Re: [pfSense] pfsense 2.1.3 and IPv6 problem

Wed, 14 May 2014 02:52:33 -0700 

Hi Chris
generally full agreement with your suggestion, but that's not my problem. Same IPv6 setup works well with the very same computer in 2nd network environment, only difference is only the WAN link on the 2nd pfsense. 

In my case, I assume that:
- client sends to IPv6 gateway on link-lokal address
- link lokal address is used by multiple devices
- default route for IPv6 is HE tunnel (through gif0 interface)

- But: pppoe2 interface (in very same link-local address!) has an own 
IPv6 gateway which is not working ..



I am not a network pro and above thoughts might be wrong, but that's how 
I see it now ...



PS1: Most "problematic" (reliably failing) page in bad IPv6 setup is 
"de.wikipedia.org" (never checked if en.wikipedia.org has the same problem)
PS2: Ubuntu "apt-get update && upgrade" fail as well! it's not only web 
access.


regards, Radim


On 14/05/14 10:06, Chris L wrote:

Instead of generic, local ifconfig information, it might be more beneficial to 
concentrate on a specific site that isn’t working and work back from there.

If you fix one, you might just fix them all.

In dual-stack, I have found that the problem is usually receiving a good AAAA 
record when querying DNS but not having a good v6 route.  Your browser does the 
right thing, trying v6 first, gets a good DNS response, but can’t get there.

This is what I experience when my IP address changes.  It doesn’t happen often, 
maybe every eight months or so, but it trashes my HE tunnel until I get it 
reconfigured.  This is because IPv4 nameservers can give good AAAA answers. But 
then there’s no IPv6 route.  The IPv4 nameserver has no idea whether you have a 
good IPv6 route. It receives an AAAA resolution request and dutifully obliges.

My client computers have no idea the HE tunnel is dead.  They ask if there’s an 
IPv6 router on the segment, get a response, and think everything is hunky-dory 
so they ask for AAAA records first.  They get a good response, and try to 
connect.  But the Internetv6 is down.  :(

On May 14, 2014, at 12:47 AM, R.Sv. <[email protected]> wrote:


Dear all

Started to play around with IPv6 with my Swiss provider (VTX, not yet 
officially supporting IPv6) and HE.net IPv6 Tunnel.

IPv6 works, but not correctly, some web pages do not load at all or never end to finish 
loading. I guess because some routing problem. Looking at "ifconfig" I have 2 
questions:

1) Why do vr0, vr1_vlan, pppoe2 and gif0 interfaces have the same link-local 
address?
2) Why does ppoe2 have a an official IPv6 address (in GUI/Status/Interfaces it 
displays as Gateway IPv6)

On the box, IPv6 is on
On WAN interface: IPv4 Config Type: PPPoE; IPv6 Config Type: None

With Config-Type=None I would expect no IPv6 configuration at all, except an 
link-local address.
I already tried other IPv6 config types for WAN, but result is always the same. 
I have not yet contacted the provider.

The multiple and for me weird distribution of link-local addresses is probably 
my missing knowledge ....
But the IPv6 gateway on pppoe without having a routable IPv6 behind the link is 
the problem! How can I prevent/delete that interface and routing setting?

Setup:
provider <-> pppoe2 <-> vr1_vlan11 <-> WAN
pfsense <-> WAN <-> vr1_vlan11 <-> pppoe2 <-> provider (VTX)
pfsense <-> IPV6HE <-> gif0<-> WAN<-> tunnel-to-ipv6 (HE)

A very similar setup where WAN is a static address (private address/DMZ) works 
without a problem. The problem is not the IPv6 tunnel setup.

ifconfig | grep inet6:
--------------------------------------------------
[2.1.3-RELEASE][[email protected]]/root(2): ifconfig | grep inet6
        inet6 fe80::20d:b9ff:fe1c:b04%vr0 prefixlen 64 scopeid 0x1
        inet6 fe80::20d:b9ff:fe1c:b05%vr1 prefixlen 64 scopeid 0x2
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
        inet6 fe80::20d:b9ff:fe1c:b04%vr1_vlan11 prefixlen 64 scopeid 0x7
        inet6 fe80::20d:b9ff:fe1c:b04%pppoe2 prefixlen 64 scopeid 0x8
        inet6 2001:4c78:bee0:413:20d:b9ff:fe1c:b04 prefixlen 64 autoconf
        inet6 2001:470:25:8c::2 --> 2001:470:25:8c::1 prefixlen 128
        inet6 fe80::20d:b9ff:fe1c:b04%gif0 prefixlen 64 scopeid 0x9


ifconfig:
--------------------------------------------------
[2.1.3-RELEASE][[email protected]]/root(1): ifconfig
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC,LINKSTATE>
        ether 00:0d:b9:1c:0b:04
        inet6 fe80::20d:b9ff:fe1c:b04%vr0 prefixlen 64 scopeid 0x1
        inet 172.28.58.1 netmask 0xffffff00 broadcast 172.28.58.255
        nd6 options=1<PERFORMNUD>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
vr1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC,LINKSTATE>
        ether 00:0d:b9:1c:0b:05
        inet6 fe80::20d:b9ff:fe1c:b05%vr1 prefixlen 64 scopeid 0x2
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
enc0: flags=0<> metric 0 mtu 1536
pflog0: flags=100<PROMISC> metric 0 mtu 33192
pfsync0: flags=0<> metric 0 mtu 1460
        syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
vr1_vlan11: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:0d:b9:1c:0b:05
        inet6 fe80::20d:b9ff:fe1c:b04%vr1_vlan11 prefixlen 64 scopeid 0x7
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        vlan: 11 vlanpcp: 0 parent interface: vr1
pppoe2: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 
1492
        inet6 fe80::20d:b9ff:fe1c:b04%pppoe2 prefixlen 64 scopeid 0x8
        inet 83.228.149.226 --> 212.147.11.51 netmask 0xffffffff
        inet6 2001:4c78:bee0:413:20d:b9ff:fe1c:b04 prefixlen 64 autoconf
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
        tunnel inet 83.228.149.226 --> 216.66.80.98
        inet6 2001:470:YYY:8c::2 --> 2001:470:YYY:8c::1 prefixlen 128
        inet6 fe80::20d:b9ff:fe1c:b04%gif0 prefixlen 64 scopeid 0x9
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
        options=1<ACCEPT_REV_ETHIP_VER>
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list

_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list


_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list






















					Reply via email to