IPv6 Gateway Monitoring – Shows Gateway Offline
-
Hello Good folks!
I'm running the latest & (might I add) the greatest! pf 2.2.6-release (FreeBSD).
On my dashboard, I have the Gateway widget which shows IPv4 & IPv6 Gateway status. IPv4 monitoring is operational!
However, IPv6 Gateway shows as Offline even though, my WAN & LAN IPv6 connectivity is there. Interestingly, the IPv6 Gateway show the link-local (fe80::) address instead of the actual/routable IPv6 IP of the ISP Gateway (pls. see attached image). How can I fix the IPv6 Gateway monitoring (apinger).
Thanks!
-
Comcast? We see the same thing. Gateway does not respond to pings. I ping googles v6 dns as alternative monitor ip for inital setup. But now have monitoring turned off on that site. Try changing your last digit to :1 from :0 if thats what it is.
-
apinger has been replaced with dpinger in 2.3 might be a good time to test if you can
-
It's normal, and correct to have the fe80 gateway in that case.
Your gateway doesn't respond to pings. System>Routing, edit it, put in some other monitor IP.
-
No luck even after I changed the monitoring IP (see attached image).
The problem is that the monitoring script (apinger) uses link-local source address to ping the destination (2607:f8b0:4004:808::200e). The destination does not respond back on the link-local address.
I can, however, ping to the same google address from a client laptop that's going through the pfsense box.
-
It won't use link local as the source IP, assuming you have a WAN-side DHCP6 assigned IP. That's the gateway IP it's showing, not the source IP. The gateway IP is supposed to be link local with DHCP6.
/var/etc/apinger.conf will show the source IP.
-
My pfSense WAN IPv6 does have a routable IPv6 address.
I think the /etc/inc/gwlib.inc apinger script does use the link-local interface to do the ping instead of the routable IPv6 WAN interface. Check out script around line 203. The Gateway widget showing the fe80:: address does support that it's using link-local interface for pinging.
-
Never saw it work that way myself. apinger's gone in 2.3 so not going to even look. I'd suggest upgrading to the latest 2.3 snapshot in that case.
-
Thank you, cmb!
How stable is 2.3? I have a semi-production environment in that I have the home type setup and I do work from home. So, wouldn't want the firewall/proxy system to be flaky.
-
Really solid, we're days away from release candidate and not likely to make any changes once we hit RC, with release soon after.