OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: fuerni on July 24, 2017, 07:13:36 pm

Title: IPv6 Rules with Gateway not working
Post by: fuerni on July 24, 2017, 07:13:36 pm
Hello,
I have a problem with IPv6 firewall rules. I use OPNsense 17.1.10-amd64.

If I add an IPv6 TCP rule from a LAN net to * with gateway default/* everything works fine. But if I change the gateway in the rule to my IPv6 Gateway (I use a Hurricane Electric 6 to 4 tunnel) no IPv6 connection to the internet from that network can be established.

In the log I can see that the TCP SYN/ACK segments are blocked by the firewall. See screenshot attached.

Can anybody give me a hint how I can solve that problem?


Thanks in advance,
fuerni
Title: Re: IPv6 Rules with Gateway not working
Post by: franco on July 24, 2017, 07:27:58 pm
Hi fuerni,

Do you have multiple IPv6 gateways? I have a HE tunnel running at home, but I simply set the gateway as the default gateway under System: Gateways.


Cheers,
Franco
Title: Re: IPv6 Rules with Gateway not working
Post by: fuerni on July 24, 2017, 08:51:29 pm
Hi Franco,

no, I have just one IPv6 gateway. But users on that network should only be able to access external IPv6 addresses.

It works perfect with IPv4: If I choose a default gateway, only external addresses can be reached.
But not so with IPv6.

A solution would be to negate my local IPv6 network as destination address and set gateway to default.
But if this is the only solution, then I think there is a bug in OPNsense.