Text only | Text with Images

OPNsense Forum

Archive => 23.7 Legacy Series => Topic started by: icsy7867 on October 29, 2023, 02:40:19 AM

Title: WAN_DHCP6 gateway missing
Post by: icsy7867 on October 29, 2023, 02:40:19 AM
Probably user error.  My ISP only gives me a single /64 block and I have a single interface set to track, and devices receive valid ipv6 addresses from the block.

However I can't ping anything using ipv6 except internally.  Also if I go to one of the *whatsmyip" websites, I doesn't detect anything for ipv6.

One odd thing I noticed was that I do not have a WAN_DHCP6 gateway.  But I do have a WAN_DHCP.  So if seems like his is missing and I cannot figure out how to make it work. I tried to manually recreate it, but no good. 

I'm not even sure where to start and would love some advice.  Thank you!
Title: Re: WAN_DHCP6 gateway missing
Post by: bartjsmit on October 29, 2023, 08:55:35 AM
Make sure you allow ICMPv6 on the WAN interface. IPv6 uses ICMP and multicast for neighbour discovery.

I know that conventional firewall lore says to block ICMP as a defence against network reconnaissance, but think how many IP addresses there are in a /64  8)

Bart...
Title: Re: WAN_DHCP6 gateway missing
Post by: franco on October 29, 2023, 10:46:14 AM
I am unsure why your gateway would be missing. Is this on 23.7.7 vs 23.7.6 where it worked? Is there PPPoE involved?


Cheers,
Franci
Title: Re: WAN_DHCP6 gateway missing
Post by: icsy7867 on October 30, 2023, 06:35:58 PM
No PPPOE is involved. 

I actually didnt realize my opnsense was running the legacy version, so I went ahead and upgraded to 23.  This is running 23.7.4, I will update to 23.7.7 this evening.

So I also realized I had an old interface setup for my openvpn configuration, which was the "active" IPv6 gateway. I disabled that interface, and the WAN_DHCP6 magically appeared.  So much better there...

However, I am still having the same issues.  My interface that I am using "Track Interface" for ipv6, is getting IP addresses, but when I try to ping something simple, like google.com using ipv6 (I.E ping6) it just seems to fail, nothing in the firewall log views.
Title: Re: WAN_DHCP6 gateway missing
Post by: franco on October 30, 2023, 06:44:12 PM
Ok, take a look at the troubleshooting guide. IPv6 is a bit tricky in this regard...

https://docs.opnsense.org/manual/ipv6.html#basic-setup-and-troubleshooting


Cheers,
Franco
Title: Re: WAN_DHCP6 gateway missing
Post by: icsy7867 on October 30, 2023, 08:17:48 PM
Thanks! I will give this a whirl.  ipv6 works on the WAN, but not on the LAN side.  But the guide gives me some good things to try.  Thanks.
Title: Re: WAN_DHCP6 gateway missing
Post by: icsy7867 on October 31, 2023, 06:49:09 PM
Now there definitely seems to be a routing issue.  opnsense itself can ping via ipv6, but my LAN side cannot.  Checking the routing table, I only see ipv4 entries.

So I need to figure out why my LAN clients arent getting any of that information.
Text only | Text with Images