From owner-freebsd-questions@freebsd.org Fri Jul 10 17:22:06 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 38EE136E279 for ; Fri, 10 Jul 2020 17:22:06 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-qk1-x742.google.com (mail-qk1-x742.google.com [IPv6:2607:f8b0:4864:20::742]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B3Kbd396Pz4sCS for ; Fri, 10 Jul 2020 17:22:05 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-qk1-x742.google.com with SMTP id 80so6005081qko.7 for ; Fri, 10 Jul 2020 10:22:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=V5odX8Fq+b2XXxQ5irkkvcar3sncH9T9G4gHaVz/bGw=; b=iw7qRBzxyqG4vQrahU9AI9KrW5OGOdlAhzSUAqK1hZ+n6vl3TbBDl9OMSuQsk8i4ca B9Cr5+8E8ZGKi//ibYa3ibkSoY06Pg5G+alOaBd7WB3bezOD6pEuJ+VMdT8oBf3YcTka cRldDZ2xAMuWWKVlDN9iiJ44wuwLvDx1m2B1ouCS3O5vtXT+RbFbcJnWibSTdaPBJ/bF k2hDR8VnWOfb1mZYJ0f1bXrkdqlQvVFIvQp4gFzRuEfz+xDZWuQcH6UGSZtz4zbil2t+ fo9n7N1WDgAgJOkBYp6KH9F3agHWvKNQe6jBEpr72W5ftyGN9t1nUdCYSRpgYXOMFp2X CA7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=V5odX8Fq+b2XXxQ5irkkvcar3sncH9T9G4gHaVz/bGw=; b=szdvgboiaEG9sA93EHsWQT+wiYMRWGPS2ERQzMz0uJCqtcF2gL1ZkY7EU4qeJsgrdJ yDtAtM2QR/A1LuycpQmN0MkRuAGmD4dQ7tuVr0WkKAUOpSxrbWmgDW09zRIKHtjC5wGo dCpXlISk9gnX0j7O92u5sw0ALr7J5wk+lRVO81/IP0N0p9TIZyFsIUuYROz6PbtEjhe+ qLrRQbleh/dJ2ZMTMGuFOgA6DHPQ5fQLPDOMweR+vCrRuBSR25RbPP0a5StPqfKquljb UvzNhwKgccIViGXuLYTluTqIS8sI/8/1c/tM0BOQIFNHzuqgZn39yu4w4myPcxcVVPfu VX2w== X-Gm-Message-State: AOAM533qs4ys6PtqwCuR/8kHnBSKdpgerG2fYi2emLGywhz4WUjCcKcV 0n531xY9RYxa4d/M7XJyd5g= X-Google-Smtp-Source: ABdhPJxEoCVlqAkim2UkoGSu2xChUS1tCYh1JFJjSBFvGEjSuJ3RDLzScRKHM2cPEFzSnLhqYQijMA== X-Received: by 2002:a37:a458:: with SMTP id n85mr73026467qke.167.1594401724548; Fri, 10 Jul 2020 10:22:04 -0700 (PDT) Received: from [10.0.10.8] (cpe-65-25-51-0.neo.res.rr.com. [65.25.51.0]) by smtp.googlemail.com with ESMTPSA id g1sm9621591qko.70.2020.07.10.10.22.03 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 10 Jul 2020 10:22:03 -0700 (PDT) Message-ID: <5F08A3BA.8060401@gmail.com> Date: Fri, 10 Jul 2020 13:22:02 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Jon Radel CC: freebsd-questions@freebsd.org Subject: Re: trouble setting up ipv6 References: <5F088CAE.2090400@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4B3Kbd396Pz4sCS X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=iw7qRBzx; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of luzar722@gmail.com designates 2607:f8b0:4864:20::742 as permitted sender) smtp.mailfrom=luzar722@gmail.com X-Spamd-Result: default: False [-3.43 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.41)[-0.413]; RECEIVED_SPAMHAUS_PBL(0.00)[65.25.51.0:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.996]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.02)[-1.018]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::742:from]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jul 2020 17:22:06 -0000 Jon Radel wrote: > On 7/10/20 11:43, Ernie Luzar wrote: >> ping6 -c 1 ipv6.google.com >> >> responds with this >> >> ping6: UDP connect: No route to host >> >> >> Any idea why? >> > Leading guess around these parts would be that you don't have IPv6 > configured properly. Does it work for anything? > > To narrow it down a bit to something useful, why don't you do the usual > steps, such as sharing your network configuration and current IPv6 > routing table, the results of pinging your IPv6 gateway, etc., etc. > > rc.conf ifconfig_vtnet0="DHCP" ifconfig_vtnet0_ipv6="inet6 accept_rtadv" gateway_enable="YES" ipv6_gateway_enable="YES" :/etc#ifconfig -a vtnet0: flags=8843 metric 0 mtu options=6c07bb ether f2:3c:92:bc:54:37 inet6 fe80::f03c:92ff:febc:5437%vtnet0 prefixlen 64 scopeid 0x1 inet6 2600:3c02::f03c:92ff:febc:5437 prefixlen 64 autoconf inet xxx.xxx.33.221 netmask 0xffffff00 broadcast xx.x.xx.xx media: Ethernet 10Gbase-T status: active nd6 options=23 :/etc#netstat -nr6 Routing tables Internet6: Destination Gateway Flags Netif Expire ::/96 ::1 UGRS lo0 ::1 link#2 UH lo0 ::ffff:0.0.0.0/96 ::1 UGRS lo0 2600:3c02::/64 link#1 U vtnet0 2600:3c02::f03c:92ff:febc:1 link#3 UHS lo0 2600:3c02::f03c:92ff:febc:5437 link#1 UHS lo0 fe80::/10 ::1 UGRS lo0 fe80::%vtnet0/64 link#1 U vtnet0 fe80::f03c:92ff:febc:5437%vtnet0 link#1 UHS lo0 fe80::%lo0/64 link#2 U lo0 fe80::1%lo0 link#2 UHS lo0 fe80::%epair0a/64 link#4 U epair0a fe80::ad:7fff:fe8d:820a%epair0a link UHS lo0 fe80::%epair1a/64 link#5 U epair1a fe80::c0:11ff:fee6:990a%epair1a link#5 UHS lo0 ff02::/16 ::1 UGRS lo0 ipf.rules # There is fixed bug about ipv6 and keep state not working together # This fixed bug is not included in 12.1. # No rules with ipv6 and keep state allowed at this time. pass out quick inet6 proto icmp6 from any to any # Allow out access to my ISP's Domain name server (dns). # Get the IP addresses from /etc/resolv.conf file pass out quick on vtnet0 proto tcp from any to any port = 53 flags S keep state pass out quick on vtnet0 proto udp from any to any port = 53 keep state # Allow access to ISP's specified DHCP server pass out quick on vtnet0 proto udp from any to any port = 67 keep state # Allow out all pings (icmp) to public Internet pass out quick on vtnet0 proto icmp from any to any keep state # Block and log everything that's trying to get out. # This rule enforces the block all by default logic. block out log quick on vtnet0 all # allow in ISP dhcp traffic pass in quick on vtnet0 proto udp from any to any port = 67 keep state # pass in ipv6 pings. no ipv6 with keep state option allowed pass in log quick proto icmp6 all # Block and log all remaining traffic coming into the firewall. # This rule enforces the block all by default logic. block in log quick on vtnet0 all Anything else you want to see post the commands to use.