Solved FreeBSD IPv6 basics

Solution

Page three, <https://forums.FreeBSD.org/threads/80878/post-517620>

Original opening post


Originally, for me, Firefox reported "Hmm. Were having trouble finding that site. We can't connect to the server at beefy3.nyi.freebsd.org. …"

… f5 …

No change.

I think this is IPv6 only.

My /etc/rc.conf now includes these lines:

Code:
ipv6_activate_all_interfaces="YES"
ip6addrctl_enable="YES"
ip6addrctl_policy="AUTO"

ifconfig_em0="DHCP" 
ifconfig_em0_ipv6="DHCP"

I don't know how to interpret IPv6 addresses (never had to think about it before) but I assume that I do now have an IPv6 address:

Code:
root@mowa219-gjp4-8570p:~ # ifconfig em0
em0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=481249b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER,NOMAP>
        ether ⋯
        inet6 ⋯::⋯:⋯:⋯:⋯%em0 prefixlen 64 scopeid 0x1
        inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
root@mowa219-gjp4-8570p:~ #

Firefox presents a slightly different message:

1623632325159.png


Pinging the IPv6 address that was suggested at <https://serverfault.com/a/513945/91969>:

Code:
root@mowa219-gjp4-8570p:~ # ping6 2620:fe::fe
ping6: UDP connect: No route to host
root@mowa219-gjp4-8570p:~ #

How can I get a route?

Does my rc.conf contain too much, or too little?

There's no mention of IPv6 at <https://docs.freebsd.org/en/books/handbook/config/#config-network-setup> and I struggle to understand network-related manual pages; I don't want to be a network expert.

I need a simple recipe.
 
Last edited:
I've also run into FreeBSD (and RH based Linux distributions), suddenly having ipv6 fail to work. I think that my ISP, Spectrum, changed something, because it used to work fine. One thing that's gotten me a little further, probably also from SirDice, or at least a thread where he was helping, was adding
Code:
ipv6_defaultrouter="fe80::1%re0"
Like you, I've never had to think about it before. Before adding that line I was just getting no connection to network or similar, now at least I get, if I try, for example, ping6 www.google.com (or ping ipv6.google.com)
I now get a message that it's pinging, though nothing gets outside the LAN.

Ipv6 definitely still works on the network, non RH based distributions, and one Fedora Workstation that uses NetworkManager, all are able to use it without problem. So, I don't have a solution for you, but at work, (I work for a datacenter, so in a way, an ISP), ipv6 works with nothing more than the line
Code:
ifconfig_em0_ipv6="inet6 accept_rtadv"

Seems to be the latest handbook writeup on it.
Didn't work for me, but section 32.9.2 gives the instructions for /etc/rc.conf.

Good luck, I'm hoping you solve it and it works for me.
 
Netcraft report, if you guys want that: https://sitereport.netcraft.com/?url=http://beefy3.nyi.freebsd.org

Netcraft is not reporting an IPv4 address, only IPv6...

Most ISP's support IPv6 by now... but public hotspots do not have IPv6 turned on for their Access Points. If I connect to an AP that does not have IPv6 turned on, the only way to reach an IPv6-only site is via a tunneling service like Hurricane Electric.

Seems like grahamperrin 's AP does not have IPv6 turned on. And to solve that, it may take switching to a different plan that specifically mentions IPv6 support.

FreeBSD has a perfectly workable IPv6 implementation, but for troubleshooting a network connection, you gotta look beyond localhost.

For IPv6, no such thing as dhclient, but stateless router solicitation.
 
… at work, (I work for a datacenter, so in a way, an ISP), ipv6 works with nothing more than the line
Code:
ifconfig_em0_ipv6="inet6 accept_rtadv"

Testing with that line alone enabled:

Code:
# ipv6_gateway_enable="YES"
# ipv6_activate_all_interfaces="YES"
# ip6addrctl_enable="YES"
# ip6addrctl_policy="AUTO"
# ifconfig_em0_ipv6="DHCP"
ifconfig_em0_ipv6="inet6 accept_rtadv"
# ipv6_defaultrouter="fe80::1%re0"
ifconfig_em0="DHCP"

Result (abbreviated):

Code:
root@mowa219-gjp4-8570p:~ # date ; freebsd-version ; uname -KU ; service netif restart ; ping6 www.google.com ; service routing restart && ping auth.uim.slcsvc.co.uk
Mon Jun 14 06:07:45 BST 2021
14.0-CURRENT
1400021 1400021
Stopping dhclient.
Waiting for PIDS: 91858.
Stopping Network: lo0 em0 ue0.
lo0: flags=8048<LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        ⋯
em0: flags=8c22<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ⋯
ue0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ⋯
Destroyed wlan(4) interfaces: wlan0.
Created wlan(4) interfaces: wlan0.
Starting Network: lo0 em0 ue0.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        ⋯
em0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=481249b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER,NOMAP>
        ether ⋯
        inet6 fe80::⋯:⋯:⋯:7b01%em0 prefixlen 64 scopeid 0x1
        inet6 fd58:⋯:⋯:⋯:⋯:⋯:⋯:7b01 prefixlen 64 autoconf
        inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
ue0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ⋯
ping6: Name does not resolve
delete host 127.0.0.1: gateway lo0
delete host ::1: gateway lo0
delete net fe80::: gateway ::1
delete net ff02::: gateway ::1
delete net ::ffff:0.0.0.0: gateway ::1
delete net ::0.0.0.0: gateway ::1
add host 127.0.0.1: gateway lo0
add host ::1: gateway lo0
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
ping: Unknown host
root@mowa219-gjp4-8570p:~ # ping auth.uim.slcsvc.co.uk
PING auth.uim.slcsvc.co.uk (99.84.15.106): 56 data bytes
64 bytes from 99.84.15.106: icmp_seq=0 ttl=223 time=7.085 ms
64 bytes from 99.84.15.106: icmp_seq=1 ttl=223 time=7.112 ms
^C
--- auth.uim.slcsvc.co.uk ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 7.085/7.098/7.112/0.014 ms
root@mowa219-gjp4-8570p:~ # ping6 2620:fe::fe
ping6: UDP connect: No route to host
root@mowa219-gjp4-8570p:~ #
 
Adding ipv6_defaultrouter to the mix:

Code:
# ipv6_gateway_enable="YES"
# ipv6_activate_all_interfaces="YES"
# ip6addrctl_enable="YES"
# ip6addrctl_policy="AUTO"
# ifconfig_em0_ipv6="DHCP"
ifconfig_em0_ipv6="inet6 accept_rtadv"
ipv6_defaultrouter="fe80::1%re0"
ifconfig_em0="DHCP"

Result – includes route: fe80::1%re0: Name does not resolve:

Code:
root@mowa219-gjp4-8570p:~ # date ; freebsd-version ; uname -KU ; service netif restart ; ping6 www.google.com ; service routing restart && ping auth.uim.slcsvc.co.uk
Mon Jun 14 06:16:31 BST 2021
14.0-CURRENT
1400021 1400021
Stopping dhclient.
Waiting for PIDS: 92377.
Stopping Network: lo0 em0 ue0.
lo0: flags=8048<LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        ⋯
em0: flags=8c22<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
       ⋯
ue0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ⋯
Destroyed wlan(4) interfaces: wlan0.
Created wlan(4) interfaces: wlan0.
Starting Network: lo0 em0 ue0.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        ⋯
em0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=481249b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER,NOMAP>
        ether ⋯
        inet6 fe80::⋯:⋯:⋯:7b01%em0 prefixlen 64 scopeid 0x1
        inet6 fd58:⋯:⋯:⋯:⋯:⋯:⋯:7b01 prefixlen 64 autoconf
        inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
ue0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ⋯
ping6: Name does not resolve
delete host 127.0.0.1: gateway lo0
delete host ::1: gateway lo0
delete net fe80::: gateway ::1
delete net ff02::: gateway ::1
delete net ::ffff:0.0.0.0: gateway ::1
delete net ::0.0.0.0: gateway ::1
route: fe80::1%re0: Name does not resolve
add host 127.0.0.1: gateway lo0
add host ::1: gateway lo0
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
route: fe80::1%re0: Name does not resolve
ping: Unknown host
root@mowa219-gjp4-8570p:~ # ping auth.uim.slcsvc.co.uk
PING auth.uim.slcsvc.co.uk (99.84.15.106): 56 data bytes
64 bytes from 99.84.15.106: icmp_seq=0 ttl=223 time=6.987 ms
64 bytes from 99.84.15.106: icmp_seq=1 ttl=223 time=6.996 ms
64 bytes from 99.84.15.106: icmp_seq=2 ttl=223 time=7.235 ms
^C
--- auth.uim.slcsvc.co.uk ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 6.987/7.073/7.235/0.115 ms
root@mowa219-gjp4-8570p:~ # ping6 2620:fe::fe
ping6: UDP connect: No route to host
root@mowa219-gjp4-8570p:~ #
 
For (insecure) http://beefy3.nyi.freebsd.org:


For https://beefy3.nyi.freebsd.org:

<https://sitereport.netcraft.com/?url=https://beefy3.nyi.freebsd.org> – much the same, it's detectably titled Poudriere Index.

Incidentally (off-topic): with Firefox 89 in safe mode, visiting http://beefy3.nyi.freebsd.org/ immediately progresses to https://beefy3.nyi.freebsd.org/ before reporting the inability to connect. I guess this is a feature of Firefox, automatically trying a secure URL if it can not connect to the insecure variant (something like that).

Falkon and Konqueror show the insecure URL after not finding the server at the insecure URL.

Chromium, given insecure http://beefy3.nyi.freebsd.org/, shows beefy3.nyi.freebsd.org (hiding the http://) and ERR_NAME_NOT_RESOLVED. Given contactable http://neverssl.com/ it presents Not secure neverssl.com

I cannot connect to the link …

<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256537#c3> Philip Paeps (FreeBSD Foundation) wrote:

… there is no public (or even developer) access to the beefy* and ampere* machines, …

When things become certain here, I might add a comment there.
 
… Didn't work for me, but section 32.9.2 gives the instructions for /etc/rc.conf.

Good luck, …

Now:

Code:
rtsold_enable="YES"
ifconfig_em0_ipv6="inet6 accept_rtadv"
ifconfig_em0="DHCP"

Result:

Code:
root@mowa219-gjp4-8570p:~ # resolvconf -u
root@mowa219-gjp4-8570p:~ # slowcat --bps 1200 /etc/resolv.conf
# Generated by resolvconf
search lan
nameserver 192.168.1.1

root@mowa219-gjp4-8570p:~ # service rtsold status
rtsold is running as pid 3825.
root@mowa219-gjp4-8570p:~ # ping6 2620:fe::fe
ping6: UDP connect: No route to host
root@mowa219-gjp4-8570p:~ # ping6 www.google.com
ping6: UDP connect: No route to host
root@mowa219-gjp4-8570p:~ # ping ipv6.google.com
ping: UDP connect: No route to host
root@mowa219-gjp4-8570p:~ # ping www.google.com
PING www.google.com (142.250.178.4): 56 data bytes
64 bytes from 142.250.178.4: icmp_seq=0 ttl=118 time=6.716 ms
64 bytes from 142.250.178.4: icmp_seq=1 ttl=118 time=6.848 ms
^C
--- www.google.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 6.716/6.782/6.848/0.066 ms
root@mowa219-gjp4-8570p:~ # route show www.google.com
   route to: lhr48s27-in-f4.1e100.net
destination: default
       mask: default
    gateway: 192.168.1.1
        fib: 0
  interface: em0
      flags: <UP,GATEWAY,DONE,STATIC>
 recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
       0         0         0         0      1500         1         0
root@mowa219-gjp4-8570p:~ # route show ipv6.google.com
route: bad address: ipv6.google.com
root@mowa219-gjp4-8570p:~ #
 
Regarding DHCPv6: The preferred method for auto-configuring addresses in IPv6 networks is the stateless SLAAC, DHCPv6 is an optional alternative. You can use it (I do in my local network), but have to do some configuration. For a client using both DHCP and DHCPv6, there's net/dual-dhclient as a simple workaround to start both dhcp clients on an interface with something like this in /etc/rc.conf:
Code:
dhclient_program="/usr/local/sbin/dual-dhclient"
ifconfig_[if]="DHCP"
For auto-configuring routing on clients, you still want to accept router advertisements and probably use rtsold(8) to query for them.
 
Still, without a global IPv6 address (range) you won't be able to connect to IPv6 internet sites.

If your ISP doesn't provide a range you can sign up for a free range with http://he.net for example. My ISP only supports IPv6 if I put my modem in router mode, not in bridge mode. So I'm stuck with a tunnel broker too.
 
Re Linux and ipv6, I have a tower with Almalinux, which is an RHEL8 clone. IP done by NetworkManager. That doesn't work, pinging a non-local ipv6 address gives me beyond scope of network message. On a laptop, with a few different versions of Linux, I find that the ones using NetworkManager work without configuration, including Fedora. The ones using iwd also work without any further configuration, save to add a couple of lines in the iwd config file. With these, Arch, Void, and Fedora, Fedora is the only one that doesn't work. So I have found that Linux results vary.
The FreeBSD machine only shows an fe80 ipv6 address, but on the Linux installs that work, they're able to get a global address and give a message, that it's soliciting a dhcp6 address. I'm not sure what is done differently.

BUT--just read Zirias's post and I thought I'd tried dual-dhcp before, but wasn't sure. So, gave it a try and sure enough, it worked. The only problem is that I have a static ip4 address on my lan, and as this was a quick try, in the middle of writing this post, I haven't yet looked into just making it use ipv6. But anyway, that seems to solve it on FreeBSD for me, using dual-dhcp to get an ipv6 address. It gives me a global ipv6 address. beginning with 2603


EDIT: https://subatomicsolutions.org/8-freebsd/13-ipv4-ipv6-client-addresses-via-dhcp has some useful information on dual-dhclient, including finding a man page by using man -M /usr/local/man/ dhclient. However, they show using the option -6 but I'm getting a message that that's an illegal option. The man page is really for isc-dhcp44-client, but I was hoping that -6 would have worked. I'm sure there's a way that I haven't figured yet.
 
<https://downforeveryoneorjustme.com/beefy3.nyi.freebsd.org> also reports that it's just me.



IPv6 DHCP server preferences are untouched:

View attachment 10174

I have a IPv4 DHCP reservation, but I don't imagine that affecting my ability to get a route to an IPv6 address.
Which clearly means it's your ISP - either your plan does not include IPv6 support (and you'll need to switch plans) or Spectrum as a whole is not offering IPv6 support to customers in your tier/group, and you may need to switch to a different ISP. If switching plans or ISP service is not an option, then you're stuck with going through Hurricane Electric for IPv6.

As an aside, this is not a bad time to learn what can be done on your own FreeBSD host for IPv6 config. On localhost, the config is supposed to be mostly automatic, and FreeBSD did a pretty good job with it. Beyond that - IPv6 utilities you can run on your localhost may have different names and different ways of figuring out if a cable has been cut somewhere in Texas, but the basics of network troubleshooting remain the same.
 
Ah, and I figured it out (for my needs). That dhclient -6 command works for /usr/local/sbin/dhclient which is installed along with dual-dhclient. So, I can do it manually, or perhaps put it in an rc.local. So, again, thanks to Zirias for the answer that works for me. I *would* say that I think Spectrum offers ipv6 all over, so if you have a Linux box using NetworkManager running something newer than RHEL8 or its clones, or using iwd for wireless on anything but Fedora, you can give it a try to see. I am sure that Spectrum changed something as FreeBSD used to work without any configuration by me and now I need the extra dhclient programs to get it working.

And in the interests of completeness, I also found that the Almalinux and Fedora that weren't working with ipv6 will work but require a separate dhclient -6 to be run for the interface to get a global ipv6 address.
 
Ah, and I figured it out (for my needs). That dhclient -6 command works for /usr/local/sbin/dhclient which is installed along with dual-dhclient. So, I can do it manually, or perhaps put it in an rc.local. So, again, thanks to Zirias for the answer that works for me. I *would* say that I think Spectrum offers ipv6 all over, so if you have a Linux box using NetworkManager running something newer than RHEL8 or its clones, or using iwd for wireless on anything but Fedora, you can give it a try to see. I am sure that Spectrum changed something as FreeBSD used to work without any configuration by me and now I need the extra dhclient programs to get it working.

And in the interests of completeness, I also found that the Almalinux and Fedora that weren't working with ipv6 will work but require a separate dhclient -6 to be run for the interface to get a global ipv6 address.
Yeah, you can always try # dhclient -6 even if IPv6 is not explicitly mentioned in the plan that the ISP sells. The DHCPv6 server would have to respond and establish the connection. The success (or failure) would depend on whether or not the ISP properly supports IPv6.
Most modern OS'es have had IPv6 support for awhile (per Wikipedia) - Android was a notable holdout in practice. My phone, which is less than 2 years old, cannot reach the beefy3 IPv6-only host, even though my ISP clearly supports IPv6, and the same host can be reached on my laptop.
 
Those are link-local addresses.

Ah. Thanks. How can you tell?

(I did notice that the non-disclosed parts of the first of the two addresses bore resemblance to the non-disclosed MAC address.)

You're going to need to get a global IPv6 address from your ISP.

Again, thanks. This surprises me.

<https://community.talktalk.co.uk/t5...for-residential-customers/idc-p/2778106#M4164>

That's enough for me to mark this topic Solved, with an assumption that the advanced part of the Handbook is part of what's needed for IPv6 basics.

… Spectrum as a whole is not offering IPv6 support to customers in your tier/group …

I never heard of Spectrum, but Google found <https://www.spectrum.net/support/internet/ipv6/>.

Please, how does Spectrum relate to TalkTalk?
 
I think there may have been a misunderstanding. I was mentioning Spectrum, my ISP, here in the US. Maybe some folks thought I was the original poster or were simply answering my posts. It has nothing to do with your ISP, however.

While attempting to clarify things, to tux2bsd FreeBSD also has curl, works the same way as on Linux.

You can tell things are link-local if they begin with fe80, that's similar to that 169.254 address you get on a Windows machine when it can't reach the network. (I'm not familiar with the fd one though). Generally I think a global one is more likely to begin a number like 2603: or something similar. At any rate, the only thing I'm sure of there is that fe80 is a link-local one.
 
… the latest handbook writeup on it.
Didn't work for me, but section 32.9.2 …

From what I could tell, after I left home this morning:
  • what's in the FreeBSD Handbook, for IPv6, caused FreeBSD to cease working with the IPv4 configuration that's required at my workplace.
Re: the first two lines that are currently suggested under <https://docs.freebsd.org/en/books/handbook/advanced-networking/#_configuring_ipv6>, it seems that I need something different:

Code:
ifconfig_rl0_ipv6="inet6 accept_rtadv"
rtsold_enable="NO"

Then I can try service rtsold onestart if ever I find myself in (or virtually in) a network environment that's IPv6-enabled; and remember to service rtsold onestop in environments where the daemon seems to be a problem.
 
… I need a simple recipe.

… If your ISP doesn't provide a range you can sign up for a free range with http://he.net for example. …

Done, and 🏆 Hurricane Electric provides a simple recipe – an example configuration for FreeBSD ≥ 4.4.

Below, the Firefox view of things is mysterious (as if the address was typed but not entered).

Falkon provides a clearer view: the IPv6 address in the status bar, and ERR_INTERNET_DISCONNECTED.

Code:
root@mowa219-gjp4-8570p:~ # service rtsold onestatus
rtsold is running as pid 6220.
root@mowa219-gjp4-8570p:~ # ping6 beefy3.nyi.freebsd.org
PING6(56=40+8+8 bytes) fd58:⋯:⋯:⋯:⋯:⋯:⋯:7b01 --> 2610:1c1:1:6080::16:12
ping6: sendmsg: Network is down
ping6: wrote beefy3.nyi.freebsd.org 16 chars, ret=-1
ping6: sendmsg: Network is down
ping6: wrote beefy3.nyi.freebsd.org 16 chars, ret=-1
^C
--- beefy3.nyi.freebsd.org ping6 statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
root@mowa219-gjp4-8570p:~ #

What next?

1623707689031.png
 
Nothing is needed for the HE tunnel to work. Here are the relevant bits from my rc.conf.

Code:
ifconfig_rl0="DHCP"
cloned_interfaces="vlan1 vlan10"
ifconfig_vlan1="inet 10.0.0.1 netmask 255.255.255.0 vlan 1 vlandev re0"
ifconfig_vlan10="inet 192.168.10.1 netmask 255.255.255.0 vlan 10 vlandev re0"
ifconfig_vlan10_ipv6="inet6 2001:xxxx:xxxx:xxxx::1 prefixlen 64"
rtadvd_enable="YES"

gif_interfaces="gif0"
ifconfig_gif0_ipv6="inet6 2001:xxxx:xxxx:aaaa::2 2001:xxxx:xxxx:aaaa::1 prefixlen 64"
gifconfig_gif0="62.x.x.x 216.y.y.y"

ipv6_defaultrouter="-iface gif0"

Note that you need to use your external IP address in gifconfig_gif0, not your internal address.

/etc/rtadvd.conf
Code:
vlan10:\
        :addr="2001:xxxx:xxxx:xxxx::":prefixlen#64:\
        :rdnss="2001:xxxx:xxxx:xxxx::1":\
        :dnssl="dicelan.home":
SirDice 's answer from 2013, found by Google...
 
Back
Top