Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
956 posts

Ultimate Geek
+1 received by user: 346
Inactive user


  Reply # 1303032 12-May-2015 18:25
Send private message

Running pfsense 2.2.2?

 

I'm a scrub at networking, but I would hazard a guess that the client isn't picking up the router advertisements



242 posts

Master Geek
+1 received by user: 11


  Reply # 1303033 12-May-2015 18:32
Send private message

Yep running latest version 2.2.2.

I was initially having trouble with the clients getting any IPv6 information at all, tracked it down to an issue on pofsense with the "radvd - Router Advertisement Daemon". This is resolved not and clients are able to resolve IPv6 addresses but unable to pass traffic. very strange. Next step is to inspect the packets and see what is going on but interpreting that data is a bit out of my depth.

ping -6 google.com

Pinging google.com [2404:6800:4003:c02::8a] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 2404:6800:4003:c02::8a:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),





956 posts

Ultimate Geek
+1 received by user: 346
Inactive user


  Reply # 1303041 12-May-2015 18:53
Send private message

What are you seeing on the pfsense firewall log?



242 posts

Master Geek
+1 received by user: 11


  Reply # 1303061 12-May-2015 19:03
Send private message

Hmm excellent thought, why didnt I see earlier.

i can see the IGMP packets being sent and allowed but nothing coming back.

EDIT: Removed unrelated firewall entries.





154 posts

Master Geek
+1 received by user: 9


  Reply # 1303385 13-May-2015 10:34
2 people support this post
Send private message

in the latest 2.2.2 IPv6 are very stable, might want to keep it another try?
also check if have a service called "radvd" running on your pfSense, that's the Router Advertisement Daemon for IPv6.

btw from your setting pages screenshots, I also noticed you using 56 as DHCPv6 prefix delegation size, 56 only for if you asked Snap for an Static IPv6, use 48 if you are not.



242 posts

Master Geek
+1 received by user: 11


  Reply # 1303412 13-May-2015 11:08
Send private message

btw from your setting pages screenshots, I also noticed you using 56 as DHCPv6 prefix delegation size, 56 only for if you asked Snap for an Static IPv6, use 48 if you are not.


I think this may be the ticket. I got a /56 from other threads on here but did not take that into account static vs dynamic ip's.

Will give this a go, I have tried a fresh install of pfsense many time over the last few months so will be glad to get this working.







242 posts

Master Geek
+1 received by user: 11


  Reply # 1303441 13-May-2015 11:18
Send private message

Seems you hit the nail on the head there D1NZ, I was looking to far into the issue - was as simple as incorrect delegation size!

Can ping from client to ipv6.google.com without issue and test-ipv6.com returns 10/10.

I was started to tear my hear out for a bit there.





956 posts

Ultimate Geek
+1 received by user: 346
Inactive user


  Reply # 1304763 13-May-2015 19:58
Send private message

Sweet, didn't realise static and dynamic used different delegation sizes. Glad its working for you now.

[sarcasm]don't you just love how easy and simple ipv6 is, you can see why everyone is rushing to jump on the ipv6 bandwagon[/sarcasm]



242 posts

Master Geek
+1 received by user: 11


  Reply # 1305029 14-May-2015 11:41
Send private message

I didnt realise that either. I know that now :)

I have disabled IPv6 for now due to issues with many websites failing to load properly, google takes about 3-4 tries to come up, facebook does not function at all.





154 posts

Master Geek
+1 received by user: 9


  Reply # 1305050 14-May-2015 12:00
Send private message

bonkas: I didnt realise that either. I know that now :)

I have disabled IPv6 for now due to issues with many websites failing to load properly, google takes about 3-4 tries to come up, facebook does not function at all.


weird, for me everything works fine.

have you click that prefer to use IPv4 even if IPv6 is available? See image below:-




242 posts

Master Geek
+1 received by user: 11


  Reply # 1305355 14-May-2015 18:33
Send private message

Yup that is already selected due to previous attempts at getting this working. No dice. Oh well. Back to IPv4 for me.





363 posts

Ultimate Geek
+1 received by user: 75


  Reply # 1305531 14-May-2015 22:44
Send private message

I have disabled IPv6 for now due to issues with many websites failing to load properly, google takes about 3-4 tries to come up, facebook does not function at all.

That is the classic symptom that your IPv6 is in fact not working.  What happens is that the PC you are using has an IPv6 global unicast address and therefore thinks IPv6 is working, so it will preferentially choose to use IPv6 addresses for web sites if it finds one.  Now, somewhere between that PC and the IPv6 Internet, IPv6 is not actually working, and IPv6 packets either do not get sent or do not get received at your PC.  But due to what I consider to be a nasty quirk of how DNS lookups work, your PC thinking that IPv6 is working makes it request all addresses for sites, both the IPv4 A records and the IPv6 AAAA records.  And the DNS system returns results that include IPv6 AAAA records, even though it had to use IPv4 to fetch them as IPv6 was not working.  So your PC then tries to connect in turn to all the DNS addresses it got back, but because it is preferring IPv6, it tries all the IPv6 addresses first.  Only when they all fail to respond does it finally try an IPv4 address and get a response.  All the timeouts waiting for IPv6 responses add up to quite a few seconds before the page finally loads.



242 posts

Master Geek
+1 received by user: 11


  Reply # 1305698 15-May-2015 11:12
Send private message

What I find strange is all the online IPv6 test I have tried come up OK, no warning, errors, just 100% working. Geekzone shows the IPv6 logo. I can ping ipv6 addresses without issue.

I seem to only have trouble with (my limited testing) google, websites with google adsense and facebook.

I am out of ideas, 3 fresh installs last night and many hours of google fu I have come up empty. I seem to have mirrored settings of a few guys pfsense setups here but they are not seeing the same issues I am.

I believe this was also an issue in the early days of ipv6 being supported at snap but was resolved - Maybe it's something not setup on snaps end?





363 posts

Ultimate Geek
+1 received by user: 75


  Reply # 1305855 15-May-2015 14:31
Send private message

It might be an idea to do some specific tests on the problem sites.  I get this on my Windows box:

nslookup facebook.com
Server:  savaidhg.6.jsw.gen.nz
Address:  2406:e001:1:2802::2

Non-authoritative answer:
Name:    facebook.com
Addresses:  2a03:2880:2130:cf05:face:b00c:0:1
          173.252.120.6


tracert 2a03:2880:2130:cf05:face:b00c:0:1

Tracing route to edge-star6-shv-12-frc3.facebook.com [2a03:2880:2130:cf05:face:b00c:0:1]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  erl.6.jsw.gen.nz [2406:e001:1:2801::251]
  2     4 ms     2 ms     2 ms  router877.6.jsw.gen.nz [2406:e001:1:2800::253]
  3    60 ms    55 ms    67 ms  2406:e000:2801:2::1
  4    67 ms    84 ms   102 ms  2406:e000:2800:4::1
  5     *        *        *     Request timed out.
  6   127 ms    59 ms    58 ms  23655.syd.equinix.com [2001:de8:6::2:3655:1]
  7    58 ms    58 ms    59 ms  32934.syd.equinix.com [2001:de8:6::3:2934:1]
  8   240 ms   254 ms   239 ms  be23.bb01.lax1.tfbnw.net [2620:0:1cff:dead:beef::304]
  9   292 ms   262 ms   262 ms  ae27.bb02.atl1.tfbnw.net [2620:0:1cff:dead:beef::c68]
 10   243 ms   273 ms   240 ms  ae16.bb06.frc3.tfbnw.net [2620:0:1cff:dead:beef::ea7]
 11   241 ms   283 ms   247 ms  ae32.bb03.frc3.tfbnw.net [2620:0:1cff:dead:beef::c6a]
 12   312 ms   276 ms   301 ms  ae62.dr01.frc3.tfbnw.net [2620:0:1cff:dead:beef::603]
 13   259 ms   297 ms   314 ms  po1020.csw12a.frc3.tfbnw.net [2620:0:1cff:dead:beef::23b]
 14     *        *        *     Request timed out.
 15   263 ms   283 ms   263 ms  edge-star6-shv-12-frc3.facebook.com [2a03:2880:2130:cf05:face:b00c:0:1]

Trace complete.


So try using this IPv6 format URL to access facebook.com while running Wireshark:

  [2a03:2880:2130:cf05:face:b00c:0:1]

If your PC is too busy and you have too much traffic to sort out what are the relevant packets, try using a capture filter like this in Wireshark:

  ip6 and (icmp6 or host 2a03:2880:2130:cf05:face:b00c:0:1)




242 posts

Master Geek
+1 received by user: 11


  Reply # 1305862 15-May-2015 14:42
Send private message

I probably wont get time to try this until tomorrow but I will find this out and get back to you!





1 | 2 | 3 | 4
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.