IPv6 connection problems

teisho

Member

Reaction score: 2
Messages: 22

Hi,

I have a problem with two FreeBSD (12.1-RELEASE, 11.3-RELEASE) installations.

After a couple of hours they lose their IPv6 connection. If I then try to establish a connection or simply ping them, it takes a very long time until a connection is re-established.
My hosting provider claims it is FreeBSD's fault. Maybe one of you has an idea. For years the configurations worked without any problems.

I use PF as firewall, but disabling it doesn't help.
Additionally I tried to set the ndp manually, also without success.
Code:
static_ndp_pairs="gw"
static_ndp_gw="fe80::1%vtnet0 00:00:5e:00:02:02"
Code:
# IPv4 #
ifconfig_vtnet0="inet 92.xx.xx.xx netmask 255.255.252.0"
defaultrouter="92.xx.xx.1"

cloned_interfaces="lo1"
ifconfig_lo1="inet 172.16.1.1 netmask 255.255.255.0"

# IPv6 #
ifconfig_vtnet0_ipv6="inet6 2a03:xxx:xxx:xxx::1 prefixlen 64"
ifconfig_vtnet0_alias0="inet6 2a03:xxx:xxx:xxx::23 prefixlen 64"
ipv6_defaultrouter="fe80::1%vtnet0"
Code:
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            92.xx.xx.1         UGS      vtnet0
92.xx.xx.0/22      link#1             U        vtnet0
92.xx.xx.xx       link#1             UHS         lo0
127.0.0.1          link#2             UH          lo0
172.16.1.1         link#3             UH          lo1

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
default                           fe80::1%vtnet0                UGS      vtnet0
::1                               link#2                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
2a03:xxx:xxx:xxx::/64             link#1                        U        vtnet0
2a03:xxx:xxx:xxx::1               link#1                        UHS         lo0
2a03:xxx:xxx:xxx::23              link#1                        UHS         lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%vtnet0/64                  link#1                        U        vtnet0
fe80::xxx:xxx:xxx:xxxx%vtnet0  link#1                        UHS         lo0
fe80::%lo0/64                     link#2                        U           lo0
fe80::1%lo0                       link#2                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,488
Messages: 32,562

I use PF as firewall
Do you have rules for IPv6? Did you allow various ICMPv6? You need those for the NDP to work. This has a lot of information about the things you need to allow: https://tanzu.vmware.com/content/blog/a-barebones-pf-ipv6-firewall-ruleset

For years the configurations worked without any problems.
Then I don't really see why FreeBSD would suddenly be at fault here. I have several systems running IPv6 for many years now. I never had issues with it (only when I made the mistakes myself).
 
OP
OP
teisho

teisho

Member

Reaction score: 2
Messages: 22

Do you have rules for IPv6? Did you allow various ICMPv6? You need those for the NDP to work. This has a lot of information about the things you need to allow: https://tanzu.vmware.com/content/blog/a-barebones-pf-ipv6-firewall-ruleset
Yes I have rules for v6. I allow echoreq, routersol, routeradv, neighbradv, neighbrsol.

Then I don't really see why FreeBSD would suddenly be at fault here. I have several systems running IPv6 for many years now. I never had issues with it (only when I made the mistakes myself).
Yes absolutely. In my opinion it's my provider's fault. But I want to be sure before migrating to another one.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,488
Messages: 32,562

You can try capturing the ICMPv6 exchange with tcpdump(1) to see if that provides any more clues. Did they provide any more information? Or was it just "we don't want to look, so we're just going to blame it on ${RANDOM_EXCUSE}"?
 
OP
OP
teisho

teisho

Member

Reaction score: 2
Messages: 22

They said, they tried it with their own rescue/Linux image and had no problems with IPv6.
 
Top