# IPv6 connection problems



## teisho (Mar 18, 2020)

Hi,

I have a problem with two FreeBSD (12.1-RELEASE, 11.3-RELEASE) installations.

After a couple of hours they lose their IPv6 connection. If I then try to establish a connection or simply ping them, it takes a very long time until a connection is re-established.
My hosting provider claims it is FreeBSD's fault. Maybe one of you has an idea. For years the configurations worked without any problems.

I use PF as firewall, but disabling it doesn't help.
Additionally I tried to set the ndp manually, also without success.

```
static_ndp_pairs="gw"
static_ndp_gw="fe80::1%vtnet0 00:00:5e:00:02:02"
```


```
# IPv4 #
ifconfig_vtnet0="inet 92.xx.xx.xx netmask 255.255.252.0"
defaultrouter="92.xx.xx.1"

cloned_interfaces="lo1"
ifconfig_lo1="inet 172.16.1.1 netmask 255.255.255.0"

# IPv6 #
ifconfig_vtnet0_ipv6="inet6 2a03:xxx:xxx:xxx::1 prefixlen 64"
ifconfig_vtnet0_alias0="inet6 2a03:xxx:xxx:xxx::23 prefixlen 64"
ipv6_defaultrouter="fe80::1%vtnet0"
```


```
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            92.xx.xx.1         UGS      vtnet0
92.xx.xx.0/22      link#1             U        vtnet0
92.xx.xx.xx       link#1             UHS         lo0
127.0.0.1          link#2             UH          lo0
172.16.1.1         link#3             UH          lo1

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
default                           fe80::1%vtnet0                UGS      vtnet0
::1                               link#2                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
2a03:xxx:xxx:xxx::/64             link#1                        U        vtnet0
2a03:xxx:xxx:xxx::1               link#1                        UHS         lo0
2a03:xxx:xxx:xxx::23              link#1                        UHS         lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%vtnet0/64                  link#1                        U        vtnet0
fe80::xxx:xxx:xxx:xxxx%vtnet0  link#1                        UHS         lo0
fe80::%lo0/64                     link#2                        U           lo0
fe80::1%lo0                       link#2                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0
```


----------



## SirDice (Mar 18, 2020)

teisho said:


> I use PF as firewall


Do you have rules for IPv6? Did you allow various ICMPv6? You need those for the NDP to work. This has a lot of information about the things you need to allow: https://tanzu.vmware.com/content/blog/a-barebones-pf-ipv6-firewall-ruleset



teisho said:


> For years the configurations worked without any problems.


Then I don't really see why FreeBSD would suddenly be at fault here. I have several systems running IPv6 for many years now. I never had issues with it (only when I made the mistakes myself).


----------



## teisho (Mar 18, 2020)

SirDice said:


> Do you have rules for IPv6? Did you allow various ICMPv6? You need those for the NDP to work. This has a lot of information about the things you need to allow: https://tanzu.vmware.com/content/blog/a-barebones-pf-ipv6-firewall-ruleset


Yes I have rules for v6. I allow echoreq, routersol, routeradv, neighbradv, neighbrsol.



SirDice said:


> Then I don't really see why FreeBSD would suddenly be at fault here. I have several systems running IPv6 for many years now. I never had issues with it (only when I made the mistakes myself).


Yes absolutely. In my opinion it's my provider's fault. But I want to be sure before migrating to another one.


----------



## SirDice (Mar 18, 2020)

You can try capturing the ICMPv6 exchange with tcpdump(1) to see if that provides any more clues. Did they provide any more information? Or was it just "we don't want to look, so we're just going to blame it on ${RANDOM_EXCUSE}"?


----------



## teisho (Mar 18, 2020)

They said, they tried it with their own rescue/Linux image and had no problems with IPv6.


----------

