After a recent security update reboot I noticed that my internal clients could not longer use IPv6. I've been using FreeBSD as an IPv6 gateway for a long time using dhcp6c and rtadvd:
A Windows host inside the network is configured with 2601:681:8300:127f:407b:807:40ab:7652. And when I run ping I get the following response:
Monitoring from my FreeBSD gateway, I captured the outbound request, the inbound reply and my gateway responding in the following manner:
The IPv6 address of my FreeBSD firewall is 2001:558:6008:1e:d07c:4d9f:d0d2:9393 and it can ping and reach other IPv6 addresses on the Internet without any problems. I am not sure why it is responding in this manner for internal IPv6 addresses.
Code:
Relevant rc.conf entries:
ipv6_gateway_enable="YES"
ipv6_cpe_wanif="re0"
ipv6_activate_all_interfaces="YES"
# External interface
ifconfig_re0_ipv6="inet6 accept_rtadv"
# Internal interface
ifconfig_em0_ipv6="inet6 -accept_rtadv"
# Enabled services
dhcp6c_enable="YES"
dhcp6c_interfaces="re0"
dhcpd_enable="YES"
dhcpd_ifaces="em0"
rtadvd_enable="YES"
rtadvd_interfaces="em0"
Code:
cat /usr/local/etc/dhcp6c.conf
interface re0 {
send rapid-commit; # Request two step DCHP exchange instead of the usual four step method
request domain-name-servers; # Request DNS servers
send ia-na 1; # Request an Identity Association for Non-temporary Addresses (IA-NA)
send ia-pd 1; # Request an Identity Association for Prefix Delegation (IA-PD)
};
id-assoc na 1 {
};
id-assoc pd 1 {
# This is the largest prefix you can request from Comcast (16 subnets)
# prefix ::/60 infinity;
prefix-interface em0 {
sla-id 0; # Defines the subnet id. For Comcast it could be 0 through f.
# Defines smallest IPv6 prefix size (/64) minus the prefix size the ISP
# assigns us. For Comcast it could be up to four (/64 - /60)
sla-len 0;
# In WIDE-DHCP this would assign a specific IPv6 address to em1
# i.e. [prefix][sla][ifid]
# ifid 1;
};
};
Code:
cat /etc/rtadvd.conf
em0:\
:raflags="mo"
A Windows host inside the network is configured with 2601:681:8300:127f:407b:807:40ab:7652. And when I run ping I get the following response:
Code:
C:\Users\KernelPanic>ping -6 www.google.com
Pinging www.google.com [2607:f8b0:4025:811::2004] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Monitoring from my FreeBSD gateway, I captured the outbound request, the inbound reply and my gateway responding in the following manner:
Code:
08:09:23.018682 IP6 2601:681:8300:127f:407b:807:40ab:7652 > 2607:f8b0:4025:811::2004: ICMP6, echo request, seq 17, length 40
08:09:23.032038 IP6 2607:f8b0:4025:811::2004 > 2601:681:8300:127f:407b:807:40ab:7652: ICMP6, echo reply, seq 17, length 40
08:09:26.071485 IP6 2001:558:6008:1e:d07c:4d9f:d0d2:9393 > 2607:f8b0:4025:811::2004: ICMP6, destination unreachable, unreachable address 2601:681:8300:127f:407b:807:40ab:7652, length 88
...
08:09:32.699523 IP6 2601:681:8300:127f:407b:807:40ab:7652 > 2607:f8b0:4025:811::2004: ICMP6, echo request, seq 19, length 40
08:09:32.707598 IP6 2607:f8b0:4025:811::2004 > 2601:681:8300:127f:407b:807:40ab:7652: ICMP6, echo reply, seq 19, length 40
08:09:35.707224 IP6 2001:558:6008:1e:d07c:4d9f:d0d2:9393 > 2607:f8b0:4025:811::2004: ICMP6, destination unreachable, unreachable address 2601:681:8300:127f:407b:807:40ab:7652, length 88
The IPv6 address of my FreeBSD firewall is 2001:558:6008:1e:d07c:4d9f:d0d2:9393 and it can ping and reach other IPv6 addresses on the Internet without any problems. I am not sure why it is responding in this manner for internal IPv6 addresses.
Code:
netstat -rn
Routing tables
...
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 URS lo0
default fe80::21c:73ff:fe00:99%re0 UG re0
::1 link#3 UHS lo0
::ffff:0.0.0.0/96 ::1 URS lo0
2001:558:1018:800f::/64 link#2 U re0
2001:558:6008:1e:d07c:4d9f:d0d2:9393 link#2 UHS lo0
2601:681:8300:127f::/64 link#1 U em0
2601:681:8300:127f:6a05:caff:fe36:662 link#1 UHS lo0
fd00:0:d:1::/64 link#2 U re0
fd00:0:101:11::/64 link#2 U re0
fe80::/10 ::1 URS lo0
fe80::%em0/64 link#1 U em0
fe80::6a05:caff:fe36:662%em0 link#1 UHS lo0
fe80::%re0/64 link#2 U re0
fe80::76d4:35ff:fe02:8c9b%re0 link#2 UHS lo0
fe80::%lo0/64 link#3 U lo0
fe80::1%lo0 link#3 UHS lo0
ff02::/16 ::1 URS lo0