OPNsense Forum
Archive => 19.7 Legacy Series => Topic started by: opnsensenewbie on September 15, 2019, 05:57:25 pm
-
Hi,
I'm a newbie with IPV6. Taking advantage of switching from DSL to Fiber, I decided to deploy IPV6 on my home network. My home lab is made of an edge firewall (OpnSense) linked to my provider and my 'home' DMZ. Then I've a second FW between this DMZ and my home LAN. Ok, this is of course too much for a home network, but I like to play. :)
Connection to my provider (Orange / France) was quite easy to set up with what I found in French forums and help of Wireshark to duplicate DHCPv4/v6 requests. IPV4 and IPV6 are up and working fine.
My main issue was to configure prefix delegation between my Edge FW (OpnSense) and my second FW. After several evenings working on that, I'm happy to say that it looks like it works. Edge FW has a 2a01:x:x:500::/56 address assigned by my provider. This Edge FW delegates 2a01:x:x:540::/60 to my second FW (In my Edge FW DHCPv6 Leases, I see this IPv6 Delegated Prefixe to my second FW). And my second FW is able to give 2a01:x:x:540::/64 addresses to my home LAN devices.
IPV6 Pings from my DMZ to Internet is working fine.
Unfortunately IPV6 Pings from my home LAN to Internet fail. In fact, I see (Packet Captures) that ping request packets are going through my seconds FW, my edge FW and then go out to Internet. ICMPv6 Replies are coming back from Internet to my edge FW. And then nothing. No message in FW logs.
Something interesting that I noticed in OpnSense system logs
php: /usr/local/opnsense/scripts/dhcp/prefixes.php: The command '/sbin/route add -inet6 '2a01:x:x:540::/60' ''' returned exit code '71', the output was 'route: : hostname nor servname provided, or not known'
It's clear that without a route to my second FW, I have no hope. :)
Could you help me ?
Thanks,
Kind regards,
Franck
-
Little update:
Similar problem found here, I'll work on that :)
https://forum.opnsense.org/index.php?topic=7719.0
Kind regards,
Franck