Solved ipv6 aliases do not start

ProServ

Active Member

Reaction score: 2
Messages: 107

Hi, /etc/rc.conf has the following IPv6 config:
Code:
ifconfig_em0_ipv6="inet6 accept_rtadv"
ipv6_activate_all_interfaces="YES" (was ="NO" but changed to see if it was needed to be YES)
# rtsold_enable="YES"
ipv6_defaultrouter="xxxx:f938:1001:0000:0000:0000:0000:0001
ifconfig_em0_ipv6="inet6 xxxx:f938:1001::a1 prefixlen 64"
ifconfig_em0_ipv6_alias0="inet6 xxxx:f938:1001::29d3:a750 prefixlen 64"
ifconfig_em0_ipv6_alias1="inet6 xxxx:f938:1001::8a65:7126 prefixlen 64"
but the two IPv6 aliases will not start for some reason
Code:
# ifconfig
.
.
inet6 fe80::215:17ff:fefb:fd44%em0 prefixlen 64 scopeid 0x1
inet6 xxxx:f938:1001::a1 prefixlen 64service netif restart && service routing restart
Ran service netif restart && service routing restart
messages only displays:
Code:
kernel: in6_purgeaddr: err=65, destination address delete failed
kernel: em0: link state changed to DOWN
kernel: em0: link state changed to UP
Any idea what is preventing the two IPv6 aliases from working?

Thanks.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,409
Messages: 29,985

Entries in rc.conf are variables, not commands. These two overrule each other:
Code:
ifconfig_em0_ipv6="inet6 accept_rtadv"
....
ifconfig_em0_ipv6="inet6 xxxx:f938:1001::a1 prefixlen 64"
 
OP
OP
P

ProServ

Active Member

Reaction score: 2
Messages: 107

Hi Sir Dice. Changed the entries in /etc/rc.conf to:
Code:
ifconfig_em0_ipv6="inet6 accept_rtadv"
ipv6_activate_all_interfaces="YES"
ipv6_defaultrouter="xxxx:f938:1001:0000:0000:0000:0000:0001"
ifconfig_em0_ipv6="inet6 xxxx:f938:1001::a1 prefixlen 64"
ifconfig_em0_alias0="inet6 xxxx:f938:1001::29d3:a750/64"
ifconfig_em0_alias1="inet6 xxxx:f938:1001::8a65:7126/64"
ran: # service netif restart && service routing restart

Worked.

Well sort of. apache24 starts now, but cannot ping6 out or in

from the server in question:
Code:
ping6 ipv6.google.com
PING6(56=40+8+8 bytes) xxxx:f938:1001::a1 --> 2607:f8b0:400b:802::200e
^C
--- ipv6.l.google.com ping6 statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,409
Messages: 29,985

Try pinging the default gateway. You probably have the wrong address for it.
 
OP
OP
P

ProServ

Active Member

Reaction score: 2
Messages: 107

Can't ping the gateway router
Code:
# ping6 xxxx:f938:1001::1
PING6(56=40+8+8 bytes) xxxx:f938:1001::a1 --> xxxx:f938:1001::1
^C
--- xxxx:f938:1001::1 ping6 statistics ---
7 packets transmitted, 0 packets received, 100.0% packet loss

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
default                           xxxx:f938:1001::1             UGS         em0
::1                               lo0                           UHS         lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
xxxx:f938:1001::/64               link#1                        U           em0
xxxx:f938:1001::a1                link#1                        UHS         lo0
xxxx:f938:1001::29d3:a750         link#1                        UHS         lo0
xxxx:f938:1001::8a65:7126         link#1                        UHS         lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%em0/64                     link#1                        U           em0
fe80::215:17ff:fefb:fd44%em0      link#1                        UHS         lo0
fe80::%lo0/64                     link#3                        U           lo0
fe80::1%lo0                       link#3                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0
 
OP
OP
P

ProServ

Active Member

Reaction score: 2
Messages: 107

The router has xxxx:f938:1001::1/64 on ether2 (ether2 goes to switch which then goes to all servers behind it).
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,409
Messages: 29,985

Simple conclusion, the address you used for the gateway address is wrong. So you need to find out what the correct address should be.
 
OP
OP
P

ProServ

Active Member

Reaction score: 2
Messages: 107

Hi SirDice,
From another FreeBSD server in same data center can ping gateway:
Code:
# ping6 xxxx:f938:1001::1
PING6(56=40+8+8 bytes) xxxx:f938:1001::642d:10c8 --> 2607:f938:1001::1
16 bytes from xxxx:f938:1001::1, icmp_seq=0 hlim=64 time=1.325 ms

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
default                           xxxx:f938:1001::1             UGS         em0
::1                               link#2                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
xxxx:f938:1001::/64               link#1                        U           em0
xxxx:f938:1001::642d:10c8         link#1                        UHS         lo0
xxxx:f938:1001::9b68:a8f7         link#1                        UHS         lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%em0/64                     link#1                        U           em0
fe80::216:3cff:feac:4ab7%em0      link#1                        UHS         lo0
fe80::%lo0/64                     link#2                        U           lo0
fe80::1%lo0                       link#2                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0
 
OP
OP
P

ProServ

Active Member

Reaction score: 2
Messages: 107

Hi SirDice, from the problematic FreeBSD server traceroute6 fails with:

# traceroute6 2607:f938:1001::1
traceroute6 to 2607:f938:1001::1 (2607:f938:1001::1) from 2607:f938:1001::a1, 64 hops max, 20 byte packets
1 hostname 3014.110 ms !A 3000.967 ms !A 3000.600 ms !A
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,409
Messages: 29,985

Firewall perhaps? Make sure you're allowing various ICMP6 (it's the IPv6 replacement for ARP). If possible run tcpdump(1) on the router, to see if there's anything coming in there. It's a good tool to actually "see" what's going on.
 
OP
OP
P

ProServ

Active Member

Reaction score: 2
Messages: 107

Hi SirDice,
I think the problem is with pf.
Do you happen to know what to put in pf.conf to allow IPv6?

I shutdown pf and now it seems to work:

ping6 xxxx:f938:1001::29d3:a750
PING xxxx:f938:1001::29d3:a750(2607:f938:1001::29d3:a750) 56 data bytes
64 bytes from xxxx:f938:1001::29d3:a750: icmp_seq=1 ttl=54 time=28.5 ms
 
Top