Server 2019 DC/DNS/DHCP - RRAS(LAN Router) - not Forwarding IPv6

DAxIsaac 196 Reputation points
2021-06-18T22:00:25.343+00:00

"Long time listener first time caller!" - Thank you in advanced for any help! I'll try to be as brief and technical to prevent indigestion.

I'm having an issue with my Server 2019 DC (Hyper-V)M on non-joined host not Forwarding IPv6. It DNS and Forwards IPv4 without any issues even SSL. It DNS IPv6 all the way to the internet, but it's not seeming to forward packets past DNS. Any IPv6 ping/tracert request past the Gateway host (from the DC host) time out. Any IPv6 ping/tracert request past the DC host (from a client) time out. IPv4 makes it all the way there and back again.. My Edge Gateway is a pfSense VM router on a separate physical Hyper-V host. From that Gateway I can ping/tracrt IPv6 to the internet without an issue. I am purposely routing the Domain through the DC.

Topology:

  • Server 2019 DC/DNS/DHCP
  • RRAS(LAN Router) - Routing both IPv4 & IPv6 options Lan Routing
  • DHCP serving both IPv4 & IPv6, IPv6 server option 0023 set to DC address
  • NICs: LAN & WAN two physically separate/virtual switches
  • Local Domain to LAN -> RRAS (LAN Router) -> WAN to Gateway LAN -> Gateway LAN through Firewall through Gateway WAN -> Internet
  • Gateway/Firewall/Cache/RA: pfSense (Hyper-V)M forwarding to a remote Gateway
  • NICs: LAN & WAN two physically separate/virtual switches

Here are some screenshots of the configuration for the adapters and tracing the route:

107242-screenshot-2021-06-18-164033.png
107243-screenshot-2021-06-18-163925.png
107158-screenshot-2021-06-18-164108.png
107214-screenshot-2021-06-18-163755.png

tracert from DC:
107226-screenshot-2021-06-18-174403.png

tracert from a client:
107166-screenshot-2021-06-18-174458.png

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,127 questions
0 comments
Accepted answer
  1. DAxIsaac 196 Reputation points
    2021-06-19T18:47:14.547+00:00

    @Dave Patrick Thank you for your response! I appreciate you looking that up. This wasn't exactly my issue, however it did help a little to figure out where the issue is coming from.

    I originally had the windows router and gateway on the same network. I had to realize that the IPv6 local network communicates via Link-Local. I separated the gateway network from the windows router network leaving only the windows router WAN on the same network as the gateway LAN (the same as you do with IPv4). Using the above info, I created a static route for the windows router network via IPv6 to get out to the internet. [Before I created the static route I could see ICMPv6 requests hit the gateway firewall and get dropped, so I knew forwarding was actually working.] In the end either network configuration still caused IPv6 requests to timeout. So the issue comes to the pfsense gateway/firewall and maybe one of it's packages dropping IPv6 packets.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426.1K Reputation points MVP
    2021-06-18T23:18:56.84+00:00

    May be a similar issue here.
    https://serverfault.com/questions/691471/ipv6-with-ipv4-over-rras-sstp-vpn-from-client-that-only-has-ipv4-access?rq=1

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments