I am unable to get an IPv6 address on my WAN interface from my ISP using DHCPv6.
I get the following error in my System>Log Files> Log file.
Error dhcp6c transmit failed: Permission denied
I am running
OPNsense 25.1.1-amd64
FreeBSD 14.2-RELEASE-p1
OpenSSL 3.0.16
My WAN interface has
Prefix Delegation Size: 56
Send Prefix Hint: Yes
I am able to get an IPv6 address and prefix and the error goes away when I disable the firewall.
I have gone so far as to open the firewall up with rules to allow all incoming and outgoing IP6 traffic, but I get the same result.
What do I need to configure to fix this?
Your help is appreciated.
If you ask for this error specifically this happens when dhcp6c is forced to reload in relation to link events. This can happen during bootup and some forms of IPv6 renewal, especially on PPPoE.
Cheers,
Franco
Hi, If you are using NAT with IPv6, make sure that IPV6 link-local addresses are not included in the list of source addresses for NAT66.
Background – My setup is dual WAN (Uverse fiber and Spectrum), with load balancing and failover, and I use NAT66 (I know the reasons that I shouldn't). About a month ago, I noticed that my WAN2 (Spectrum) interface did not have a global IPv6 address (dhcpv6 client). I checked the logs and saw the "dhcp6c transmit failed: Permission denied" error, but did not know how to interpret it.
Over a couple of weeks, I tried everything that I could think of to resolve the issue, but nothing worked. Then, I stumbled across a post about dhcpv6 issues, in which someone suggested that the problem may be related to NAT66. I looked at my NAT66 configuration and realized that included in the source alias list "Internal_All_IPv6" that I use for NAT66 was fe80::/10 (link-local addresses). I suspected that this might be interfering with DHCPv6 (Solicit, Advertise, Request, Reply) sequence, so I removed the link-local addresses from the NAT66 source alias. As soon as I did this, the WAN2 interface obtained a global address, and I have not had the problem since.
...just a newbie's suggestion of something to try.
Will
Got the same Issue, dhcp6c transmit failed: permission denied
My Setup is PPPoE Interface on WAN. So opnsense is doing PPPoE, I have dual Stack. Provider enforces reconnect every 24 Hours.
There is a auto generated rule under WAN allowing dhcpv6
IPv6 UDP * * fe80::/10 546 * * allow dhcpv6 client in WAN
IPv6 UDP fe80::/10 546 fe80::/10, ff02::/16 547 * * allow dhcpv6 client out WAN
Indeed for me my Problem was solved through removing a manual outbound NAT Rule:
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
WAN any * ! Private_Networks * WAN address * YES
Maybe, if the rule is needed in future setups, one should restrict ports from 1024 beginning to not NAT 67/68 546/547 DHCP Ports.
port 1024:65535