OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: GaryElmes on October 29, 2017, 02:47:47 am
-
Since (a) this has been driving me nuts all weekend, (b) everything Google offered up to help was no use at all, and (c) I finally fixed the problem, I thought I'd share...
The problem was: I couldn't configure my OPNsense box to successfully pull down an IPv6 prefix delegation from my ISP over my PPPoE connection. So none of the devices on my network got a global IPv6 address, they couldn't route IPv6 packets out onto the Internet, etc.
I did all the stuff that Google tells you:
- Set "IPv6 Configuration Type" on the WAN interface to "DHCPv6"
- Tick "request only a IPv6 prefix" (which allegedly may or may not help, depending on what your ISP expects);
- Tick "Use IPv4 connectivity" (because PPPoE...)
But I still wasn't getting the PD. Messing around with the other Interface settings didn't help.
To cut a long and frustrating story short, it turns out that the firewall was blocking the DHCPv6 responses for from the ISP. The firewall log was showing traffic coming from ff02::1:2, with a proto type of "options", being blocked. FF02::1:2 is a "well known" IANA multicast address for DHCPv6.
So I set up an "allow" rule on the WAN interface; initially (and for diagnostic purposes only) allowing all IPv6 traffic in. And yet the firewall was *still* blocking the traffic. Just to add insult to injury, the log files were referencing the "allow" rule that I'd just put in as the reason for blocking it!!
Then, after much digging around, I found, hidden at the bottom of the "advanced" options for the firewall rule, a field named "State Type". By default, this is set to "keep type". It appears that "keep type" is a Bad Thing(tm) for this kind of traffic. I set it to "none", saved everything, rebooted the OPNsense box and IPv6 sprung fully to life.
Yaay!!!
(I went back and tightened up the allow rule, of course. It's now only allowing multicast traffic (ff00::/8) in.)
YMMV, of course. But somebody might find this helpful.