Hello expert,
I'am a newbie to pfsense, and I build multiwan using pfsense, i use mikrotik as router ISP 1 and ISP 2, and on pfsense I use ipv6 link local address between router ISP and router pfsense, but to my client configure static ipv6 global, I configure assisted router advertisement on lan interface and My client gets ipv6, my client can ping to LAN Interface but cannot ping to WAN Interface.
does anyone know where the fault is?

Why would you think a you would be able to ping a link local address that is in another L2?

No you can not ping link local address that are not in the same L2 network..  Why they are called link "local" ;)

Are you meaning that your lan device can not ping your wan global IPv6 address?  If so what are the rules on your lan interface?

yes, i can not ping to ipv6 global, because ipv6 is global installed in mikrotik router, and between mikrotik router and pfsense i only use local address, i also have not added rules on LAN interface?
what rules should I add? ;D

As Jon mentioned, link local traffic is only on the local link  It is never passed through routers, which is what has to happen, if you try to ping the WAN interface.  If there's a router, which pfSense is, in between you and the destination, you must use a routeable address, either global or unique local.

If you want a device to talk to a global address it needs a global address.  While in theory you can talk from a linklocal to a global if they are in the same L2.  That is not your case, and even so the device with the linklocal traffic would not be able to be passed beyond that L2 without having an address that can route past the L2.. So JKnott mentions it could be ULA, which you can route internally - it would not be viable on the actual public internet.

Your pfsense doesn't actually have to have a global on the L2 between it and the router.  If though it should!!!  But your client will have to have one if you want to be able to talk to stuff via that linklocal transit your using upstream of pfsense.  Your upstream will have to know that to get to this global behind pfsense that it sends traffic to the pfsense linklocal on its wan.

You would have to create your routes using your linklocal transit..  In such a case I would grab a /64 out of the larger prefix you use and use it as the transit..  For your routing entries. But sure it is possible to do such routing with linklocal, or use a ULA as your transit IP scheme, etc.

This is not really the sort of config for a newbie to networking in general, nor someone that is not fully up to speed on IPv6.. IPv6 is way more than just a longer IP address ;)


