Running 25.1.2, I have IPv6 working outbound. I am able to ping and browse to multiple IPv6 only sites on the Internet.
My trouble is with IPv6 traffic being allowed IN to my LAN.
Even with a NPTv6 entry, I keep seeing the traffic being blocked by the WAN interface Default Deny rule.
What am I missing here?
A proper allow rule on WAN?
I have a wide open "any/any" IPv6 rule on the WAN interface.
If I can get this to work, I will then look at tightening the rule.
Quote from: shadowspire on March 04, 2025, 09:18:45 PMI have a wide open "any/any" IPv6 rule on the WAN interface.
[...]
Heh. Is it an inbound rule?
More seriously, I think you'll have to post your ruleset. Too many possibilities.
Well....now it is working. Not sure what it was though.
NPTv6 is set like this:
Interface: WAN
Internal IPv6 Prefix: <internal ipv6 addr>
External IPv6 Prefix: <external ipv6 addr>
Track interface: None
Firewall rule is literally allowing any and all IPv6 traffic in.
Quote from: shadowspire on March 04, 2025, 11:14:17 PMFirewall rule is literally allowing any and all IPv6 traffic in.
Then why are you using NPT6? Internal networks are using GUA? Provider is routing these prefixes to your OPNsense? There is no NAT in IPv6 (in the common scenarios).