OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: spetrillo on October 26, 2021, 10:26:31 PM

Title: IPV6 - Web Proxy
Post by: spetrillo on October 26, 2021, 10:26:31 PM
Hello all,

I am seeing these in my cache log but I have IPV6 turned off:

2021-10-26T16:19:00   squid   | SendEcho ERROR: sending to ICMPv6 packet to [2600:9000:2209:de00:c:ec82:5580:21]: (65) No route to host   
2021-10-26T16:18:59   squid   | SendEcho ERROR: sending to ICMPv6 packet to [2607:f8b0:4006:81e::200a]: (65) No route to host   
2021-10-26T16:18:59   squid   | SendEcho ERROR: sending to ICMPv6 packet to [2606:4700::6810:3355]: (65) No route to host   


Why am I seeing these?

Thanks,
Steve
Title: Re: IPV6 - Web Proxy
Post by: bartjsmit on October 27, 2021, 07:18:24 AM
Hi Steve, my guess is that your DNS is responding with AAAA records for a target and Squid has happy eyeballs turned on (RFC 8305).

Bart...
Title: Re: IPV6 - Web Proxy
Post by: spetrillo on October 27, 2021, 06:53:02 PM
Hmmm...soo strange. I have IPV6 turned off on OPNsense, so I wonder if these are being generated by a host of some kind.
Title: Re: IPV6 - Web Proxy
Post by: spetrillo on October 27, 2021, 07:03:50 PM
In doing some more investigation I have found that my physical NICs and VLANs have IPV6 addresses assigned, yet I have turned off IPV6. Why is this happening?
Title: Re: IPV6 - Web Proxy
Post by: fabian on October 27, 2021, 08:59:09 PM
fe80: + something is a link local address. It is not a routable address and exists only for local connections and packet forwarding but never for the internet traffic.

IPv6 cannot be disabled. It will always be there. However since SLAAC is blocked, IPv6 cannot be used.