Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Pfsense - IPv6 TBB monitor not working  (Read 252 times)

Jon21

  • Member
  • **
  • Posts: 59
Pfsense - IPv6 TBB monitor not working
« on: June 14, 2018, 11:42:52 AM »

Hi,

I've just set up a Pfsense router, using one of the Qotom Q355G4 mini pc. I've managed to get the basics setup. I'm getting an IPv4 and IPv6 address. My TBB monitor is working for the IPv4 address but not for the IPv6.

In firewall rules, I have a rule that is:

Action: Pass
Interface: WAN
Address family: IPv4 + IPv6
Protocol: ICMP
ICMP subtypes: any
Source: any
Destination: any

Probably missing something, as I am a noob to this  :D
Logged

jelv

  • Helpful
  • Reg Member
  • *
  • Posts: 863
Re: Pfsense - IPv6 TBB monitor not working
« Reply #1 on: June 14, 2018, 12:39:18 PM »

A common mistake is to try to set it up with your PC's IP address and not the router's.
If you do a tracert to an IPv6 address (e.g. Google's DNS - tracert 2001:4860:4860::8888) the first hop will be your router's IP address.
Logged
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. Rick Cook, The Wizardry Compiled

skyeci

  • Kitizen
  • ****
  • Posts: 1130
    • skyECI line stats
Re: Pfsense - IPv6 TBB monitor not working
« Reply #2 on: June 14, 2018, 12:43:20 PM »

you probably need to select "icmp ipv6" on protocol.. It's working on my Opnsense setup this way. see my stats
Logged
Sky Fibre Pro - 8800nl v1 (bridge mode) + Opnsense(i5 Qotom) with IPV6 , AC-88U WAP- ECI cab, click for my ECI  line stats

click for  line stats by Pi3/Huawei 

Jon21

  • Member
  • **
  • Posts: 59
Re: Pfsense - IPv6 TBB monitor not working
« Reply #3 on: June 14, 2018, 01:30:07 PM »

A common mistake is to try to set it up with your PC's IP address and not the router's.
If you do a tracert to an IPv6 address (e.g. Google's DNS - tracert 2001:4860:4860::8888) the first hop will be your router's IP address.

That's sorted it, thanks. I had what I thought was the full IPv6 address as the address to monitor, which worked fine when I setup the monitor for the Asus router I was using, but doing the tracert gave me the full IPv6 address for the new router.

Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 5401
Re: Pfsense - IPv6 TBB monitor not working
« Reply #4 on: June 14, 2018, 04:14:37 PM »

missing key info.

you setup in floating or wan category?

You want to allow icmp for all your ipv6 addresses not just the pfsense box ip, reason is its a requirement for mtu discovery to work properly, either allow all icmp, or these types.

echo reply
echo request -> these 2 for pings, blocking pings isnt really useful security, but harms diagnosing problems
parameter problem
time exceeded
packet too big
destination unreachable

http://ipv6-test.com/ tests icmp connectivity
« Last Edit: June 14, 2018, 04:18:52 PM by Chrysalis »
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Jon21

  • Member
  • **
  • Posts: 59
Re: Pfsense - IPv6 TBB monitor not working
« Reply #5 on: June 14, 2018, 05:00:52 PM »

It was in the WAN section.

Do I need to do that in floating and LAN?

On ipv6-test.com, I get Filtered for ICMP connectivity
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 5401
Re: Pfsense - IPv6 TBB monitor not working
« Reply #6 on: June 15, 2018, 07:59:09 AM »

Then you need to fix your ICMP, you blocking key packets.

My rule is in the WAN section, I have both source and destination set to any, interface as WAN and protocol type as ipv6, I think if you set dual stack you may not be able to select specific ipv6 icmp types as allowed, so make a separate rule for ipv4.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 5401
Re: Pfsense - IPv6 TBB monitor not working
« Reply #7 on: June 15, 2018, 12:00:18 PM »

It just hit me, you may need to adjust your client machine to allow the ICMP packets, I just remembered on windows 8 I had to make a custom rule to allow the packets inbound from WAN.  I dont know if Windows 10 uses sensible defaults, but Windows 8 (and probably 7) does not.

Linux client machines wont have this problem as they allow icmp by default.  ICMP is more important on ipv6 than ipv4.

Anyone on a PPPoE 1492 MTU line really wants this working properly.
« Last Edit: June 15, 2018, 12:03:44 PM by Chrysalis »
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Jon21

  • Member
  • **
  • Posts: 59
Re: Pfsense - IPv6 TBB monitor not working
« Reply #8 on: June 15, 2018, 12:48:36 PM »

Thanks Chrysalis, just done that and it now shows as "Reachable" on ipv6-test.com.
Logged
 

anything