OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: muchacha_grande on March 12, 2021, 11:08:03 pm
-
Hi, I have a fibre connection of 50/10 Mbit.
My ISP doesn't allow me to configure the modem so the only thing I can do it configure a DMZ pointing to my OPNSense.
Recently my ISP implemented IPv6 and I discovered it by accident while I was connected directly to the GPON router.
So I configured OPNSense to get an IPv6 address via DHCPv6.
It now have IPs v4 and v6 on WAN.
I can ping to Internet from WAN interface, but when I try to ping from LAN or from a PC on LAN it doesn't work.
I noticed that the default IPv6 gateway it fe80::1 and not the IP of the interface or a link-local IP.
The ISP is ginving me a /64 prefix.
I've been making lots of experiments to try to make it work, but nothing. The best thing I get is pinging from WAN.
May be someone can give a clue to test farther.
Thank you
-
64 prefix means you are limited to 1 subnet = wan, so you can not setup ipv6 for your lan/dmz.
"Interfaces -> Overview -> WAN -> IPv6 delegated prefix"
If you have a prefix <=63 you have to setup router advertisement for SLAAC.
-
How can I do to configure SLAAC. Please excuse my ignorance.
-
SLAAC is automatic and on by default. Have you asked your ISP if they are supplying a prefix delegation as well? Might be that they are and you need to adjust some settings to enable it. Check with your ISP and find out how they have implemented Ipv6. If they are only giving a single /64 they are brain dead and I would try and find another ISP
-
Hi @marjohn56, unfortunately here in Argentina it is just like you last said: they are brain dead.
Trying to get some info from the employees that pick up the phone or answer the emails is a waste of time.
If I want a decent service I have to pay for an enterprise grade service that is far unaffordable to me.
That's the reason why I have to make this without ISP help. They are not going to help because the service just work as they expect. Local PCs have dual stack Internet.
When OPNSense ask for an IPv6 vía DHCPv6c, it receives an IP and a delegated prefix. I can see that in Interfaces > Overview > WAN
This is the what I see:
IPv6 link-local fe80::20c:29ff:fe72:f8/64
IPv6 address 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:f8/64
2803:xxxx:xxxx:xxxx::1/128
IPv6 delegated prefix 2803:xxxx:xxxx:xxxx::/64
IPv6 gateway fe80::1
One thing I tested is setting WAN and LAN IPs manually.
Doing a packet capture on WAN while sending a ping to google.com from WAN itself, I can see the conversation with the response, but when I send the ping from LAN, OPNSense doesn't respond to neighbor solicitation that the IPSs router make.
PING from WAN:
No. Source Destination
1 2803:xxxx:xxxx:xxxx::1 2800:3f0:4002:808::200e
Echo (ping) request id=0x083a, seq=0, hop limit=64 (reply in 4)
2 fe80::1 ff02::1:ff00:1
Neighbor Solicitation for 2803:xxxx:xxxx:xxxx::1 from 50:6f:77:7d:dd:57
3 fe80::20c:29ff:fe72:f8 fe80::1
Neighbor Advertisement 2803:xxxx:xxxx:xxxx::1 (rtr, sol, ovr) is at 00:0c:29:72:00:f8
4 2800:3f0:4002:808::200e 2803:xxxx:xxxx:xxxx::1
Echo (ping) reply id=0x083a, seq=0, hop limit=116 (request in 1)
PING from LAN:
No. Source Destination
1 2803:xxxx:xxxx:xxxx:1::1 2800:3f0:4002:808::200e
Echo (ping) request id=0xf8b6, seq=0, hop limit=64 (no response found!)
2 fe80::1 ff02::1:ff00:1
Neighbor Solicitation for 2803:xxxx:xxxx:xxxx:1::1 from 50:6f:77:7d:dd:57
3 fe80::1 ff02::1:ff00:1
Neighbor Solicitation for 2803:xxxx:xxxx:xxxx:1::1 from 50:6f:77:7d:dd:57
4 fe80::1 ff02::1:ff00:1
Neighbor Solicitation for 2803:xxxx:xxxx:xxxx:1::1 from 50:6f:77:7d:dd:57
5 fe80::20c:29ff:fe72:f8 fe80::1
Neighbor Solicitation for fe80::1 from 00:0c:29:72:00:f8
6 fe80::1 fe80::20c:29ff:fe72:f8
Neighbor Advertisement fe80::1 (rtr, sol)
I can see in the second capture that ISP router makes 3 neighbor solicitations and nobody answers, so it gives up and it doesn't forwards the ping response. But I'm not sure of my conclusions.
-
In the dhcp6c settings of the WAN interface is an option for SLA Len or as it's shown there "Prefix delegation size", set it to 64, and see if that helps.
-
It is already set to 64, as it comes as default. I made tests with different values and with "none", but now os set to 64.
-
Can you go Interfaces->Settings, there is a section for dhcp6c, set the log level to debug and save, you'll then need to reboot. When it comes back up, give it 60 seconds or so to settle then go to the system logs and add a search filter dhcp6c, then post the results so we can see what gives.
-
Are you seeing a GUA address on the LAN?
-
In response to your second question, I can see an IPv6 address on LAN. From the Interfaces > Overview > LAN
IPv6 link-local fe80::20c:29ff:fe72:ee/64
IPv6 address 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee/64
EDIT: LAN IPv6 is set to track WAN interface
And I did the dhcp6c debug as you asked. Here it is the filtered log:
2021-03-13T14:55:14 dhcp6c[661] got an expected reply, sleeping.
2021-03-13T14:55:14 dhcp6c[661] removing server (ID: 00:01:00:01:dc:43:e7:91:50:6f:77:7d:dd:57)
2021-03-13T14:55:14 dhcp6c[661] removing an event on em1, state=REQUEST
2021-03-13T14:55:14 dhcp6c[661] script "/var/etc/dhcp6c_wan_script.sh" terminated
2021-03-13T14:55:14 dhcp6c[74388] dhcp6c REQUEST on em1 - running newipv6
2021-03-13T14:55:14 dhcp6c[56067] dhcp6c REQUEST on em1
2021-03-13T14:55:14 dhcp6c[661] executes /var/etc/dhcp6c_wan_script.sh
2021-03-13T14:55:14 dhcp6c[661] add an address 2803:xxxx:xxxx:xxxx::1/128 on em1
2021-03-13T14:55:14 dhcp6c[661] create an address 2803:xxxx:xxxx:xxxx::1 pltime=1209600, vltime=3498554121644045568
2021-03-13T14:55:14 dhcp6c[661] make an IA: NA-0
2021-03-13T14:55:14 dhcp6c[661] add an address 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee/64 on em0_vlan2
2021-03-13T14:55:14 dhcp6c[661] create a prefix 2803:xxxx:xxxx:xxxx::/64 pltime=1209600, vltime=1209600
2021-03-13T14:55:14 dhcp6c[661] nameserver[0] fe80::1
2021-03-13T14:55:14 dhcp6c[661] IA_PD: ID=0, T1=604800, T2=967680
2021-03-13T14:55:14 dhcp6c[661] get DHCP option DNS, len 16
2021-03-13T14:55:14 dhcp6c[661] IA_NA address: 2803:xxxx:xxxx:xxxx::1 pltime=1209600 vltime=1209600
2021-03-13T14:55:14 dhcp6c[661] get DHCP option IA address, len 24
2021-03-13T14:55:14 dhcp6c[661] IA_NA: ID=0, T1=604800, T2=967680
2021-03-13T14:55:14 dhcp6c[661] get DHCP option identity association, len 40
2021-03-13T14:55:14 dhcp6c[661] DUID: 00:01:00:01:dc:43:e7:91:50:6f:77:7d:dd:57
2021-03-13T14:55:14 dhcp6c[661] get DHCP option server ID, len 14
2021-03-13T14:55:14 dhcp6c[661] DUID: 00:01:00:01:27:33:4f:41:00:0c:29:72:00:ee
2021-03-13T14:55:14 dhcp6c[661] get DHCP option client ID, len 14
2021-03-13T14:55:14 dhcp6c[661] receive reply from fe80::1%em1 on em1
2021-03-13T14:55:14 dhcp6c[661] reset a timer on em1, state=REQUEST, timeo=0, retrans=1027
2021-03-13T14:55:14 dhcp6c[661] send request to ff02::1:2%em1
2021-03-13T14:55:14 dhcp6c[661] set IA_PD
2021-03-13T14:55:14 dhcp6c[661] set option request (len 4)
2021-03-13T14:55:14 dhcp6c[661] set server ID (len 14)
2021-03-13T14:55:14 dhcp6c[661] set client ID (len 14)
2021-03-13T14:55:14 dhcp6c[661] a new XID (787e29) is generated
2021-03-13T14:55:14 dhcp6c[661] Sending Request
2021-03-13T14:55:14 dhcp6c[661] server ID: 00:01:00:01:dc:43:e7:91:50:6f:77:7d:dd:57, pref=255
2021-03-13T14:55:14 dhcp6c[661] IA_PD prefix: 2803:xxxx:xxxx:xxxx::/64 pltime=1209600 vltime=106523780084992
2021-03-13T14:55:14 dhcp6c[661] get DHCP option IA_PD prefix, len 25
2021-03-13T14:55:14 dhcp6c[661] IA_PD: ID=0, T1=604800, T2=967680
2021-03-13T14:55:14 dhcp6c[661] get DHCP option IA_PD, len 41
2021-03-13T14:55:14 dhcp6c[661] get DHCP option DNS, len 16
2021-03-13T14:55:14 dhcp6c[661] status code: success
2021-03-13T14:55:14 dhcp6c[661] get DHCP option status code, len 2
2021-03-13T14:55:14 dhcp6c[661] preference: 255
2021-03-13T14:55:14 dhcp6c[661] get DHCP option preference, len 1
2021-03-13T14:55:14 dhcp6c[661] IA_NA address: 2803:xxxx:xxxx:xxxx::1 pltime=1209600 vltime=1209600
2021-03-13T14:55:14 dhcp6c[661] get DHCP option IA address, len 24
2021-03-13T14:55:14 dhcp6c[661] IA_NA: ID=0, T1=604800, T2=967680
2021-03-13T14:55:14 dhcp6c[661] get DHCP option identity association, len 40
2021-03-13T14:55:14 dhcp6c[661] DUID: 00:01:00:01:dc:43:e7:91:50:6f:77:7d:dd:57
2021-03-13T14:55:14 dhcp6c[661] get DHCP option server ID, len 14
2021-03-13T14:55:14 dhcp6c[661] DUID: 00:01:00:01:27:33:4f:41:00:0c:29:72:00:ee
2021-03-13T14:55:14 dhcp6c[661] get DHCP option client ID, len 14
2021-03-13T14:55:14 dhcp6c[661] receive advertise from fe80::1%em1 on em1
2021-03-13T14:55:14 dhcp6c[661] reset a timer on em1, state=SOLICIT, timeo=0, retrans=1038
2021-03-13T14:55:14 dhcp6c[661] send solicit to ff02::1:2%em1
2021-03-13T14:55:14 dhcp6c[661] set IA_PD
2021-03-13T14:55:14 dhcp6c[661] set IA_PD prefix
2021-03-13T14:55:14 dhcp6c[661] set option request (len 4)
2021-03-13T14:55:14 dhcp6c[661] set elapsed time (len 2)
2021-03-13T14:55:14 dhcp6c[661] set identity association
2021-03-13T14:55:14 dhcp6c[661] set client ID (len 14)
2021-03-13T14:55:14 dhcp6c[661] a new XID (73ad39) is generated
2021-03-13T14:55:14 dhcp6c[661] Sending Solicit
2021-03-13T14:55:13 dhcp6c[661] got an expected reply, sleeping.
2021-03-13T14:55:13 dhcp6c[661] removing an event on em1, state=RELEASE
2021-03-13T14:55:13 dhcp6c[661] script "/var/etc/dhcp6c_wan_script.sh" terminated
2021-03-13T14:55:13 dhcp6c[81065] dhcp6c RELEASE on em1 - running newipv6
2021-03-13T14:55:13 dhcp6c[50415] dhcp6c RELEASE on em1
2021-03-13T14:55:13 dhcp6c[661] executes /var/etc/dhcp6c_wan_script.sh
2021-03-13T14:55:13 dhcp6c[661] status code: success
2021-03-13T14:55:13 dhcp6c[661] Received REPLY for RELEASE
2021-03-13T14:55:13 dhcp6c[661] status code: success
2021-03-13T14:55:13 dhcp6c[661] get DHCP option status code, len 2
2021-03-13T14:55:13 dhcp6c[661] DUID: 00:01:00:01:dc:43:e7:91:50:6f:77:7d:dd:57
2021-03-13T14:55:13 dhcp6c[661] get DHCP option server ID, len 14
2021-03-13T14:55:13 dhcp6c[661] DUID: 00:01:00:01:27:33:4f:41:00:0c:29:72:00:ee
2021-03-13T14:55:13 dhcp6c[661] get DHCP option client ID, len 14
2021-03-13T14:55:13 dhcp6c[661] receive reply from fe80::1%em1 on em1
2021-03-13T14:55:13 dhcp6c[661] got an expected reply, sleeping.
2021-03-13T14:55:13 dhcp6c[661] removing an event on em1, state=RELEASE
2021-03-13T14:55:13 dhcp6c[661] script "/var/etc/dhcp6c_wan_script.sh" terminated
2021-03-13T14:55:13 dhcp6c[14868] dhcp6c RELEASE on em1 - running newipv6
2021-03-13T14:55:13 dhcp6c[750] dhcp6c RELEASE on em1
2021-03-13T14:55:13 dhcp6c[661] executes /var/etc/dhcp6c_wan_script.sh
2021-03-13T14:55:13 dhcp6c[661] status code: success
2021-03-13T14:55:13 dhcp6c[661] Received REPLY for RELEASE
2021-03-13T14:55:13 dhcp6c[661] status code: success
2021-03-13T14:55:13 dhcp6c[661] get DHCP option status code, len 2
2021-03-13T14:55:13 dhcp6c[661] DUID: 00:01:00:01:dc:43:e7:91:50:6f:77:7d:dd:57
2021-03-13T14:55:13 dhcp6c[661] get DHCP option server ID, len 14
2021-03-13T14:55:13 dhcp6c[661] DUID: 00:01:00:01:27:33:4f:41:00:0c:29:72:00:ee
2021-03-13T14:55:13 dhcp6c[661] get DHCP option client ID, len 14
2021-03-13T14:55:13 dhcp6c[661] receive reply from fe80::1%em1 on em1
2021-03-13T14:55:13 dhcp6c[661] reset a timer on em1, state=INIT, timeo=0, retrans=913
2021-03-13T14:55:13 dhcp6c[661] called
2021-03-13T14:55:13 dhcp6c[661] called
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[0] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[sla-len] (7)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[0] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[sla-id] (6)
2021-03-13T14:55:13 dhcp6c[661] <3>begin of closure [{] (1)
2021-03-13T14:55:13 dhcp6c[661] <5>[em0_vlan2] (9)
2021-03-13T14:55:13 dhcp6c[661] <3>[prefix-interface] (16)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[infinity] (8)
2021-03-13T14:55:13 dhcp6c[661] <3>[64] (2)
2021-03-13T14:55:13 dhcp6c[661] <3>[/] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[::] (2)
2021-03-13T14:55:13 dhcp6c[661] <3>[prefix] (6)
2021-03-13T14:55:13 dhcp6c[661] <13>begin of closure [{] (1)
2021-03-13T14:55:13 dhcp6c[661] <13>[0] (1)
2021-03-13T14:55:13 dhcp6c[661] <13>[pd] (2)
2021-03-13T14:55:13 dhcp6c[661] <3>[id-assoc] (8)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <13>[na] (2)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
2021-03-13T14:55:13 dhcp6c[661] <3>[script] (6)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[domain-name] (11)
2021-03-13T14:55:13 dhcp6c[661] <3>[request] (7)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[domain-name-servers] (19)
2021-03-13T14:55:13 dhcp6c[661] <3>[request] (7)
2021-03-13T14:55:13 dhcp6c[661] <3>comment [# request prefix delegation] (27)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[0] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[ia-pd] (5)
2021-03-13T14:55:13 dhcp6c[661] <3>[send] (4)
2021-03-13T14:55:13 dhcp6c[661] <3>comment [# request stateful address] (26)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[0] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[ia-na] (5)
2021-03-13T14:55:13 dhcp6c[661] <3>[send] (4)
2021-03-13T14:55:13 dhcp6c[661] <3>begin of closure [{] (1)
2021-03-13T14:55:13 dhcp6c[661] <5>[em1] (3)
2021-03-13T14:55:13 dhcp6c[661] <3>[interface] (9)
2021-03-13T14:55:13 dhcp6c[661] duplicated interface: em1
2021-03-13T14:55:13 dhcp6c[661] called
2021-03-13T14:55:13 dhcp6c[661] called
2021-03-13T14:55:13 dhcp6c[661] <3>end of closure [}] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>end of closure [}] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[sla-len] (7)
2021-03-13T14:55:13 dhcp6c[661] <5>[em0_vlan2] (9)
2021-03-13T14:55:13 dhcp6c[661] <3>[prefix-interface] (16)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[infinity] (8)
2021-03-13T14:55:13 dhcp6c[661] <3>[64] (2)
2021-03-13T14:55:13 dhcp6c[661] <3>[::] (2)
2021-03-13T14:55:13 dhcp6c[661] <3>[prefix] (6)
2021-03-13T14:55:13 dhcp6c[661] <13>[0] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[id-assoc] (8)
2021-03-13T14:55:13 dhcp6c[661] <13>begin of closure [{] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>comment [# we'd like some nameservers please] (35)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[script] (6)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[request] (7)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[domain-name-servers] (19)
2021-03-13T14:55:13 dhcp6c[661] <3>[request] (7)
2021-03-13T14:55:13 dhcp6c[661] <3>comment [# request prefix delegation] (27)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[0] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[ia-pd] (5)
2021-03-13T14:55:13 dhcp6c[661] <3>[send] (4)
2021-03-13T14:55:13 dhcp6c[661] <3>comment [# request stateful address] (26)
2021-03-13T14:55:13 dhcp6c[661] <3>end of sentence [;] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[0] (1)
2021-03-13T14:55:13 dhcp6c[661] <3>[ia-na] (5)
2021-03-13T14:55:13 dhcp6c[661] <3>[send] (4)
2021-03-13T14:55:13 dhcp6c[661] <3>begin of closure [{] (1)
2021-03-13T14:55:13 dhcp6c[661] <5>[em1] (3)
2021-03-13T14:55:13 dhcp6c[661] <3>[interface] (9)
2021-03-13T14:55:13 dhcp6c[661] removing an event on em1, state=INIT
2021-03-13T14:55:13 dhcp6c[661] removing an event on em1, state=INIT
2021-03-13T14:55:13 dhcp6c[661] reset a timer on em1, state=INIT, timeo=0, retrans=192
2021-03-13T14:55:13 dhcp6c[661] remove an address 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee/64 on em0_vlan2
2021-03-13T14:55:13 dhcp6c[661] remove a site prefix 2803:xxxx:xxxx:xxxx::/64
2021-03-13T14:55:13 dhcp6c[661] remove an IA: PD-0
2021-03-13T14:55:13 dhcp6c[661] send release to ff02::1:2%em1
2021-03-13T14:55:13 dhcp6c[661] set IA_PD
2021-03-13T14:55:13 dhcp6c[661] set elapsed time (len 2)
2021-03-13T14:55:13 dhcp6c[661] set client ID (len 14)
2021-03-13T14:55:13 dhcp6c[661] release an IA: PD-0
2021-03-13T14:55:13 dhcp6c[661] Start address release
2021-03-13T14:55:13 dhcp6c[661] reset a timer on em1, state=INIT, timeo=0, retrans=244
2021-03-13T14:55:13 dhcp6c[661] remove an address 2803:xxxx:xxxx:xxxx::1/128 on em1
2021-03-13T14:55:13 dhcp6c[661] remove an address 2803:xxxx:xxxx:xxxx::1
2021-03-13T14:55:13 dhcp6c[661] remove an IA: NA-0
2021-03-13T14:55:13 dhcp6c[661] send release to ff02::1:2%em1
2021-03-13T14:55:13 dhcp6c[661] set elapsed time (len 2)
2021-03-13T14:55:13 dhcp6c[661] set identity association
2021-03-13T14:55:13 dhcp6c[661] set IA address
2021-03-13T14:55:13 dhcp6c[661] set server ID (len 14)
2021-03-13T14:55:13 dhcp6c[661] set client ID (len 14)
2021-03-13T14:55:13 dhcp6c[661] a new XID (541122) is generated
2021-03-13T14:55:13 dhcp6c[661] Sending Release
2021-03-13T14:55:13 dhcp6c[661] reset a timer on em1, state=RELEASE, timeo=0, retrans=1025
2021-03-13T14:55:13 dhcp6c[661] release an IA: NA-0
2021-03-13T14:55:13 dhcp6c[661] Start address release
2021-03-13T14:55:13 dhcp6c[661] restarting
2021-03-13T14:55:13 dhcp6c[61388] RTSOLD script - Sending SIGHUP to dhcp6c
2021-03-13T14:55:13 dhcp6c[661] got an expected reply, sleeping.
2021-03-13T14:55:13 dhcp6c[661] removing server (ID: 00:01:00:01:dc:43:e7:91:50:6f:77:7d:dd:57)
2021-03-13T14:55:13 dhcp6c[661] removing an event on em1, state=REQUEST
2021-03-13T14:55:13 dhcp6c[661] script "/var/etc/dhcp6c_wan_script.sh" terminated
2021-03-13T14:55:13 dhcp6c[43329] dhcp6c REQUEST on em1 - running newipv6
2021-03-13T14:55:13 dhcp6c[22714] dhcp6c REQUEST on em1
2021-03-13T14:55:13 dhcp6c[661] executes /var/etc/dhcp6c_wan_script.sh
2021-03-13T14:55:13 dhcp6c[661] add an address 2803:xxxx:xxxx:xxxx::1/128 on em1
2021-03-13T14:55:13 dhcp6c[661] create an address 2803:xxxx:xxxx:xxxx::1 pltime=1209600, vltime=3498554121644045568
2021-03-13T14:55:13 dhcp6c[661] make an IA: NA-0
2021-03-13T14:55:13 dhcp6c[661] add an address 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee/64 on em0_vlan2
2021-03-13T14:55:13 dhcp6c[661] create a prefix 2803:xxxx:xxxx:xxxx::/64 pltime=1209600, vltime=1209600
2021-03-13T14:55:13 dhcp6c[661] make an IA: PD-0
2021-03-13T14:55:13 dhcp6c[661] nameserver[0] fe80::1
2021-03-13T14:55:13 dhcp6c[661] IA_PD prefix: 2803:xxxx:xxxx:xxxx::/64 pltime=1209600 vltime=106523780084992
2021-03-13T14:55:13 dhcp6c[661] get DHCP option IA_PD prefix, len 25
2021-03-13T14:55:13 dhcp6c[661] IA_PD: ID=0, T1=604800, T2=967680
2021-03-13T14:55:13 dhcp6c[661] get DHCP option IA_PD, len 41
2021-03-13T14:55:13 dhcp6c[661] get DHCP option DNS, len 16
2021-03-13T14:55:13 dhcp6c[661] IA_NA address: 2803:xxxx:xxxx:xxxx::1 pltime=1209600 vltime=1209600
2021-03-13T14:55:13 dhcp6c[661] get DHCP option IA address, len 24
2021-03-13T14:55:13 dhcp6c[661] IA_NA: ID=0, T1=604800, T2=967680
2021-03-13T14:55:13 dhcp6c[661] get DHCP option identity association, len 40
2021-03-13T14:55:13 dhcp6c[661] DUID: 00:01:00:01:dc:43:e7:91:50:6f:77:7d:dd:57
2021-03-13T14:55:13 dhcp6c[661] get DHCP option server ID, len 14
2021-03-13T14:55:13 dhcp6c[661] DUID: 00:01:00:01:27:33:4f:41:00:0c:29:72:00:ee
2021-03-13T14:55:13 dhcp6c[661] get DHCP option client ID, len 14
2021-03-13T14:55:13 dhcp6c[661] receive reply from fe80::1%em1 on em1
2021-03-13T14:55:13 dhcp6c[661] reset a timer on em1, state=REQUEST, timeo=0, retrans=911
2021-03-13T14:55:13 dhcp6c[661] send request to ff02::1:2%em1
2021-03-13T14:55:13 dhcp6c[661] set IA_PD
2021-03-13T14:55:13 dhcp6c[661] set option request (len 4)
2021-03-13T14:55:13 dhcp6c[661] set server ID (len 14)
2021-03-13T14:55:13 dhcp6c[661] set client ID (len 14)
2021-03-13T14:55:13 dhcp6c[661] a new XID (5c7dda) is generated
2021-03-13T14:55:13 dhcp6c[661] Sending Request
2021-03-13T14:55:13 dhcp6c[661] server ID: 00:01:00:01:dc:43:e7:91:50:6f:77:7d:dd:57, pref=255
2021-03-13T14:55:13 dhcp6c[661] IA_PD prefix: 2803:xxxx:xxxx:xxxx::/64 pltime=1209600 vltime=106523780084992
2021-03-13T14:55:13 dhcp6c[661] get DHCP option IA_PD prefix, len 25
2021-03-13T14:55:13 dhcp6c[661] IA_PD: ID=0, T1=604800, T2=967680
2021-03-13T14:55:13 dhcp6c[661] get DHCP option IA_PD, len 41
2021-03-13T14:55:13 dhcp6c[661] get DHCP option DNS, len 16
2021-03-13T14:55:13 dhcp6c[661] status code: success
2021-03-13T14:55:13 dhcp6c[661] get DHCP option status code, len 2
2021-03-13T14:55:13 dhcp6c[661] preference: 255
2021-03-13T14:55:13 dhcp6c[661] get DHCP option preference, len 1
2021-03-13T14:55:13 dhcp6c[661] IA_NA address: 2803:xxxx:xxxx:xxxx::1 pltime=1209600 vltime=1209600
2021-03-13T14:55:13 dhcp6c[661] get DHCP option IA address, len 24
2021-03-13T14:55:13 dhcp6c[661] IA_NA: ID=0, T1=604800, T2=967680
2021-03-13T14:55:13 dhcp6c[661] get DHCP option identity association, len 40
2021-03-13T14:55:13 dhcp6c[661] DUID: 00:01:00:01:dc:43:e7:91:50:6f:77:7d:dd:57
2021-03-13T14:55:13 dhcp6c[661] get DHCP option server ID, len 14
2021-03-13T14:55:13 dhcp6c[661] DUID: 00:01:00:01:27:33:4f:41:00:0c:29:72:00:ee
2021-03-13T14:55:13 dhcp6c[661] get DHCP option client ID, len 14
2021-03-13T14:55:13 dhcp6c[661] receive advertise from fe80::1%em1 on em1
2021-03-13T14:55:13 dhcp6c[661] reset a timer on em1, state=SOLICIT, timeo=1, retrans=2083
2021-03-13T14:55:13 dhcp6c[661] send solicit to ff02::1:2%em1
2021-03-13T14:55:13 dhcp6c[661] set IA_PD
2021-03-13T14:55:13 dhcp6c[661] set IA_PD prefix
2021-03-13T14:55:13 dhcp6c[661] set option request (len 4)
2021-03-13T14:55:13 dhcp6c[661] set elapsed time (len 2)
2021-03-13T14:55:13 dhcp6c[661] set identity association
2021-03-13T14:55:13 dhcp6c[661] set client ID (len 14)
2021-03-13T14:55:13 dhcp6c[661] Sending Solicit
2021-03-13T14:55:12 dhcp6c[661] reset a timer on em1, state=SOLICIT, timeo=0, retrans=1091
2021-03-13T14:55:12 dhcp6c[661] transmit failed: Can't assign requested address
2021-03-13T14:55:12 dhcp6c[661] set IA_PD
2021-03-13T14:55:12 dhcp6c[661] set IA_PD prefix
2021-03-13T14:55:12 dhcp6c[661] set option request (len 4)
2021-03-13T14:55:12 dhcp6c[661] set elapsed time (len 2)
2021-03-13T14:55:12 dhcp6c[661] set identity association
2021-03-13T14:55:12 dhcp6c[661] set client ID (len 14)
2021-03-13T14:55:12 dhcp6c[661] a new XID (ec2309) is generated
2021-03-13T14:55:12 dhcp6c[661] Sending Solicit
2021-03-13T14:55:11 dhcp6c[661] reset a timer on em1, state=INIT, timeo=0, retrans=891
2021-03-13T14:55:11 dhcp6c[89498] called
2021-03-13T14:55:11 dhcp6c[89498] called
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of closure [}] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[0] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[sla-id] (6)
2021-03-13T14:55:11 dhcp6c[89498] <3>begin of closure [{] (1)
2021-03-13T14:55:11 dhcp6c[89498] <5>[em0_vlan2] (9)
2021-03-13T14:55:11 dhcp6c[89498] <3>[prefix-interface] (16)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[infinity] (8)
2021-03-13T14:55:11 dhcp6c[89498] <3>[64] (2)
2021-03-13T14:55:11 dhcp6c[89498] <3>[/] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[prefix] (6)
2021-03-13T14:55:11 dhcp6c[89498] <13>[pd] (2)
2021-03-13T14:55:11 dhcp6c[89498] <3>[id-assoc] (8)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of closure [}] (1)
2021-03-13T14:55:11 dhcp6c[89498] <13>begin of closure [{] (1)
2021-03-13T14:55:11 dhcp6c[89498] <13>[0] (1)
2021-03-13T14:55:11 dhcp6c[89498] <13>[na] (2)
2021-03-13T14:55:11 dhcp6c[89498] <3>[id-assoc] (8)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of closure [}] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>comment [# we'd like some nameservers please] (35)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
2021-03-13T14:55:11 dhcp6c[89498] <3>[script] (6)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[domain-name] (11)
2021-03-13T14:55:11 dhcp6c[89498] <3>[request] (7)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[domain-name-servers] (19)
2021-03-13T14:55:11 dhcp6c[89498] <3>[request] (7)
2021-03-13T14:55:11 dhcp6c[89498] <3>comment [# request prefix delegation] (27)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[0] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[ia-pd] (5)
2021-03-13T14:55:11 dhcp6c[89498] <3>[send] (4)
2021-03-13T14:55:11 dhcp6c[89498] <3>comment [# request stateful address] (26)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[0] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[ia-na] (5)
2021-03-13T14:55:11 dhcp6c[89498] <3>[send] (4)
2021-03-13T14:55:11 dhcp6c[89498] <3>begin of closure [{] (1)
2021-03-13T14:55:11 dhcp6c[89498] <5>[em1] (3)
2021-03-13T14:55:11 dhcp6c[89498] <3>[interface] (9)
2021-03-13T14:55:11 dhcp6c[89498] called
2021-03-13T14:55:11 dhcp6c[89498] called
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of closure [}] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[0] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[sla-len] (7)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[0] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[sla-id] (6)
2021-03-13T14:55:11 dhcp6c[89498] <3>begin of closure [{] (1)
2021-03-13T14:55:11 dhcp6c[89498] <5>[em0_vlan2] (9)
2021-03-13T14:55:11 dhcp6c[89498] <3>[prefix-interface] (16)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[64] (2)
2021-03-13T14:55:11 dhcp6c[89498] <13>begin of closure [{] (1)
2021-03-13T14:55:11 dhcp6c[89498] <13>[pd] (2)
2021-03-13T14:55:11 dhcp6c[89498] <3>[id-assoc] (8)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of closure [}] (1)
2021-03-13T14:55:11 dhcp6c[89498] <13>begin of closure [{] (1)
2021-03-13T14:55:11 dhcp6c[89498] <13>[0] (1)
2021-03-13T14:55:11 dhcp6c[89498] <13>[na] (2)
2021-03-13T14:55:11 dhcp6c[89498] <3>[id-assoc] (8)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of closure [}] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>comment [# we'd like some nameservers please] (35)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
2021-03-13T14:55:11 dhcp6c[89498] <3>[script] (6)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[domain-name] (11)
2021-03-13T14:55:11 dhcp6c[89498] <3>[request] (7)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[domain-name-servers] (19)
2021-03-13T14:55:11 dhcp6c[89498] <3>[request] (7)
2021-03-13T14:55:11 dhcp6c[89498] <3>comment [# request prefix delegation] (27)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[0] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[ia-pd] (5)
2021-03-13T14:55:11 dhcp6c[89498] <3>[send] (4)
2021-03-13T14:55:11 dhcp6c[89498] <3>comment [# request stateful address] (26)
2021-03-13T14:55:11 dhcp6c[89498] <3>end of sentence [;] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[0] (1)
2021-03-13T14:55:11 dhcp6c[89498] <3>[ia-na] (5)
2021-03-13T14:55:11 dhcp6c[89498] <3>[send] (4)
2021-03-13T14:55:11 dhcp6c[89498] <3>begin of closure [{] (1)
2021-03-13T14:55:11 dhcp6c[89498] <5>[em1] (3)
2021-03-13T14:55:11 dhcp6c[89498] <3>[interface] (9)
2021-03-13T14:55:11 dhcp6c[89498] extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:27:33:4f:41:00:0c:29:72:00:ee
2021-03-13T14:55:11 dhcp6c[65320] RTSOLD script - Starting dhcp6 client
-
That look good. If you can ping from the wan then the gateway is working. Are your LAN clients getting GUA by addresses?
-
No... I didn't start dhcp nor ra service on lan yet... should they receive an address?
EDIT: I don't see RA nor DHCPv6 to start anyway
-
Just let it do its thing, turn off the manual override, radvd and dhcpv6 will be set for you. Then check to see if clients are getting a gua.
-
Sorry, misread your message, if you have the LAN set to track the wan interface, then radvd and dhcpv6 should be running already.
-
Services radvd & dhcpv6 are running as you pointed out.
My Windows 8 is getting the following:
IPv6 Address 2803:xxxx:xxxx:xxxx:a57e:5d63:f83b:9e0d
Temp IPv6 address 2803:xxxx:xxxx:xxxx:b1ab:fe5b:4ec4:e288
IPv6 Link-local address fe80::a57e:5d63:f83b:9e0d%41
Default gateway IPv6 fe80::20c:29ff:fe72:ee%41
One thing I have just noticed is that I can't ping to router GUA addresses but I can ping to link-local addresses
-
So from your PC you cannot ping the gateway LAN GUA ?
-
So from your PC you cannot ping the gateway LAN GUA ?
Right
-
What rules are set in the firewall for LAN, have you allowed IPv6?
-
I'm allowing everything, IPv4 and 6
-
Can you ping the client from the LAN interface in Interfaces->Diagnostics? Make sure to select the LAN interface and IPv6.
-
Didn't work with GUA addresses... the only thing that worked it selecting LAN and IPv6 Link-Local
-
That makes no sense. if they both have a GUA and its in the same subnet and they are both /64 masks it has to work unless the firewall is blocking and you say it isn't. Can you PM me the addresses of both the LAN and the PC you are trying to ping from.
-
better still, do an ifconfig from the shell and send me that, along with the output of ifconfig from the client it its linux or ipconfig /all if its a PC
-
This from OPNSense:
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=810098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
ether 00:0c:29:72:00:ee
inet6 fe80::20c:29ff:fe72:ee%em0 prefixlen 64 scopeid 0x1
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=810098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
ether 00:0c:29:72:00:f8
inet 192.168.100.254 netmask 0xffffff00 broadcast 192.168.100.255
inet6 fe80::20c:29ff:fe72:f8%em1 prefixlen 64 scopeid 0x2
inet6 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:f8 prefixlen 64 autoconf
inet6 2803:xxxx:xxxx:xxxx::1 prefixlen 128
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
groups: enc
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=100<PROMISC> metric 0 mtu 33160
groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
syncpeer: 0.0.0.0 maxupd: 128 defer: off
groups: pfsync
em0_vlan2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:0c:29:72:00:ee
inet6 fe80::20c:29ff:fe72:ee%em0_vlan2 prefixlen 64 scopeid 0x7
inet6 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee prefixlen 64
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
groups: vlan
vlan: 2 vlanpcp: 0 parent interface: em0
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
I cutted off the rest of the vlans because they only have IPv4, for now.
And this is from my Windows 8 box:
Adaptador de Ethernet Ethernet:
Sufijo DNS específico para la conexión. . : muchachagrande.com.ar
Descripción . . . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller #3
Dirección física. . . . . . . . . . . . . : 70-54-D2-CB-70-86
DHCP habilitado . . . . . . . . . . . . . : sí
Configuración automática habilitada . . . : sí
Dirección IPv6 . . . . . . . . . . : 2803:xxxx:xxxx:xxxx:a57e:5d63:f83b:9e0d(Preferido)
Dirección IPv6 temporal. . . . . . : 2803:xxxx:xxxx:xxxx:b1ab:fe5b:4ec4:e288(Preferido)
Vínculo: dirección IPv6 local. . . : fe80::a57e:5d63:f83b:9e0d%41(Preferido)
Dirección IPv4. . . . . . . . . . . . . . : 192.168.2.10(Preferido)
Máscara de subred . . . . . . . . . . . . : 255.255.255.0
Concesión obtenida. . . . . . . . . . . . : sábado, 13 de marzo de 2021 11:06:45 a.m.
La concesión expira . . . . . . . . . . . : sábado, 13 de marzo de 2021 11:13:13 p.m.
Puerta de enlace predeterminada . . . . . : fe80::20c:29ff:fe72:ee%41
192.168.2.1
Servidor DHCP . . . . . . . . . . . . . . : 192.168.2.1
IAID DHCPv6 . . . . . . . . . . . . . . . : 779113682
DUID de cliente DHCPv6. . . . . . . . . . : 00-01-00-01-18-C7-EF-5A-70-54-D2-CB-70-86
Servidores DNS. . . . . . . . . . . . . . : 192.168.2.1
NetBIOS sobre TCP/IP. . . . . . . . . . . : habilitado
I did a packet capture on Windows side while making a ping. I captured only ICMPv6 packets.
For some reason, the PC does a network solicitaion to find out the MAC of the destination IP, but OPNSense doesn't respond.
No. Source Destination
1 2803:xxxx:xxxx:xxxx:b1ab:fe5b:4ec4:e288 ff02::1:ff72:ee
Neighbor Solicitation for 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee from 70:54:d2:cb:70:86
2 2803:xxxx:xxxx:xxxx:b1ab:fe5b:4ec4:e288 ff02::1:ff72:ee
Neighbor Solicitation for 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee from 70:54:d2:cb:70:86
3 2803:xxxx:xxxx:xxxx:b1ab:fe5b:4ec4:e288 ff02::1:ff72:ee
Neighbor Solicitation for 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee from 70:54:d2:cb:70:86
4 2803:xxxx:xxxx:xxxx:b1ab:fe5b:4ec4:e288 ff02::1:ff72:ee
Neighbor Solicitation for 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee from 70:54:d2:cb:70:86
5 2803:xxxx:xxxx:xxxx:b1ab:fe5b:4ec4:e288 ff02::1:ff72:ee
Neighbor Solicitation for 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee from 70:54:d2:cb:70:86
6 2803:xxxx:xxxx:xxxx:b1ab:fe5b:4ec4:e288 ff02::1:ff72:ee
Neighbor Solicitation for 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee from 70:54:d2:cb:70:86
7 2803:xxxx:xxxx:xxxx:b1ab:fe5b:4ec4:e288 ff02::1:ff72:ee
Neighbor Solicitation for 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee from 70:54:d2:cb:70:86
8 2803:xxxx:xxxx:xxxx:b1ab:fe5b:4ec4:e288 ff02::1:ff72:ee
Neighbor Solicitation for 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee from 70:54:d2:cb:70:86
9 2803:xxxx:xxxx:xxxx:b1ab:fe5b:4ec4:e288 ff02::1:ff72:ee
Neighbor Solicitation for 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee from 70:54:d2:cb:70:86
10 2803:xxxx:xxxx:xxxx:b1ab:fe5b:4ec4:e288 ff02::1:ff72:ee
Neighbor Solicitation for 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee from 70:54:d2:cb:70:86
-
Sorry for interrupting, but I have to ask the obvious question: Is the 2803:xxxx:xxxx:xxxx part on em1 different from the 2803:xxxx:xxxx:xxxx part on em0_vlan2? The obfuscation makes it impossible to tell.
-
How come there is a vlan on em0, that's the WAN interface isn't it? If it's not, and its just named wrong you cannot have two interfaces with the same /64 on them. Not even sure how you've even managed that..
So tell us, what is the parent interface for that vlan?
-
em0 is an IPv4-only LAN (untagged), em0_vlan2 is the dual-stack LAN, em1 is the WAN. All good. But the question is indeed: Do WAN and LAN have the same prefix? I very much suspect so...
-
That's right @Maurice.
em0 is the original LAN interface.
After a while I've got a managed switch and I separated the net in different vlans.
em0_vlan2 is the new working vlan. em0 is the untagged vlan.
-
Sorry for interrupting, but I have to ask the obvious question: Is the 2803:xxxx:xxxx:xxxx part on em1 different from the 2803:xxxx:xxxx:xxxx part on em0_vlan2? The obfuscation makes it impossible to tell.
No, they are the same. It is a /64 preffix... I have to manage using the 64 bits that my ISP left me.
To start from scratch I temporally connected to em0, so I'm not on a vlan anymore, for now.
When I set IPv6 to tracking WAN on em0, the results were the same as with em0_vlan2.
Then, I set a manual IPv6 2803:xxxx:xxxx:xxxx:1::1/80 on em0 and configured radvd and dhcp6.
Now, my PC receives a /80 address and can ping router LAN IP and WAN IP, but still can't ping outside.
Doing a packet inspection on WAN/ICMPv6 I realize that it happens the same thing that when sending a ping from router LAN. When the ISP router does a Neighbor Solicitation to know where to send the ping response, OPNSense doesn't respond with the Neighbor Advertisement.
-
Not sure what's going on because of the obfuscation, but
2021-03-13T14:55:14 dhcp6c[661] add an address 2803:xxxx:xxxx:xxxx::1/128 on em1
2021-03-13T14:55:14 dhcp6c[661] create an address 2803:xxxx:xxxx:xxxx::1 pltime=1209600, vltime=3498554121644045568
2021-03-13T14:55:14 dhcp6c[661] make an IA: NA-0
2021-03-13T14:55:14 dhcp6c[661] add an address 2803:xxxx:xxxx:xxxx:20c:29ff:fe72:ee/64 on em0_vlan2
2021-03-13T14:55:14 dhcp6c[661] create a prefix 2803:xxxx:xxxx:xxxx::/64 pltime=1209600, vltime=1209600
Try turning on request prefix only.
-
See, that's the issue. You can't have the same prefix on the WAN and the LAN. This is caused by the GPON router delegating the same /64 as the one that it uses for its own LAN. This kind of broken Prefix Delegation is not uncommon with crappy ISP-provided routers. I can dig out the link to a discussion with someone who's router provided by their Swiss ISP did exactly the same thing, but I think it was in the German forum.
Unfortunately, unless you can switch the GPON router to bridged mode or replace it with your own ONT, there is not a lot you can do. Your ISP would have to fix this. And I understand that this is unlikely.
Cheers
Maurice
-
That's why I am hoping that turning on request prefix only will make dhcp6c not apply an address to the WAN, but only the LAN. Then it should use link-local to the ISP, that's the thought, whether that actually happens I'm not certain, but I can go and test it.
-
OPNsense will still autoconfigure a WAN address and prefix using SLAAC. You can't disable that, can you (I seriously don't know)?
Even if you can: Since the GPON router uses this prefix for its own LAN, it will do Neighbor Discovery for these destination addresses and not route them to OPNsense. This would require an NDP proxy which OPNsense doesn't have.
But giving it a try doesn't hurt, you're right. :)
-
Certainly on my test router selecting prefix only does stop a GUA being set on the WAN, but no route to the primary router.
-
Ah.. missed the blindingly[size=78%] [/size][/size]obvious.[size=78%][/size][size=78%].. [/size][/size]the ISP supplied device will be in the same subnet... sorry, completely passed me by, I'm tired, going back to sleep. :-[ [size=78%]
-
Thank you marjohn56 and Maurice. I will try "request prefix only". Now I understand the problem a little more.
I'm used to these kind of troubles with flaw services here in Argentina.
-
Well, after testing "request prefix only" I can say that it didn't work.
Now I will be on IPv4 until I decide what to do with this service. It is possible that I change to another ISP.
Thank you again to both of you and regards...
-
OPNsense will still autoconfigure a WAN address and prefix using SLAAC. You can't disable that, can you (I seriously don't know)?
OPNsense should only autoconfigure if the A-flag is set in the Router Advertisment from the ISP router.
To fix this problem of the same prefix appearing on the WAN via SLAAC, and on the LAN from DHCP-PD, you need need to unset the RA's A-flag on the ISP router. Then on OPNsense set the WAN to "Request only an IPv6 prefix".
So, what config settings are available on the ISP router. It may appear as a "Managed" option like OPNsense does.
This sound logical?
Ramblings: Not sure if the RA on-link L-flag would confuse OPNsense as it would be informed that the prefix was "on the wire" (WAN), but see if the above is available and it may just work. Also, if the prefix still existed on the ISP router interface, I don't think it would route properly to OPNsense. Got'a be some piece of the the ISP router configuration we're not seeing.
-
Got'a be some piece of the the ISP router configuration we're not seeing.
Hi priller. The problem is that my ISP doesn't even allow me to enter to the GPON ans see what's inside.
May be, if I ask the ISP to upgrade the service bandwidth they bring me a newer device, and just may be, that device works better with IPv6.
-
@Maurice, there are no coincidences in life. Today I found this https://forum.opnsense.org/index.php?topic=21795.0 (https://forum.opnsense.org/index.php?topic=21795.0).
It is a solution to my problem too. I read that you called this "monstrosity", but it works and now I have dual stack :)
Thank you again and cheers
-
Hehe... Yes, if nothing else works, IPv6 NAT is probably better than nothing™.
-
As it is working very well right now, I made a test box with an old motherboard, just to experiment without messing up my system.
I tested NPTv6, but I'm not sure if I did it right. It didn't work.
-
NPTv6 won't work for the same reason that "native" IPv6 doesn't work: No usable prefix available.
-
Yes... I thought that it was for tha same reason.
I needed to give it a try due to NPT is a better solution than NAT.
My ISP left me with NAT as the only option.
But it works great!!!!
It passes all IPv6 tests.