Netgate SG-1000 microFirewall

Author Topic: WAN and LAN IPv6  (Read 831 times)

0 Members and 1 Guest are viewing this topic.

Offline pvexed

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: WAN and LAN IPv6
« Reply #30 on: November 30, 2017, 04:48:29 am »
Try this ping this address and see what you get.

2001:41c1:4008::bbc:1

Same thing, ping reports <1ms and tracert shows it stopping at my static LAN IP, 1 hop only.

A traceroute from Diagnotics -> Traceroute on pfSense with source address set as LAN works correctly, with the first hop being my ISP's fe80 link-local gateway.  So it's only traffic from actual LAN clients which seems to be affected.

marjohh

  • Guest
Re: WAN and LAN IPv6
« Reply #31 on: November 30, 2017, 04:53:10 am »
OK, got you, I misunderstood, I thought your LAN clients were pinging OK.

Right we are making progress. So you have a default pass out rule for the LAN, it should have been automatically created for you. LAN Net to Any, is  that there?

Offline pvexed

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: WAN and LAN IPv6
« Reply #32 on: November 30, 2017, 04:54:41 am »
OK, got you, I misunderstood, I thought your LAN clients were pinging OK.

Right we are making progress. So you have a default pass out rule for the LAN, it should have been automatically created for you. LAN Net to Any, is  that there?

Yes it's there, and been doing some more testing my end - this issue might be client specific.

On Linux, it's not an issue at all, traceroute and ping both work normally, including traceroute using ICMP.

On Windows, tracert and ping are not working as expected (but this could be down to other software on the machine).

On Android, I am using PingTools Pro.  In ICMP mode, traceroute works as expected, in UDP mode it doesn't seem to work properly.  Pings do work as expected though.

Offline pvexed

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: WAN and LAN IPv6
« Reply #33 on: November 30, 2017, 05:15:06 am »
Yeah it seems like the 1ms ping thing is a Kaspersky issue.  It was difficult to find but I found some references to others experiencing the issue and it's a bug in their network filtering driver.  So perhaps this issue is solved then.

https://forum.kaspersky.com/index.php?/topic/374028-kes-10-sp2-icmpv6-issue/&

marjohh

  • Guest
Re: WAN and LAN IPv6
« Reply #34 on: November 30, 2017, 06:33:03 am »
 :) Yes, well - Kaspersky... Hmm

Not allowed near any of my machines.

Apart from the fact they may or may not be in leagues with the Kremlin I have always found it slows my machines down.

I use Webroot, never have an issue.

Offline pvexed

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: WAN and LAN IPv6
« Reply #35 on: November 30, 2017, 09:19:38 am »
:) Yes, well - Kaspersky... Hmm

Not allowed near any of my machines.

Apart from the fact they may or may not be in leagues with the Kremlin I have always found it slows my machines down.

I use Webroot, never have an issue.

Well either way, thanks for your help man - wouldn't have been able to do it without you.  I think the issue is pretty much sorted now.