I have access to the IPv6 network through the 6in4 HE.NET tunnel
I have set IPv6-Prefix Delegate /48 and I can assign a separate IPv6 address range for each of my LANs
I have two LAN networks (lan and vlan.200).
Each network has its own subprefix and it works properly.
Each host receives an IPv6 address appropriate for its LAN
Even the DHCP server works, because some hosts, after assigning DUID and IPv6-SUFFIX, receive the value entered there - exactly 1 host gets the given IPv6 address along with SUFFIX, the rest get the correct network prefix and their random host address.
Each host connects via IPv6 to the network. Works properly. Disabling IPv4 does not result in any change in performance.
The problem is that on:
on the router:
ping ff02::1 - shows only the router's IPv6 and several duplicates even though there are e.g. 3-4 other IPv6 hosts in the network
ping ff02::2 - shows IPv6 of the router (itself) - works properly
on other hosts:
ping ff02::1 and ping ff02::2 get no response from the router or other hosts.
Ping to the router's IPv6 works properly.
In Firewall I have set to allow all ICMPv6 - everything for everyone.
First, maybe you can clearly explain what your goal is by pinging these listed IPs - instead of the IPs assigned to each individual host?
Also, in your own words explain what "works properly" - as it's not clear by the testing you're performing.
My tip would be to look at the neighbors (ip -6 neigh) or ping the real IP addresses - but since it's not clear what your goal actually is, I'm not sure that's helpful until you explain.
I think IPv6 is not working properly. I think I have something, misconfigured.
Two hosts, running Linux Mint and PS5, correctly (according to my assumption) obtained an IPv6 address (with DHCP)
A host with Windows 11 and a TrueNas host obtain an IPv6 address using the SLAAC method (correct prefix + individual host address generated on the host)
Other hosts such as TV and telephone also obtain the IPv6 address correctly, but using the SLAAC method
I can't get every host to get an IPv6 address using the DHCPv6 method
I'm looking and checking.
From what I understand, a test
PING FF02::1
PING FF02::2
should provide a response from all neighbors and routers in a given network.
This test does not work on any host.
Ping receives no response, waits for a response. After interrupting CTRL+C, I get a 100% packet loss response.
If I run this test on the router, I receive a response from the router itself.
I think the router should receive responses from its IPv6 neighbors on the network.
If
PING FF02::1
running on any host should receive responses from IPv6 hosts on the network?? 1 from the router and a few other hosts? Should this work on any host?
If
PING FF02::2
running on any host should receive a response from my router? Should this work on any host?
Using Wireshark
I see ICMPv6-PING traffic from the linux mint host
with TrueNas and Windows 11 you no longer see this traffic.
The fact that two hosts receive IPv6 addresses from DHCPv6, the rest receive addresses via SLAAC and the lack of response to pings FF02::1 and FF02::2 suggest that something is wrong.
Based on that part of your post, just for fun, I went to Network Interfaces in LuCI and stopped my WAN interface (DOCSIS via DHCP) to see what would happen. As expected, my WAN6 interface (the HE tunnel) also went down, and I was no longer connected the Internet.
If you're reliant on a 6in4 tunnel to get IPv6, how is it that you're able to disable IPv4 without losing IPv6?
Edit: Silly me. I just realized you probably meant disabling IPv4 on client devices, not the router. That makes more sense.
I received a new clue from you - firewall, but on hosts.
As a test, I completely disabled the firewall on Windows 11 and got (almost) what I expected.
Win11 host received IPv6 address from DHCPv6, (previously from SLAAC) host received response from PING FF02::2
ping -6 ff02::2
Pinging ff02::2 with 32 bytes of data:
Reply from ff02::2: time=3ms
Reply from ff02::2: time=1ms
Reply from ff02::2: time=112ms
Reply from ff02::2: time=10ms
Ping statistics for ff02::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 112ms, Average = 31ms
I thought the answer would indicate the IPv6 address of the host, but this answer is also ok.
Ping to the host always worked. Ping to all neighbors did not work.
Anycasting is link-specific, so ping ff02::1 is ambiguous at best without being directed to a specific interface, e.g. ping ff02::1%br-lan. Use the kernel name for interfaces not the UCI name.
By default, the Win11 host has ICMPv6 communication blocked for DHCPv6, etc. - that is why it did not receive an IPv6 address via DHCPv6, it received it via SLAAC
ANDROID system also has a problem, it does not support DHCPv6 and does not receive an IPv6 address via DHCPv6
TrueNas - ping ff02::1 pointing to the interface (ping ff02::1%enp4s0) gave what I expected.
Just FYI, DHCPv6 is not a requirement for IPv6 - SLAAC is, and that's what Androids use. Few if any Androids implement DHCPv6.
This is not a problem, it's normal behavior. This is why it's still clear what issues you're troubleshooting.
If you took time to explain your actual issue, maybe we could provide clearer answers.
If you want to test IPv6. Try using the IP addresses assigned to the device, not some multicast IP. Also as noted, you can run the following command to see IPs of devices on the network:
Using the assigned IP address (instead of some multicast IP) will provide said IPv6 address of the host. This is why I asked what issue are you troubleshooting.
I know, the difference between IPv4 and IPv6 is not only the way the address is written. You need to change your way of thinking.
For learning purposes, I enabled IPv6 on my network.
Several hosts, as I assumed, received an IPv6 address from DHCPv6.
The TrueNas server and other hosts such as Win11 phones generated their IPv6 addresses via SLAAC.
Now I understand - my router is set up correctly. The problem lies in the host firewalls, the specification of the host or Android.
I'm not sure what you're referring to, I never made a statement or implied you didn't know the difference between IPv4 and IPv6. In fact, I never mentioned IPv4. Maybe you meant to reply to a specific user?
OK...if you insist. Glad you got it working.
Just FYI, you can ping the IPv6 address on Androids too, just not sure why you choose to use multicast. This is a good time to note, it's possible that it can be disabled too. I would always advise using the IPv6 address assigned to the client and not to rely on a multicast ping address.
Since you don't explain why you wanna ping multicast instead of the IP itself - it's not clear what "issues" or "problems" concern you (i.e. are testing for a multicast stream, multicast messaging, etc.).
I was talking about myself.
When trying to understand IPv6, I keep thinking about IPv4.
I know it's a mistake.
Pinging the host address always worked. That's why I didn't talk about it.
Multicast ping did not work. That's why I mentioned it. I have no purpose in using multicast ping. I only use multicast ping for learning. I wanted to know why it wasn't working. Now I know - host firewall settings, host operating system, etc.