IPv6: Server cannnot ping gateway but gets IP

Mitglied: Siegfried36
I have three servers which should now also get IPv6 connectivity besides the IPv4.
Servers:
1. Pi4 (Raspberry Pi OS)
2. Nextcloud (Debian 10; Nextcloud as snap)
3. Mailserver (Debian 10; mailcow as docker, which also uses IPv6)

They are directly connected to the firewall (up to date pfSense) and reside in their own subnet/VLAN. My plan is to use DCHPv6 so that I can give them a fixed IP, from where I can use DNS and firewall rules.
From my ISP I got /56 subnet via prefix daligation and in my network every subnet gets a /64 chunk of that.
The config of the DHCP-server is for all servers the same and is as follows:
RA-Advertisment -> managed
Range -> from ::d:000 to ::d:ffff

Server 1. - Pi4:
Gets the wanted v6 IP from the firewall (static entry) -> xxxxxxx::d:1. Can ping the firewall and the firewall can ping the host.



Server 2. - Nextcloud:
Gets not the wanted v6 IP from the firewall (static entry) -> xxxxxxx::d:1. I don't know why, but it gets one out of the DHCP range -> ::d:3066 without the static entry. Can ping the firewall and the firewall can ping the host. The server is reachable as wanted.



Server 3. - Mailcow:
Gets not the wanted v6 IP from the firewall (static entry) -> xxxxxxx::d:1. I don't know why, but it gets one out of the DHCP range -> 2a02:8106:26:c206::d:1fd7 without the static entry. Can't ping the firewall

and the firewall can't ping the host. The server is not reachable at all.





Why is server 3 not reachable, as it has the same configurations as server 2? Shouldn't an IPv6 address also be available in the routes?

best regards

Content-Key: 1432568295

Url: https://administrator.pro/contentid/1432568295

Printed on: November 30, 2021 at 10:11 o'clock

Mitglied: Siegfried36
Siegfried36 Oct 26, 2021 at 12:14:53 (UTC)
Goto Top
This is the outpout of


pfsense3
pfsense4

The first and second picture is the fully reachable PI and the Nextcloud host.

pfsense5

The the third is the problematic one. It seems that it don't get/has the default gateway like in the other pictures:default via fe80::ec4:7aff:feac:791a ...(it is the right gateway address)
Mitglied: Siegfried36
Siegfried36 Oct 26, 2021 updated at 12:17:03 (UTC)
Goto Top
Now it works. Now the host (server 3) is a reachable but only with a static entry in the network/interfaces with ->
  1. nano /etc/network/interfaces


But whhyyyyyyyy???
Mitglied: aqui
aqui Oct 26, 2021 updated at 14:00:23 (UTC)
Goto Top
The server is not reachable at all.
As you can see all docker interfaces do not have any public v6 address. They have only v4 addresses and in terms of v6 only v6 link local addresses which cannot provide Internet connectivity of course.
So something is wrong there with ICMPv6 (SLAAC) or DHCPv6 providing the docker interface/hosts with valid v6 addresses.
Either ICMPv6 oder DHCPv6 or both is blocked there. Run a tcpdump trace to check.
Mitglied: Siegfried36
Siegfried36 Oct 26, 2021 updated at 14:24:18 (UTC)
Goto Top
Quote from @aqui:

The server is not reachable at all.
As you can see all docker interfaces do not have any public v6 address. They have only v4 addresses and in terms of v6 only v6 link local addresses which cannot provide Internet connectivity of course.
So something is wrong there with ICMPv6 (SLAAC) or DHCPv6 providing the docker interface/hosts with valid v6 addresses.


I think the docker are are fine, because mailcow runs fully under v6 and runs under IPv4 fine. The problem now is that the interface enp0s25 won't get the v6 gateway address.

Either ICMPv6 oder DHCPv6 or both is blocked there. Run a tcpdump trace to check.
Ok, I will check that.
Mitglied: Siegfried36
Siegfried36 Oct 26, 2021 updated at 18:07:18 (UTC)
Goto Top
I ran tcpdump out of the blue with:

It gave me the following output:

The router advertisement is nearly the same compared to the fully reachable host, so the problem must be the host, I guess.
Hot discussed articles