OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: gunnarf on August 29, 2022, 04:17:25 pm

Title: strange results with ipv6 not routed properly
Post by: gunnarf on August 29, 2022, 04:17:25 pm

I have a firewall with native ipv6 from my ISP. using dhcpv6 I get a /56

The clients gets addresses properly, but there is something weird with the routing If I ping googleI get
ping 2001:4860:4860::8888
PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes
64 bytes from 2001:4860:4860::8888: icmp_seq=1 ttl=60 time=2.80 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=2 ttl=60 time=2.87 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=3 ttl=60 time=3.01 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=4 ttl=60 time=3.13 ms

if I ping another ipv6 destination I get:

ping 2001:67c:d8:ed80::87
PING 2001:67c:d8:ed80::87(2001:67c:d8:ed80::87) 56 data bytes
^C
--- 2001:67c:d8:ed80::87 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 298ms

This is a legitimate ipv6 address

If I traceroute google I get:

traceroute6 2001:4860:4860::8888
traceroute to 2001:4860:4860::8888 (2001:4860:4860::8888), 30 hops max, 80 byte packets
 1  OPNsense.gflygt.se (2001:9b0:21d:XXXX:XXX:XXXX:fe51:6da9)  0.741 ms  0.494 ms  0.341 ms
 2  2a01:2b0:2000:152::2 (2a01:2b0:2000:152::2)  2.135 ms  2.157 ms  2.192 ms
 3  2a01:2b0:2000:152::5 (2a01:2b0:2000:152::5)  2.734 ms  2.591 ms  2.620 ms
 4  2001:4860:1:1::efc (2001:4860:1:1::efc)  2.963 ms  2.825 ms  2.791 ms
 5  2a00:1450:810a::1 (2a00:1450:810a::1)  3.888 ms 2a00:1450:80b2::1 (2a00:1450:80b2::1)  3.745 ms 2a00:1450:8112::1 (2a00:1450:8112::1)  2.604 ms
 6  dns.google (2001:4860:4860::8888)  2.680 ms 2001:4860:0:1::b7c (2001:4860:0:1::b7c)  3.972 ms  3.714 ms

If I traceroute the other address (mail-1.sr.se) I get:
traceroute6 2001:67c:d8:ed80::87
traceroute to 2001:67c:d8:ed80::87 (2001:67c:d8:ed80::87), 30 hops max, 80 byte packets
 1  OPNsense.gflygt.se (2001:9b0:21d:XXXX:XXX:XXXX:fe51:6da9)  0.695 ms  0.440 ms  0.542 ms
 2  OPNsense.gflygt.se (2001:9b0:21d:XXXX:XXX:XXXX:fe51:6da9)  0.401 ms !N  0.478 ms !N  0.349 ms !N

(I obfuscated my ipv6 address a little)
ie it stops at the LAN address on my firewall.

So traceroute to google works fine, but not the other ordinary host. I can reach both hosts on my other firewall where I have tunneled ipv6!

It was fully working a while ago. I don't remember from which version of OPNsense it stopped working

Gunnar