Text only | Text with Images

OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: edz on May 15, 2022, 06:45:25 AM

Title: Firmware Connectivy Check
Post by: edz on May 15, 2022, 06:45:25 AM
I'm trying to figure out why the Firmware Connectivity Check fails the IPV6 ping:

Code Select

All repositories are up to date.
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
PING6(1548=40+8+1500 bytes) [MY-IPV6_IP] --> 2001:1af8:4f00:a005:5::

--- 2001:1af8:4f00:a005:5:: ping6 statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/22.1
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 792 packages processed.
All repositories are up to date.
***DONE***

However from the OPNSense terminal:
Code Select
root@opnsense:~ # ping6 2001:1af8:4f00:a005:5::
PING6(56=40+8+8 bytes) [MY_IPV6_IP] --> 2001:1af8:4f00:a005:5::
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=0 hlim=52 time=280.033 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=1 hlim=52 time=278.851 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=2 hlim=52 time=278.849 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=3 hlim=52 time=279.302 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=4 hlim=52 time=279.415 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=5 hlim=52 time=278.946 ms
^C
--- 2001:1af8:4f00:a005:5:: ping6 statistics ---
6 packets transmitted, 6 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 278.849/279.233/280.033/0.419 ms
root@opnsense:~ #

Title: Re: Firmware Connectivy Check
Post by: franco on May 16, 2022, 08:20:28 AM
Relevant bits being:

PING6(1548=40+8+1500 bytes) [MY-IPV6_IP] --> 2001:1af8:4f00:a005:5::

vs.

PING6(56=40+8+8 bytes) [MY_IPV6_IP] --> 2001:1af8:4f00:a005:5::

Ping is nice, but if you can't push a little fragmentation over the line it may be broken as soon as it starts downloading. And i there is a strict requirement to reject fragmentation along the way it's even trickier...


Cheers,
Franco
Title: Re: Firmware Connectivy Check
Post by: edz on May 16, 2022, 12:23:54 PM
Thanks franco.  So yes, ping6 with a packet size of 1500 is not working. 

Is there something that I need to fix on my end or do I just let it go?
Title: Re: Firmware Connectivy Check
Post by: franco on May 16, 2022, 02:16:54 PM
You can let this go if updates seem to work fine.

But you could also try to play with the payload size to see where it "breaks". MTU/MSS for IPv6 may need a different value or it's just that some router doesn't permit fragmentation (which is more odd since Iv6 has better fragmentation support).


Cheers,
Franco
Text only | Text with Images