Am 06/22/17 um 15:30 schrieb Stuart Henderson: > > How are your PF rules? Do they allow NDP packets to pass? If you're > unsure, I would try "pass log inet6 proto icmp6" or similar. > > (this might be a bit of a surprise if used to IPv4 where address > resolution is done by a separate protocol that PF doesn't block). >
I don't block any icmp6: pass inet6 proto icmp6 all is already present in my /etc/pf.conf Killing the ndp entry brings my connection down, too: ~ # ndp -na Neighbor Linklayer Address Netif Expire S Flags 2a01:4f8:212:216c::2 30:85:a9:a4:ce:5e em0 permanent R l 2a01:4f8:212:216c::25 30:85:a9:a4:ce:5e em0 permanent R l 2a01:4f8:212:216c::1:443 30:85:a9:a4:ce:5e em0 permanent R l fe80::1%em0 cc:e1:7f:07:e0:88 em0 23h59m54s S R fe80::3285:a9ff:fea4:ce5e%em0 30:85:a9:a4:ce:5e em0 permanent R l ~ # ndp -d fe80::1%em0 fe80::1%em0 (fe80::1%em0) deleted ~ # ping6 www.google.de PING www.google.de (2a00:1450:4001:821::2003): 56 data bytes ^C --- www.google.de ping statistics --- 13 packets transmitted, 0 packets received, 100.0% packet loss ~ # ping6 fe80::1%em0 PING fe80::1%em0 (fe80::1%em0): 56 data bytes 64 bytes from fe80::1%em0: icmp_seq=0 hlim=64 time=9.001 ms 64 bytes from fe80::1%em0: icmp_seq=1 hlim=64 time=0.610 ms ^C --- fe80::1%em0 ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.610/4.806/9.001/4.196 ms ~ # ping6 www.google.de PING www.google.de (2a00:1450:4001:821::2003): 56 data bytes 64 bytes from 2a00:1450:4001:821::2003: icmp_seq=0 hlim=56 time=5.014 ms 64 bytes from 2a00:1450:4001:821::2003: icmp_seq=1 hlim=56 time=5.045 ms ^C --- www.google.de ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 5.014/5.029/5.045/0.015 ms Is there any way for us to fix it or is it just a misconfiguration at Hetzner?
