Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Pfsense - IPv6 TBB monitor not working  (Read 2689 times)

Jon21

  • Reg Member
  • ***
  • Posts: 255
Pfsense - IPv6 TBB monitor not working
« on: June 14, 2018, 11:42:52 AM »

Hi,

I've just set up a Pfsense router, using one of the Qotom Q355G4 mini pc. I've managed to get the basics setup. I'm getting an IPv4 and IPv6 address. My TBB monitor is working for the IPv4 address but not for the IPv6.

In firewall rules, I have a rule that is:

Action: Pass
Interface: WAN
Address family: IPv4 + IPv6
Protocol: ICMP
ICMP subtypes: any
Source: any
Destination: any

Probably missing something, as I am a noob to this  :D
Logged

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 2054
Re: Pfsense - IPv6 TBB monitor not working
« Reply #1 on: June 14, 2018, 12:39:18 PM »

A common mistake is to try to set it up with your PC's IP address and not the router's.
If you do a tracert to an IPv6 address (e.g. Google's DNS - tracert 2001:4860:4860::8888) the first hop will be your router's IP address.
Logged
Broadband and Line rental: Zen Unlimited Fibre 2, Mobile: Vodaphone
Router: Fritz!Box 7530

skyeci

  • Kitizen
  • ****
  • Posts: 1381
    • Line stats
Re: Pfsense - IPv6 TBB monitor not working
« Reply #2 on: June 14, 2018, 12:43:20 PM »

you probably need to select "icmp ipv6" on protocol.. It's working on my Opnsense setup this way. see my stats

Jon21

  • Reg Member
  • ***
  • Posts: 255
Re: Pfsense - IPv6 TBB monitor not working
« Reply #3 on: June 14, 2018, 01:30:07 PM »

A common mistake is to try to set it up with your PC's IP address and not the router's.
If you do a tracert to an IPv6 address (e.g. Google's DNS - tracert 2001:4860:4860::8888) the first hop will be your router's IP address.

That's sorted it, thanks. I had what I thought was the full IPv6 address as the address to monitor, which worked fine when I setup the monitor for the Asus router I was using, but doing the tracert gave me the full IPv6 address for the new router.

Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Pfsense - IPv6 TBB monitor not working
« Reply #4 on: June 14, 2018, 04:14:37 PM »

missing key info.

you setup in floating or wan category?

You want to allow icmp for all your ipv6 addresses not just the pfsense box ip, reason is its a requirement for mtu discovery to work properly, either allow all icmp, or these types.

echo reply
echo request -> these 2 for pings, blocking pings isnt really useful security, but harms diagnosing problems
parameter problem
time exceeded
packet too big
destination unreachable

http://ipv6-test.com/ tests icmp connectivity
« Last Edit: June 14, 2018, 04:18:52 PM by Chrysalis »
Logged

Jon21

  • Reg Member
  • ***
  • Posts: 255
Re: Pfsense - IPv6 TBB monitor not working
« Reply #5 on: June 14, 2018, 05:00:52 PM »

It was in the WAN section.

Do I need to do that in floating and LAN?

On ipv6-test.com, I get Filtered for ICMP connectivity
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Pfsense - IPv6 TBB monitor not working
« Reply #6 on: June 15, 2018, 07:59:09 AM »

Then you need to fix your ICMP, you blocking key packets.

My rule is in the WAN section, I have both source and destination set to any, interface as WAN and protocol type as ipv6, I think if you set dual stack you may not be able to select specific ipv6 icmp types as allowed, so make a separate rule for ipv4.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Pfsense - IPv6 TBB monitor not working
« Reply #7 on: June 15, 2018, 12:00:18 PM »

It just hit me, you may need to adjust your client machine to allow the ICMP packets, I just remembered on windows 8 I had to make a custom rule to allow the packets inbound from WAN.  I dont know if Windows 10 uses sensible defaults, but Windows 8 (and probably 7) does not.

Linux client machines wont have this problem as they allow icmp by default.  ICMP is more important on ipv6 than ipv4.

Anyone on a PPPoE 1492 MTU line really wants this working properly.
« Last Edit: June 15, 2018, 12:03:44 PM by Chrysalis »
Logged

Jon21

  • Reg Member
  • ***
  • Posts: 255
Re: Pfsense - IPv6 TBB monitor not working
« Reply #8 on: June 15, 2018, 12:48:36 PM »

Thanks Chrysalis, just done that and it now shows as "Reachable" on ipv6-test.com.
Logged

Jon21

  • Reg Member
  • ***
  • Posts: 255
Re: Pfsense - IPv6 TBB monitor not working
« Reply #9 on: September 17, 2018, 08:08:13 PM »

Is the IPv6 address that AAISP provide, static? The only reason I ask is that from 16:15 to 19:15, there was issue with IPv6 on e.gormless. Since then, the IPv6 TBB monitor has stopped, so guessing it isn’t? Currently at work so can’t check.



Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Pfsense - IPv6 TBB monitor not working
« Reply #10 on: September 17, 2018, 08:09:31 PM »

It is static.
Logged

Jon21

  • Reg Member
  • ***
  • Posts: 255
Re: Pfsense - IPv6 TBB monitor not working
« Reply #11 on: September 17, 2018, 08:41:44 PM »

It is static.
Thanks, perhaps the router just needs a restart.

Edit: Restart of router has sorted it.
« Last Edit: September 17, 2018, 11:30:09 PM by Jon21 »
Logged