OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: cmpsalvestrini on December 06, 2018, 12:28:27 pm
-
Recently installed OPNsense and I am happy with it overall, except for a couple of things that have me stumped.
a) when I use fe80::1 as my gateway, OPNSense broadcasts it as fe80::1:1. I have tried configuring a 2001 but the gateway address remains reported as fe80::1:1. This breaks IPv6 traffic towards the Internet (obviously, since fe80::1:1 is not a valid link-local IPv6 address). Yes, I have tried using the bug typing fe80: as my gateway, but no joy :P
b) Using a tunnel broker like HE everything configures well, I get a good gateway and DNS resolvers, but no traffic to the Internet. OPNSense is behind a router that has a DMZ set up for OPNSense's IP address. I must also add that the router has a fairly limited web interface and some of the possibly more interesting configuration options are not available to me, either because they are not installed in the router or because they are locked out / disabled. Therefore, I don't know whether ICMP 41 is being filtered or not. In theory it shouldn't be, since the IP address for OPNSense is a DMZ, but I am out of ideas, I spent the whole night trying to figure this out and I am exhausted. Therefore I would appreciate any assistance in this matter.
-
I'm facing the same thing.
I managed to get IPv6 working with the tunnel brocker, but if I look at my box IP parameters, it says that the default gateway is fe80....
I don't know much about IPv6 yet but I think I should see the public IPv6 of the router as default gateway.
-
Remembering what I know about ipv6, it is an address made up of 8 4-number blocks separated by colons, so an fe80 (link-local) address is also valid for IPv6 routing, unlike IPv4 addresses. that said, the correct syntax should be, for instance, fe80:dead:beef:0c0b:fefe:bada:babe:ff00/64, that or a numerical, xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/64 (for instance 2606:4700:4700::1111/64). The special prefix, fe80::1, translates into fe80:0000:0000:0000:0000:0000:0000:0001 and is a so-called "well known" address that is used for shorthand to designate the default router. That being said and keeping in mind the (admittedly oversimplified) explanation above it's obvious that fe80::1:1 is not a valid ipv6 link-local address, so there must be a bug in the code somewhere. Apart from all the technical mumbo jumbo, how did you get ipv6 working? I'd like to try what you did in my setup when I get home.
-
The default gateway is set by your ISP using PPPoE and DHCPv6 or Track Interface (in most cases).
You don't have to set it explicitly, and it may not be an address in your IPv6 range.
What is your WAN protocol?
Bart...
-
I would think fe80::1:1 is a valid link local and works just as well as any other, but it has been removed from the upcoming 19.1 since its original purpose was not overly useful to begin with (reach the GUI via an easily remembered link local address).
Not sure if you saw this https://docs.opnsense.org/manual/how-tos/ipv6_tunnelbroker.html -- please double check. Ping from the OPNsense to see if your IPv6 is properly configured, then use hostnames, then move to test the clients (they should receive addresses to begin with).
Cheers,
Franco