On May 15, 2014, at 7:15 AM, R. Svejda <[email protected]> wrote: > > On 14/05/14 17:55, Chris L wrote: >> On May 14, 2014, at 2:51 AM, R. Svejda <[email protected]> wrote: >> >>> Hi Chris >>> >>> generally full agreement with your suggestion, but that's not my problem. >>> Same IPv6 setup works well with the very same computer in 2nd network >>> environment, only difference is only the WAN link on the 2nd pfsense. >>> >>> In my case, I assume that: >>> - client sends to IPv6 gateway on link-lokal address >>> - link lokal address is used by multiple devices >>> - default route for IPv6 is HE tunnel (through gif0 interface) >>> - But: pppoe2 interface (in very same link-local address!) has an own IPv6 >>> gateway which is not working .. >>> >>> I am not a network pro and above thoughts might be wrong, but that's how I >>> see it now ... >>> >>> PS1: Most "problematic" (reliably failing) page in bad IPv6 setup is >>> "de.wikipedia.org" (never checked if en.wikipedia.org has the same problem) >>> PS2: Ubuntu "apt-get update && upgrade" fail as well! it's not only web >>> access. >>> >> > > Hi Chris > thats the wrong path. Same client is working perfectly in Main Office. No > difference except for the WAN interface (pppoe at home office; static with > another upstream firewall at main office). > > 1) > Why is pppoe interface getting an IPv6 gateway assigned - in pfsense > settings, IPv6 is marked as NONE on WAN interface!
That’s a good question. I assume you’ve reset the interface/restarted pfSense since disabling IPv6 on pppoe2. I don’t have a PPPoE service to test with. It’s coming from somewhere. Check the logs when the interface resets/reboots. > > 2) > Why do the interfaces vr0, ppoe2, gif0 and vr1_vlan11 all have the same > link-local address? Specially vr1_vlan11 has the same link-local address like > the device vr0 while vr1 has a different one! I don’t think that’s your problem. http://www.freebsd.org/doc/en/books/developers-handbook/ipv6.html "Interfaces that has no IEEE802 address (pseudo interfaces like tunnel interfaces, or ppp interfaces) will borrow IEEE802 address from other interfaces, such as Ethernet interfaces, whenever possible. If there is no IEEE802 hardware attached, a last resort pseudo-random value, MD5(hostname), will be used as source of link-local address. If it is not suitable for your usage, you will need to configure the link-local address manually.” Though it does seem like vr1_vlan11 should use vr1’s MAC address to generate its link-local, I don’t think it’s causing your problems and is probably harmless - perhaps intended. > > IPv4 connection is on pppoe2 / vr1_vlan > IPv6 connection is on gif0 > LAN is vr0 > > Anybody a hint? How can I disable or remove IPv6 config from pppoe/WAN? > > Radim > > > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > >>>> old stuff, wrong order, sorry: >> >>> regards, Radim >>> >>> >>> On 14/05/14 10:06, Chris L wrote: >>>> Instead of generic, local ifconfig information, it might be more >>>> beneficial to concentrate on a specific site that isn’t working and work >>>> back from there. >>>> >>>> If you fix one, you might just fix them all. >>>> >>>> In dual-stack, I have found that the problem is usually receiving a good >>>> AAAA record when querying DNS but not having a good v6 route. Your >>>> browser does the right thing, trying v6 first, gets a good DNS response, >>>> but can’t get there. >>>> >>>> This is what I experience when my IP address changes. It doesn’t happen >>>> often, maybe every eight months or so, but it trashes my HE tunnel until I >>>> get it reconfigured. This is because IPv4 nameservers can give good AAAA >>>> answers. But then there’s no IPv6 route. The IPv4 nameserver has no idea >>>> whether you have a good IPv6 route. It receives an AAAA resolution request >>>> and dutifully obliges. >>>> >>>> My client computers have no idea the HE tunnel is dead. They ask if >>>> there’s an IPv6 router on the segment, get a response, and think >>>> everything is hunky-dory so they ask for AAAA records first. They get a >>>> good response, and try to connect. But the Internetv6 is down. :( >>>> >>>> On May 14, 2014, at 12:47 AM, R.Sv. <[email protected]> wrote: >>>> >>>>> Dear all >>>>> >>>>> Started to play around with IPv6 with my Swiss provider (VTX, not yet >>>>> officially supporting IPv6) and HE.net IPv6 Tunnel. >>>>> >>>>> IPv6 works, but not correctly, some web pages do not load at all or never >>>>> end to finish loading. I guess because some routing problem. Looking at >>>>> "ifconfig" I have 2 questions: >>>>> >>>>> 1) Why do vr0, vr1_vlan, pppoe2 and gif0 interfaces have the same >>>>> link-local address? >>>>> 2) Why does ppoe2 have a an official IPv6 address (in >>>>> GUI/Status/Interfaces it displays as Gateway IPv6) >>>>> >>>>> On the box, IPv6 is on >>>>> On WAN interface: IPv4 Config Type: PPPoE; IPv6 Config Type: None >>>>> >>>>> With Config-Type=None I would expect no IPv6 configuration at all, except >>>>> an link-local address. >>>>> I already tried other IPv6 config types for WAN, but result is always the >>>>> same. I have not yet contacted the provider. >>>>> >>>>> The multiple and for me weird distribution of link-local addresses is >>>>> probably my missing knowledge .... >>>>> But the IPv6 gateway on pppoe without having a routable IPv6 behind the >>>>> link is the problem! How can I prevent/delete that interface and routing >>>>> setting? >>>>> >>>>> Setup: >>>>> provider <-> pppoe2 <-> vr1_vlan11 <-> WAN >>>>> pfsense <-> WAN <-> vr1_vlan11 <-> pppoe2 <-> provider (VTX) >>>>> pfsense <-> IPV6HE <-> gif0<-> WAN<-> tunnel-to-ipv6 (HE) >>>>> >>>>> A very similar setup where WAN is a static address (private address/DMZ) >>>>> works without a problem. The problem is not the IPv6 tunnel setup. >>>>> >>>>> ifconfig | grep inet6: >>>>> -------------------------------------------------- >>>>> [2.1.3-RELEASE][[email protected]]/root(2): ifconfig | grep inet6 >>>>> inet6 fe80::20d:b9ff:fe1c:b04%vr0 prefixlen 64 scopeid 0x1 >>>>> inet6 fe80::20d:b9ff:fe1c:b05%vr1 prefixlen 64 scopeid 0x2 >>>>> inet6 ::1 prefixlen 128 >>>>> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 >>>>> inet6 fe80::20d:b9ff:fe1c:b04%vr1_vlan11 prefixlen 64 scopeid 0x7 >>>>> inet6 fe80::20d:b9ff:fe1c:b04%pppoe2 prefixlen 64 scopeid 0x8 >>>>> inet6 2001:4c78:bee0:413:20d:b9ff:fe1c:b04 prefixlen 64 autoconf >>>>> inet6 2001:470:25:8c::2 --> 2001:470:25:8c::1 prefixlen 128 >>>>> inet6 fe80::20d:b9ff:fe1c:b04%gif0 prefixlen 64 scopeid 0x9 >>>>> >>>>> >>>>> ifconfig: >>>>> -------------------------------------------------- >>>>> [2.1.3-RELEASE][[email protected]]/root(1): ifconfig >>>>> vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 >>>>> options=8280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC,LINKSTATE> >>>>> ether 00:0d:b9:1c:0b:04 >>>>> inet6 fe80::20d:b9ff:fe1c:b04%vr0 prefixlen 64 scopeid 0x1 >>>>> inet 172.28.58.1 netmask 0xffffff00 broadcast 172.28.58.255 >>>>> nd6 options=1<PERFORMNUD> >>>>> media: Ethernet autoselect (100baseTX <full-duplex>) >>>>> status: active >>>>> vr1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 >>>>> options=8280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC,LINKSTATE> >>>>> ether 00:0d:b9:1c:0b:05 >>>>> inet6 fe80::20d:b9ff:fe1c:b05%vr1 prefixlen 64 scopeid 0x2 >>>>> nd6 options=3<PERFORMNUD,ACCEPT_RTADV> >>>>> media: Ethernet autoselect (100baseTX <full-duplex>) >>>>> status: active >>>>> enc0: flags=0<> metric 0 mtu 1536 >>>>> pflog0: flags=100<PROMISC> metric 0 mtu 33192 >>>>> pfsync0: flags=0<> metric 0 mtu 1460 >>>>> syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 >>>>> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 >>>>> options=3<RXCSUM,TXCSUM> >>>>> inet 127.0.0.1 netmask 0xff000000 >>>>> inet6 ::1 prefixlen 128 >>>>> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 >>>>> nd6 options=3<PERFORMNUD,ACCEPT_RTADV> >>>>> vr1_vlan11: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 >>>>> mtu 1500 >>>>> ether 00:0d:b9:1c:0b:05 >>>>> inet6 fe80::20d:b9ff:fe1c:b04%vr1_vlan11 prefixlen 64 scopeid 0x7 >>>>> nd6 options=3<PERFORMNUD,ACCEPT_RTADV> >>>>> media: Ethernet autoselect (100baseTX <full-duplex>) >>>>> status: active >>>>> vlan: 11 vlanpcp: 0 parent interface: vr1 >>>>> pppoe2: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric >>>>> 0 mtu 1492 >>>>> inet6 fe80::20d:b9ff:fe1c:b04%pppoe2 prefixlen 64 scopeid 0x8 >>>>> inet 83.228.149.226 --> 212.147.11.51 netmask 0xffffffff >>>>> inet6 2001:4c78:bee0:413:20d:b9ff:fe1c:b04 prefixlen 64 autoconf >>>>> nd6 options=3<PERFORMNUD,ACCEPT_RTADV> >>>>> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280 >>>>> tunnel inet 83.228.149.226 --> 216.66.80.98 >>>>> inet6 2001:470:YYY:8c::2 --> 2001:470:YYY:8c::1 prefixlen 128 >>>>> inet6 fe80::20d:b9ff:fe1c:b04%gif0 prefixlen 64 scopeid 0x9 >>>>> nd6 options=3<PERFORMNUD,ACCEPT_RTADV> >>>>> options=1<ACCEPT_REV_ETHIP_VER> >>>>> _______________________________________________ >>>>> List mailing list >>>>> [email protected] >>>>> https://lists.pfsense.org/mailman/listinfo/list >>>> _______________________________________________ >>>> List mailing list >>>> [email protected] >>>> https://lists.pfsense.org/mailman/listinfo/list >>> _______________________________________________ >>> List mailing list >>> [email protected] >>> https://lists.pfsense.org/mailman/listinfo/list >> _______________________________________________ >> List mailing list >> [email protected] >> https://lists.pfsense.org/mailman/listinfo/list > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
