                    Maybe just an artifact from PI Linux?

                                    my pi is /64

                                    Thanks guys, a bit OT, but hey maybe you like the info:
                                    The /etc/network/interfaces !did contain (iface eth0 inet6 dhcp), this controls a /64 address with /etc/wide-dhcp6c/dhcp6c.conf.
                                    In /etc/default/wide-dhcpv6-client there was (INTERFACES="eth0"), this gets/adds an (second) address as a /128.
                                    If the pfSense DHCPv6-Server allows a clienthost a /64, it is not showing up in Status-DHCPv6-leases, while as a /128 it is :)  //2.2.6

                                    1 Reply Last reply Reply Quote 0
                                    • H
                                      hda
                                      last edited by

                                      @David_W:

                                      This is one variant of the typical ISP configuration defined in TR-187.

                                      That' s interesting ! Thank you David :)

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        maverick_slo
                                        last edited by

                                        Yup, my ISP has it exactly like this.
                                        Was nightmare to configure on early 2.2.X and 2.3 builds via GUI, via conf file went just fine.

                                        1 Reply Last reply Reply Quote 0
                                        • A
                                          a1ien
                                          last edited by

                                          Ok. My ISP say it's name eui-64
                                          And when I set SLAAC on WAN interface type I get IP.

                                          1 Reply Last reply Reply Quote 0
                                          • D
                                            David_W
                                            last edited by

                                            @hda:

                                            @David_W:

                                            This is one variant of the typical ISP configuration defined in TR-187.

                                            That' s interesting ! Thank you David :)

                                            For completeness, the other variant of TR-187 is WAN IPv6 address via DHCPv6, prefixes delegated to local network(s) via DHCP-PD. In other words, the ISP has a choice of whether to use DHCPv6 or SLAAC for allocating WAN IP addresses. My ISP, Zen Internet, uses SLAAC.

                                            If you configure pfSense to use DHCP6 with prefix delegation, it will work with both the DHCPv6 and SLAAC variants of TR-187.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.