Can't get IPv6 working in new dual stack deployment

Started by CJ, May 25, 2026, 02:05:07 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
May 25, 2026, 06:54:55 PM #15
Change LAN net to any just for a test and try again, please.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 25, 2026, 07:04:28 PM #16 Last Edit: May 25, 2026, 07:07:10 PM by CJ
Quote from: Patrick M. Hausen on May 25, 2026, 06:54:55 PMChange LAN net to any just for a test and try again, please.

That does work.  test-ipv6.com now shows the client global IPv6.

ETA: The ndp alias are now populated as well.
May 25, 2026, 07:07:48 PM #17
See? Then please show all your rules and aliases you tried and @Monviech will probably be able to help with the details. I have no experience with the NDP proxy in production but the fact that LAN net would not work is obvious from basic principles.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 25, 2026, 07:19:10 PM #18
Quote from: Patrick M. Hausen on May 25, 2026, 07:07:48 PMSee? Then please show all your rules and aliases you tried and @Monviech will probably be able to help with the details. I have no experience with the NDP proxy in production but the fact that LAN net would not work is obvious from basic principles.

I wasn't arguing with you, just providing what the manual said.

Do you run any multi-WAN IPv6?  That's my next hurdle for dual stack.
May 25, 2026, 07:43:47 PM #19 Last Edit: May 25, 2026, 07:48:53 PM by Monviech (Cedrik)
For anybody else reading this, the proxy only populates aliases when certain events happen, mostly DAD probes and NDP probes of clients.

This means when the proxy is already started and aliases are (manually) added afterwards, most clients will already be learned. That means the alias population events already went by before the aliases existed the first time.

That heals itself, but it takes a bit on initial deployment.

And yes, obviously (I hope) LAN_network alias will not contain any proxied IPv6 networks.
Hardware:
DEC740
May 25, 2026, 09:31:47 PM #20
Quote from: Monviech (Cedrik) on May 25, 2026, 07:43:47 PMAnd yes, obviously (I hope) LAN_network alias will not contain any proxied IPv6 networks.

So what's your recommendation? Use "WAN net" instead as source on all internal networks served by the proxy? Or "any"?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 25, 2026, 09:44:42 PM #21 Last Edit: May 25, 2026, 09:47:57 PM by Monviech (Cedrik)
I assume WAN network won't contain the on link prefix (I didnt check, only an assumption). I would just use any as source, or the alias that the proxy populates.

In my home network where I use the proxy I use the proxy populated alias, didnt notice any issues since months, so I assume in most standard setups it will work correctly.
Hardware:
DEC740
May 25, 2026, 09:55:41 PM #22
Quote from: Monviech (Cedrik) on May 25, 2026, 09:44:42 PMI would just use any as source, or the alias that the proxy populates.

Now I understand - the proxy populates an alias automatically which can then be used in firewall rules. So @CJ missed to change the rule from "LAN net" to that alias.

Thanks!
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 25, 2026, 09:59:41 PM #23 Last Edit: May 25, 2026, 10:02:12 PM by Monviech (Cedrik)
Yes, but the alias that the proxy populates can be a bit delayed during first setup. So it can look like there is no IPv6 for a minute or so.

The issue is the initial workflow.

If you first set up the proxy, it immediately learns all clients and fires all events.

If you then create aliases afterwards, and apply the configuration again, it will not immediately relearn all clients (since it already did learn them). It would only do that if the cache file is enabled, otherwise it is truly stateless (meaning clients would need to send ndp packets first before they get discovered again)
Hardware:
DEC740
Print
Go Up Pages 1 2
User actions