Sponsored Links

IPv6 (pfsense)

Still trying to get IPv6 connectivity from my Unifi router working (it works from routable IPv6 addresses within the LAN - just IPv6 from the router itself is not working e.g. 'ping -6 google.com')

My route -6 command looks like the following - the default IPv6 route has a 'next hop' that seems to be a link local address which is very odd!

Any thoughts to if this is normal? How to delete that route and add something a bit more approrpaite?



Code:
root@Cloud-Gateway-Ultra:~# route -6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
[::]/0                         fe80::aa7:41ff:feff:480c   UG   512 5     0 eth4
[::]/0                         [::]                       !n   -1  1     0 lo
2a0e:1d42:0:ee:0:1:0:xxx/128   [::]                       Ue   256 1     0 eth4
2a0e:1d47:cf01:xxxx::/64       [::]                       Ue   256 6     0 br0
fe80::/64                      [::]                       U    256 4     0 switch0.101
fe80::/64                      [::]                       U    256 1     0 switch0.102
fe80::/64                      [::]                       U    256 1     0 switch0.502
fe80::/64                      [::]                       U    256 1     0 switch0.1
fe80::/64                      [::]                       U    256 1     0 eth0
fe80::/64                      [::]                       U    256 1     0 eth1
fe80::/64                      [::]                       U    256 1     0 eth2
fe80::/64                      [::]                       U    256 1     0 eth3
fe80::/64                      [::]                       U    256 1     0 switch0
fe80::/64                      [::]                       U    256 5     0 br0
fe80::/64                      [::]                       U    256 1     0 br101
fe80::/64                      [::]                       U    256 1     0 br102
fe80::/64                      [::]                       U    256 1     0 br502
fe80::/64                      [::]                       U    256 1     0 eth4
fe80::/64                      [::]                       U    256 1     0 honeypot0
[::]/0                         [::]                       !n   -1  1     0 lo
localhost/128                  [::]                       Un   0   7     0 lo
2a0e:1d42:0:ee:0:1:0:xxx/128   [::]                       Un   0   5     0 eth4
2a0e:1d47:cf01:xxxx::/128      [::]                       Un   0   3     0 br0
2a0e:1d47:cf01:xxxx::1/128     [::]                       Un   0   8     0 br0
 
Still trying to get IPv6 connectivity from my Unifi router working (it works from routable IPv6 addresses within the LAN - just IPv6 from the router itself is not working e.g. 'ping -6 google.com')

My route -6 command looks like the following - the default IPv6 route has a 'next hop' that seems to be a link local address which is very odd!

Any thoughts to if this is normal? How to delete that route and add something a bit more approrpaite?
Your routing table looks fine and the link-local next-hops are completely normal in IPv6, not odd at all.

However, the /128 addresses that the routers themselves get from YouFibre aren't globally routed — don't know why but they never have been.

If you want to be able to ping IPv6 internet destinations from the router directly, you will need to specify the source address to be one of the router's addresses from the delegated prefixes, i.e. one of the addresses that you'll find on the brX interfaces:
Code:
ping6 -I 2a0e:1d47:xxxx:xxxx::1 ipv6.google.com
 
Last edited:
Your routing table looks fine and the link-local next-hops are completely normal in IPv6, not odd at all.

However, the /128 addresses that the routers themselves get from YouFibre aren't globally routed — don't know why but they never have been.

If you want to be able to ping IPv6 internet destinations from the router directly, you will need to specify the source address to be one of the router's addresses from the delegated prefixes, i.e. one of the addresses that you'll find on the brX interfaces:
Code:
ping6 -I 2a0e:1d47:xxxx:xxxx::1 ipv6.google.com

Thanks for the input.

Yes, getting the router to use the internal interface enables me to ping IPv6 from my routers CLI (but other IPv6 features of the router do not work as you can't tell them to use a different interface easily)

I have been through YouFibre senior support who were very helpful.

I troubleshooted with the Eero router and IPv6 connectivity does work with the YouFibre /128 (2a0e:1d42....) which was identical to that issued to my Unifi router. I was able to ping the IPv6 address of wan port of the Eero using an online/web ping6 service. So Youfibre do route the /128 allocated to the WAN port.

(I found the IPv6 of the Eero router by doing a IPv6 traceoute from within my network to an external site as it is not listed in the Eero GUI)

So it is something how PfSense/Unifi registers for the Ipv6 address that is causing the issue - hence me thinking it was this link-local 'next-hop'
 
Thanks for the input.

Yes, getting the router to use the internal interface enables me to ping IPv6 from my routers CLI (but other IPv6 features of the router do not work as you can't tell them to use a different interface easily)

I have been through YouFibre senior support who were very helpful.

I troubleshooted with the Eero router and IPv6 connectivity does work with the YouFibre /128 (2a0e:1d42....) which was identical to that issued to my Unifi router. I was able to ping the IPv6 address of wan port of the Eero using an online/web ping6 service. So Youfibre do route the /128 allocated to the WAN port.

(I found the IPv6 of the Eero router by doing a IPv6 traceoute from within my network to an external site as it is not listed in the Eero GUI)

So it is something how PfSense/Unifi registers for the Ipv6 address that is causing the issue - hence me thinking it was this link-local 'next-hop'
The link-local address is coming from the router advertisements, which is totally normal IPv6 behaviour. The router beacons out using link-local multicast saying "I'm a router!" and that gets populated in your routing table accordingly.

You can indeed send traffic to the address and it'll get routed to you. Your router will even respond back on the same interface. But somewhere on the YouFibre network on the path to the internet, the return traffic gets dropped. As far as I know this has always been the case and I have seen that be the case with different models of router.

The only thing that the Eero could be doing differently is manually populating a separate routing table entry for a different gateway from which the /128 addresses are being assigned, or using some kind of tunnel encapsulation to send it up to a management gateway (for remote Eero management perhaps). Whatever that route is, it's not present in the standard router advertisements from upstream, nor is it present in the DHCPv6 responses.

It would have to be YouFibre that would address this as it's happening somewhere in their network.
 
The link-local address is coming from the router advertisements, which is totally normal IPv6 behaviour. The router beacons out using link-local multicast saying "I'm a router!" and that gets populated in your routing table accordingly.

You can indeed send traffic to the address and it'll get routed to you. Your router will even respond back on the same interface. But somewhere on the YouFibre network on the path to the internet, the return traffic gets dropped. As far as I know this has always been the case and I have seen that be the case with different models of router.

The only thing that the Eero could be doing differently is manually populating a separate routing table entry for a different gateway from which the /128 addresses are being assigned, or using some kind of tunnel encapsulation to send it up to a management gateway (for remote Eero management perhaps). Whatever that route is, it's not present in the standard router advertisements from upstream, nor is it present in the DHCPv6 responses.

It would have to be YouFibre that would address this as it's happening somewhere in their network.
Thanks for this.

I managed to figure out the IPv6 address of my Eero by doing a traceroute from within my LAN to an external address (it was the same as what was issued ot my Unifi). I could reliably ping this address from external - e.g. https://tools.keycdn.com/ping

I was supposed to reply to you last week but just wanted to recheck - but no IPv6 connectivity was working (although all issued an appropriate address)

I have just come back to this today and I can now externally ping my WAN IPv6 address (with a 2a0e:1d42 ) despite using my Unifi router! I can also ping IPv6 internet addresses from the SSH interface also.

Is yours now working?

I don't know if YouFibre have been doing some work at their end to 1) cause my IPv6 to be broken for several days, and then 2) suddently start working including connectivity to/from 2a0e:1d42 WAN
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6024)
  2. BT (3638)
  3. Politics (2720)
  4. Business (2439)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2143)
  8. FTTC (2083)
  9. Statistics (1899)
  10. 4G (1813)
  11. Virgin Media (1762)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1404)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules