Text only | Text with Images

OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: LeftyJohnson on May 26, 2023, 08:57:36 PM

Title: Cannot route IPv6
Post by: LeftyJohnson on May 26, 2023, 08:57:36 PM
Pretty simple setup but after changing ISP I cannot route IPv6 anymore. I have tried various combinations of IPv6 settings without much success. I am much more familiar with IPv4 networking than IPv6 though.

I am getting delegated 2606:83c0:1001:2500::/56 from the ISP so I used the first /64 to setup DHCPv6. All of my devices are on one flat network and they can communicate with each other via IPv6. I have a firewall rule to allow any outbound IPv6 traffic. Ping6 from the router is successful, but if I try to reach the same address from inside the network it fails.


WAN IPv6 info:
QuoteIPv6 link-local   fe80::7e2b:e1ff:fe13:c611/64
IPv6 address   2606:83c0:1c00::cb/128
IPv6 delegated prefix   2606:83c0:1001:2500::/56
IPv6 gateway   auto-detected: fe80::10ff

Route info:
Quoteipv4   default   162.81.16.1   UGS   NaN   1500   igc1   wan
ipv6   default   fe80::10ff%igc1   UG   NaN   1500   igc1   wan
ipv6   2606:83c0:1001:2500::/56   ::1   UGSB   NaN   16384   lo0   Loopback
ipv6   2606:83c0:1001:2500::1   link#1   UHS   NaN   16384   lo0   Loopback


OPNsense 23.1.8    Intel(R) Celeron(R) N5105    16126 MB RAM
Title: Re: Cannot route IPv6
Post by: bartjsmit on May 26, 2023, 09:05:04 PM
Are you allowing ICMP6 inbound?
Title: Re: Cannot route IPv6
Post by: LeftyJohnson on May 26, 2023, 09:18:04 PM
I have the automatically generated rules.

QuoteProtocol   Source   Port   Destination   Port   Gateway   Schedule      Description       
     IPv6 IPV6-ICMP   *   *   *   *   *   *   *   IPv6 RFC4890 requirements (ICMP)   
     IPv6 IPV6-ICMP   (self)   *   fe80::/10,ff02::/16   *   *   *   *   IPv6 RFC4890 requirements (ICMP)   
     IPv6 IPV6-ICMP   fe80::/10   *   fe80::/10,ff02::/16   *   *   *   *   IPv6 RFC4890 requirements (ICMP)   
     IPv6 IPV6-ICMP   ff02::/16   *   fe80::/10   *   *   *   *   IPv6 RFC4890 requirements (ICMP)   
     IPv6 IPV6-ICMP   ::   *   ff02::/16   *   *   *   *   IPv6 RFC4890 requirements (ICMP)
Title: Re: Cannot route IPv6
Post by: bartjsmit on May 26, 2023, 09:21:35 PM
Add an explicit ICMP6 any any to floating rules. I needed that to get delegation to work properly.
Title: Re: Cannot route IPv6
Post by: LeftyJohnson on May 26, 2023, 09:51:14 PM
I tried each of these floating rules to allow any type of IPV6-ICMP in on the WAN interface to no avail.

QuoteProtocol   Source   Port   Destination   Port   Gateway   Schedule                 
        IPv6 IPV6-ICMP   ! LAN net   *   LAN net   *   *   *   1         
        IPv6 IPV6-ICMP   ! LAN net   *   WAN address   *   *   *   1
        IPv6 IPV6-ICMP   *   *   *   *   *   *   1
Title: Re: Cannot route IPv6
Post by: LeftyJohnson on May 28, 2023, 01:12:55 AM
Turns out I had misclicked the Prefix Delegation size under DHCPv6 client configuration for the WAN interface.

I set it to match the actual /56 delegation size and changed the IPv6 Configuration Type on the LAN interface back to Track Interface and IPv6 routing is working again.
Title: Re: Cannot route IPv6
Post by: heaven73 on June 02, 2023, 01:35:40 PM
i have a similar issue, but i got the /56 static and so i cant activate track interface,
Title: Re: Cannot route IPv6
Post by: franco on June 02, 2023, 02:25:33 PM
Just pick a single /64 for LAN then? The hardest part about static IPv6 setup is getting the ISP gateway address right...


Cheers,
Franco
Text only | Text with Images