OPNsense Forum
Archive => 23.7 Legacy Series => Topic started by: dipol0 on October 06, 2023, 12:17:23 pm
-
Hi all.
I set it up according to the manuals:
1. https://wiki.opnsense.org/manual/how-tos/ipv6_tunnelbroker.html
2. https://docs.netgate.com/pfsense/en/latest/recipes/ipv6-tunnel-broker.html
Versions OPNsense 23.7.5-amd64
FreeBSD 13.2-RELEASE-p3
Connection to ISP via PPPoE. Pings from outside are enabled.
Q: On the LAN, clients do not receive ipv6. Where to dig?
The tunnel itself seems to rise, and from the machine where the OPNSense is installed, Google pings via ipv6:
(https://i.postimg.cc/5jBWK074/192-168-0-1-Pu-TTY-001.png)[/url ]
Filewall rules for:
Firewall->Rules->TunnelBroker
[url=https://postimg.cc/w18k3q5r](https://i.postimg.cc/w18k3q5r/089.png) (https://postimg.cc/5jBWK074)
Firewall->Rules->LAN
(https://i.postimg.cc/vcsR9Vs7/090.png) (https://postimg.cc/vcsR9Vs7)
Firewall->Rules->WAN
(https://i.postimg.cc/YvNyHnGT/091.png) (https://postimg.cc/YvNyHnGT)
RA Settings:
(https://i.postimg.cc/vcbVK0y4/092.png) (https://postimg.cc/vcbVK0y4)
DHCPv6:
(https://i.postimg.cc/yWQDfsLb/093.png) (https://postimg.cc/yWQDfsLb)
Gateways:
(https://i.postimg.cc/F1dv4v9q/094.png) (https://postimg.cc/F1dv4v9q)
Info page IF - tunnel broker:
(https://i.postimg.cc/XpjTv034/095.png) (https://postimg.cc/XpjTv034)
-
Your screenshots look similar to mine. I use Unmanaged (SLAAC only) instead of Assisted (SLAAC + DHCPv6) but that's a matter of preference and shouldn't make a difference.
When you say "clients do not receive ipv6", do you mean they don't get IPv6 addresses assigned? Double-check RADVD and DHCPDv6 services are running in System-Diagnostics-Services. Also, double-check client NIC configuration- is IPv6 enabled as a protocol?
Also- you did not share screenshot of LAN Interface Configuration/Overview. Make sure it is configured with and has a static IPv6 address in the /64 you need your clients to receive addresses in.
Hope that helps!
-
Your screenshots look similar to mine. I use Unmanaged (SLAAC only) instead of Assisted (SLAAC + DHCPv6) but that's a matter of preference and shouldn't make a difference.
When you say "clients do not receive ipv6", do you mean they don't get IPv6 addresses assigned? Double-check RADVD and DHCPDv6 services are running in System-Diagnostics-Services. Also, double-check client NIC configuration- is IPv6 enabled as a protocol?
Also- you did not share screenshot of LAN Interface Configuration/Overview. Make sure it is configured with and has a static IPv6 address in the /64 you need your clients to receive addresses in.
Hope that helps!
LAN - Interfaces
(https://i.postimg.cc/dLjHs28X/099.png) (https://postimg.cc/dLjHs28X)
LAN - Overview
(https://i.postimg.cc/sMJtLF6M/100.png) (https://postimg.cc/sMJtLF6M)
Services:
(https://i.postimg.cc/1gR6P699/101.png) (https://postimg.cc/1gR6P699)
+ i set FW-rule for enable IPv6 ICMP ECHO on TunBrok IF and i can it (use external online services for ping)
When i configure GIF IF i use "Client IPv6 address" for ping:
(https://i.postimg.cc/XpSm7NtZ/097.png) (https://postimg.cc/XpSm7NtZ)
Clients can get IPv6 (its supported and enbled). But cant obtain it from OPNSense.
Looks like firewall rules blocks or some like that. But i not profi )) If you can share yours Firewall rules need for TunBroker?
Tnx
-
Very strange. I really dont know whats happens.
in confs:
1
ISP -- WAN (pppoe)*OPNSense ---(DHCP) --- clients dont dorking.
i try
2
ISP -- WAN (pppoe)*OPNSense MASTER --- (DHCP)---- WAN(DHC) OPNSense Slave --- clients
and it look worked
3.
control i install pfSense directly and it worked
ISP -- WAN (pppoe)*pfSense ---(DHCP) --- clients
but i not planing go to pfSense fully and cant have 2 machines with OPNsense. i plaing with MTUs for tunnel on opnsense but not/