In the current 22.1.8 the firewall will NOT allow SSH or HTTPS connections to it's LAN IP Addresses
even though there is an EXPLICIT rule allowing ANY IPv6 from my home block to "THIS FIREWALL" any / any.
This USED TO WORK.
Ideas?
What all do you need from me to diagnose?
FTR: IPv6 beyond the FW works just fine. It's just access to the FW itself.
root@fw:~ # last -n 20
root pts/1 76.250.255.117 Wed May 25 16:46 still logged in
root pts/1 76.250.255.117 Wed May 25 16:46 - 16:46 (00:00)
root pts/1 2602:fcdb:0:10::53:2 Wed May 25 16:23 - 16:24 (00:00)
ler pts/1 76.250.255.117 Wed May 25 16:19 - 16:20 (00:00)
ler pts/1 76.250.255.117 Wed May 25 15:55 - 15:55 (00:00)
root pts/1 76.250.255.117 Wed May 25 15:24 - 15:25 (00:00)
root pts/1 76.250.255.117 Wed May 25 15:07 - 15:08 (00:00)
root pts/1 76.250.255.117 Wed May 25 15:05 - 15:05 (00:00)
root pts/1 76.250.255.117 Wed May 25 15:03 - 15:04 (00:00)
root pts/0 2602:fcdb:0:10::53:2 Wed May 25 15:00 - 16:47 (01:46)
root pts/0 76.250.255.117 Wed May 25 14:54 - 14:55 (00:00)
root pts/0 76.250.255.117 Wed May 25 12:43 - 12:43 (00:00)
root pts/0 76.250.255.117 Wed May 25 12:42 - 12:42 (00:00)
root pts/0 76.250.255.117 Wed May 25 12:41 - 12:41 (00:00)
root pts/0 76.250.255.117 Wed May 25 12:19 - 12:34 (00:15)
root pts/0 76.250.255.117 Wed May 25 12:18 - 12:18 (00:00)
shutdown time Wed May 25 12:14
root pts/0 2600:1700:210:b18f:b92 Wed May 25 10:39 - 10:39 (00:00)
root pts/0 2600:1700:210:b18f:b92 Wed May 25 10:39 - 10:39 (00:00)
root ttyv0 Wed May 25 09:05 - 09:07 (00:01)
Note prior to the shutdown, the 2600:1700 addresses, from the SAME mac at home after the reboot
it only works for the IPv4 address.
<SOMETHING> in 22.1.8 broke <SOMETHING>
with the 13.1-RELEASE OS, I can't ssh from outside AT ALL to the FW.
after 13.1-R was up for a while, IPv4 works again, still no luck with IPv6 ssh to the FW.
Running 22.1.8 here, while I haven't previously tried to SSH to the OPNsense LAN interface via IPv6 (I've only used IPv4), I can confirm I'm seeing similar.
I don't have any custom rules or MAC filtering in place on my LAN side to prevent this. And if I watch the real time log, OPNsense will show a green permit as if the connection were allowed, but it will time out. IPv4 works as it always did, and also shows the same green entry in the live view. Screenshot attached.
These are my SSH settings in the screenshot.
22.1.8_1 seems(!) to have fixed this.
Sorry for reviving this thread, but I did not find a suitable topic.
I have the same problem running OPNsense 22.7.10_2.
I have ipv4 and ipv6 setup on LAN interface.
This is my config in Administration:
Secure Shell Server [x] Enable Secure Shell
Login Group wheel, admins
Root Login [x] Permit root user login
Authentication Method [x] Permit password login
SSH port 22
Listen Interfaces LAN
:~ # netstat -an | grep 22
tcp4 0 0 192.168.1.1.22 *.* LISTEN
tcp4 0 0 127.0.0.1.22 *.* LISTEN
tcp6 0 0 ::1.22 *.* LISTEN
Seems like it is only listening on the ipv4 LAN address, not on the ipv6 address.
igb2: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: LAN
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether dc:58:bc:e0:24:7b
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::<redacted>:247b%igb2 prefixlen 64 scopeid 0x3
inet6 2a00:<redacted>:247b prefixlen 64
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
other than that, like OP my IPv6 generally works. Just not for ssh to the firewall.