Text only | Text with Images

OPNsense Forum

English Forums => 25.1, 25.4 Series => Topic started by: mebert on October 16, 2025, 12:14:01 AM

Title: ipv6 LAN no connectivity
Post by: mebert on October 16, 2025, 12:14:01 AM
I am running OPNsense 25.1.12 and trying to get ipv6 working. I am unable to ping my router (or anything else) from machines on the local network.

Setup and information:
WAN set to DHCPv6. LAN set to Track Interface with parent interface WAN.
router can ping -6 google.com successfully.

Router has LAN ip of 2604:5500:7032:1234:2e0:67ff:fe2c:69a5/56
Local machine has IP of 2604:5500:7032:1234::1986

packet capture of LAN interface shows packets from local machine: Neighbor Solicitation for 2604:5500:7032:1234:2e0:67ff:fe2c:69a5
so i dont think its a firewall issue

any idea why ipv6 isn't working on my LAN? how can i troubleshoot this?

Title: Re: ipv6 LAN no connectivity
Post by: Patrick M. Hausen on October 16, 2025, 12:19:35 AM
Quote from: mebert on October 16, 2025, 12:14:01 AMRouter has LAN ip of 2604:5500:7032:1234:2e0:67ff:fe2c:69a5/56

That's wrong - all broadcast interfaces are /64 in IPv6. You get a /56 from your ISP for up to 256 VLANs or other networks, not for a single interface.
Title: Re: ipv6 LAN no connectivity
Post by: mebert on October 16, 2025, 01:19:56 AM
I see that in interfaces>overview, under the "IPv6" column, WAN has a value of
2604:5500:7032:0:2e0:67ff:fe2c:69a4/64
2604:5500:7032::7a1/128
fe80::2e0:67ff:fe2c:69a4/64

 and LAN has a value of
2604:5500:7032:1234:2e0:67ff:fe2c:69a5/56
fe80::2e0:67ff:fe2c:69a5/64

is the issue the 64-56 mismatch between WAN and LAN?
Title: Re: ipv6 LAN no connectivity
Post by: mebert on October 16, 2025, 01:34:51 AM
quote is not edit
Title: Re: ipv6 LAN no connectivity
Post by: mebert on October 16, 2025, 01:45:50 AM
Oh. 2604:5500:7032:0:2e0:67ff:fe2c:69a4/64
is NOT 2604:5500:7032:1234::/64 so everything with 604:5500:7032:1234 prefix isnt being routed correctly.

Title: Re: ipv6 LAN no connectivity
Post by: meyergru on October 16, 2025, 08:42:22 AM
That should not be the problem.

First, Patrick is right: Any local IPv6 subnet should be /64 in order for SLAAC to work.

Second, the prefixes are different in your case, because of the use of IA_NA for the WAN IPv6 (which is a /128), but IA_PD, which is a /56 prefix that must be split up into several /64 addresses for each (V)LAN.

You can also check "Request prefix only" on your WAN and omit IA_NA for the WAN to use one of the IA_PD prefixes as well. In that case, WAN and LAN both use a /64 IPv6 within the same /56 prefix.

Where everything gets routed is determined by your IPv6 gateway, which should be provided by the ISP. Both variants should work, but I prefer the latter.

I refer you to look at this (https://forum.opnsense.org/index.php?topic=45822.0) to better understand this.
Title: Re: ipv6 LAN no connectivity
Post by: mebert on October 17, 2025, 09:40:58 AM
Thank you for linking that guide. The addresses shown in the web UI aren't very clear on what they are :/.

I did a packet capture and found that ISP was giving me a /56 during DHCPv6.
changed my WAN DHCPv6 settings to:
 Prefix delegation size: 56
request prefix only: off
send prefix hint: on
optional prefix id: blank
optional interface id: blank

And followed the guide for router advertisements setup.
After restarting my local system, SLAAC worked and I could ping internally and externally.

Text only | Text with Images