Hello everybody,
IPv6 from the local network to the internet suddenly stopped working. I'm not sure exactly when, but probably when I updated to 22.1 some days ago. In the local network, it works as expected.
What works:
- WAN gets an IPv6 address and a prefix
- All the clients of the VLANs get a proper IPv6 address within the subprefix (actually more than one)
- All the clients get an ULA, which I configured using virtual IPs and router advertisements (and that worked before)
- Clients can communicate between each other using IPv6, both with ULAs and GUAs, respecting the firewall rules
What doesn't work:
- Clients cannot communicate with the internet with IPv6, e.g. pinging google.com fails, no message, just 100% packet loss
- However, I can IPv6 ping from the firewall to the outside and it works: Interfaces -> Diagnostics -> Ping, pinging to google.com with MAIN as the source address (that's the main VLAN, where computer, phones, etc are) works
- Running e.g. https://ipv6-test.com/ from any client says there is no IPv6 connectivity
What I've tried:
- Deactivating firewall rules
- Deactivating virtual IPs and ULAs
- Deactivating manual router advertisements
- Changing types of RA (assisted, managed, stateless, etc)
- Restarting multiple times
I suspect opnsense is failing to route properly. I captured the packages in both MAIN and WAN interfaces while trying to ping from my computer to google.com. The pings packets appear in both captures, and it says: [Expert Info (Warning/Sequence): No response seen to ICMPv6 request in frame 3]
Gateways and routes are with the default values.
Thanks for the help.
After reviewing everything and doing more tests with the gateways and routes, nothing. Here's an example of a traceroute from a client to google.com:
traceroute to google.com (2a00:1450:4001:82f::200e), 5 hops max, 80 byte packets
1 firewall.lan (2003:c9:7f3d:4202:2e0:67ff:fe21:15e0) 0.254 ms 0.189 ms 0.215 ms
2 * * *
3 * * *
4 * * *
5 * * *
Here's from the firewall (it eventually reaches the destination)
traceroute6 to google.com (2a00:1450:4001:800::200e) from 2003:c9:7f3d:4202:2e0:67ff:fe21:15e0, 18 hops max, 20 byte packets
1 2003:0:8a01:3800::1 5.464 ms 3.911 ms 4.087 ms
2 2003:0:1807::1 10.928 ms 11.276 ms 11.136 ms
3 2001:4860:1:1:0:cf8:0:22 10.453 ms 10.826 ms 10.484 ms
4 2a00:1450:8019::1 9.749 ms 9.937 ms 9.786 ms
5 2001:4860:0:1::3e8a 12.026 ms 12.434 ms 11.608 ms
...
I'm at loss. Also, I've checked the logs, and that started to happen when I upgraded to 22.1, so I doubt is a coincidence. I've captured some traffic while doing pings, but with the ipv6 thing, I'm not really sure what do I have to look for.
Any help, besides reinstalling and starting from scratch?
Have the same issue.
What ISP you have?
This is same as I was experiencing in https://forum.opnsense.org/index.php?topic=26622.0.
Still have not been able to fix it, so I gave up on IPv6 until more people report the same issue.
Running ESXi 7.0, latest update, with a Intel I-350 passed through for the WAN interface, and the VMX interfaces on LAN.
When I reboot, OPNsense doesn't add my default route. That is on the box with tunneled ipv6. On the one with native ipv6 I didn't have any issues with routing loss, before the upgrade to 22.x Now I have no routing on the box with native ipv6!
Quote from: Morta on March 06, 2022, 10:33:12 PM
Have the same issue.
What ISP you have?
Deutsche Telekom. I doubt it has anything to do, as I said, it was working before with the same config.
I can confirm that I have the same problem. I have RA enabled and none of the clients get ipv6 addresses assigned. This setup without any modification has worked until the recent upgrade 22.1.1 -> 22.1.2
I am willing to provide any debug information needed.
Quote from: palica on March 08, 2022, 09:00:33 AM
I can confirm that I have the same problem. I have RA enabled and none of the clients get ipv6 addresses assigned. This setup without any modification has worked until the recent upgrade 22.1.1 -> 22.1.2
I am willing to provide any debug information needed.
It's not the same problem. As I said, clients get ipv6 addresses and it works locally, even across vlans, but it's not being routed to the internet.
Itz the same issue my NetworkManger gets a IPV6 but my ip addr not because is not routed.
It's somewhere a patch or a hint to fix this issues with the Radvd/DHCPV6 server?
I think I had similar issue after update from 22.1 direct to 22.1.2_1. Yes I skipped 22.1.1
Initially I thought it's my ISP with ipv6 routing issue. I get ipv6 on all local devices just unable to browse the Internet e.g. browser and dns ipv6 lookup failed. No issue with ipv4.
I didnt investiage further and fixed it with delaying the opnsense boot up not sure which work , i just slap both of these in /boot/loader.conf.local
autoboot_delay="60" <--- in second
kern.cam.boot_delay="60000" <--- in millisecond
FYI, I have other devices that need time to boot up, hence I put long delay, if you use these setting please change the value accordingly...
I fixed my issue, where I was receiving IPv6 addresses but not actually able to reach the internet with IPv6.
Created a new firewall rule on the LAN,
Address: IPv4 + IPv6
Action: Pass
Direction: In
Source: LAN Net
Destination: LAN Address
Rebooted, and clients are now working on IPv6.
Makes me think there was a firewall generation/compatibility issue with 21.7 -> 22.1, as I'm using my config from 21.7 and experiencing this issue.
Go to this topic to see some of my fixes for no incoming IPv6.
https://forum.opnsense.org/index.php?topic=27518.msg133535#msg133535