OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: r3pek on December 03, 2022, 07:48:18 pm

Title: IPv6 connectivity woes
Post by: r3pek on December 03, 2022, 07:48:18 pm

Hi guys!

I'm trying to setup IPv6 connectivity on the "lan" side of the opnsense firewall but for some reason, while i do get and IP, it doesn't talk to anyone.

Setup is like this:

Internet ----------- [WAN: SLAAC] OPNsense [LAN: Track Interface WAN] ---------- Clients

OPNSense has internet connection no problem.
Any client that connects on the LAN side of it, get's and IP address (2001:XXX) but can't use it for anything, not even pinging the LAN interface (that also get's an IPv6 address).

Nothing obvious shows up on the firewall logs.

Any ideia of what I might be doing wrong?

Title: Re: IPv6 connectivity woes
Post by: r3pek on December 03, 2022, 11:30:14 pm

OK, while I know it's different (Linux vs FreeBSD), comparing the route outputs from an OpenWRT router, which is actually doing the same job, looks like there are missing routes, which I really don't know it's normal.

Key differences:
- On OpenWRT, when configure to lan side to track an interface, it doesn't get a public IP address, but OPNSense does have it (there are actually 2 public addresses on the FW, one on each interface)
- On OpenWRT, I have ipv6 routes to every IP what was requested, but I get nothing like this on OPNSense. Example:

OpenWRT:
root@router-1:~# ip -6 r
default from 2001:818:dcb6:6e00::/64 via fe80::1 dev eth0  metric 512
2001:818:dcb6:6e00:2b8f:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:2cc0:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:30c9:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:4439:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:51a7:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:540c:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:7066:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:71e6:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:7ca2:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:86ec:xxxx:xxxx:xxxx dev br-lan  metric 1024

OPNSense:
Internet6:
Destination                       Gateway                       Flags     Netif Expire
default                           fe80::2ad1:27ff:fe4e:4a70%vtnet0 UGS   vtnet0
::1                               link#6                        UHS         lo0
2001:818:dcb6:6e00:7066:xxxx:xxxx:xxxx link#1                   UHS         lo0
2001:818:dcb6:6e00:70aa:xxxx:xxxx:xxxx link#3                   UHS         lo0
fe80::%vtnet0/64                  link#1                        U        vtnet0
fe80::7066:xxxx:xxxx:xxxx%vtnet0  link#1                        UHS         lo0
fe80::%vtnet2/64                  link#3                        U        vtnet2
fe80::70aa:xxxx:xxxx:xxxx%vtnet2  link#3                        UHS         lo0
fe80::%lo0/64                     link#6                        U           lo0
fe80::1%lo0                       link#6                        UHS         lo0