OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: rajl on January 26, 2018, 05:33:25 pm
-
This is one of those, "it worked on PFSense, but not OPNSense" issues. I am not able to hand out IPv6 addresses on my LAN.
My ISP assigns me a /64 block for IPv6. Both OPNSense and PFSense are able to detect the IPv6 assignment and assign a valid IPv6 address to the WAN interface. I can ping IPv6 hosts from my WAN interface, so it works.
For PFSense, I was able to assign IPv6 addresses to clients on my LAN by doing the following:
(1) Set the LAN to "Track Interface" for IPv6 and specify my WAN interface.
(2) Enable the DHCPv6 server on my LAN interface to assign IPv6 addresses from my /64 block.
With OPNSense, I can't do step 2. I get the following error message:
The DHCPv6 Server can only be enabled on interfaces configured with static IP addresses. Only interfaces configured with a static IP will be shown.
As a result, I am unable to assign IPv6 addresses to clients on my LAN.
Any help/thoughts/suggestions on what I can do to assign IPv6 addresses to my LAN clients. I understand that while OPNSense and PFSense are related, they are not the same. I may well be missing something about the "OPNSense way" of doing this.
Thanks for any help in advance.
-
What it means is that it's automatic. Go to the shell and issue the ifconfig command and what IPv6 addresses are showing on the LAN interface?
-
These are the IPv6 addresses on my LAN interface (XXX's for privacy)
inet6 2600:1700:fc0:864f:XXX:XXXX:XXXX:XXXX prefixlen 64
inet6 fe80::1:1%igb2 prefixlen 64 scopeid 0x3
My LAN interface has a routable IPv6 address from my /64 block with track interfaces enabled. I just can't provide any to my clients on my LAN.
-
Is radvd running?
Bart...
-
As bart said.. :)
-
Is radvd running?
Bart...
Yes, it is.
-
My main unit and test units are running 18.1rc2 so I am running up a 17.7.12 version to check. I know it was working when I first tried 17.7.11, then again all my addresses are static. I'll get back to you shortly.
-
OK, virgin install of Opnsense 17.7.5 on an APU2, bounced through upgrades using the shell to 17.7.12 gives me an IPv6 address on my test LAN of my PC in the correct prefix range.
No changes to firewall rules, just a virgin install. So in FW rules LAN I have a default v4 and v6 LAN net to any rules and that's it.
-
OK, virgin install of Opnsense 17.7.5 on an APU2, bounced through upgrades using the shell to 17.7.12 gives me an IPv6 address on my test LAN of my PC in the correct prefix range.
No changes to firewall rules, just a virgin install. So in FW rules LAN I have a default v4 and v6 LAN net to any rules and that's it.
I must have something weird going on because I have close to a virgin install. I've fiddled with other stuff, but nothing related to IPv6.
Currently running 17.7.12 as well. I have the default LAN interface rules (allow all from LAN to whereever on IPv4 and IPv6). To make things weirder and working with other computers, I just noticed that none of the devices on my Wi-Fi network (just UniFi access point) are given IPv6. Wired computers are given IPv6 in my /64 block, but are unable to communicate with the outside world. For example, I just tried to ping Google using IPv6 since I noticed my desktop had an IPv6 address. All requests timed out. When I went to test-ipv6.com from my desktop, I got a weird error message that my setup appeared to support IPv6 but the test results were unexpected and asking me to contact them to discuss my setup. :o
-
Ok, so my test setup that I am using is this.
APU ( 17.7.12 ) -> ( Main Router ) -> WAN.
The main router IS opnsense 18.1.rc2, but all its addresses are statics as I have a good ISP. :)
the ONLY thing I needed to do on that router was change my LAN NET rule to LAN any, thus allowing the delegated prefix range through, and all is working nicely.
What can I tell you, if your IPv6 address and range are sticky, i.e. they don't change every time you drop the WAN connection you could try setting up your LAN with statics, that does not answer the question as to why mine works 'out of the box' and yours does not though. Something has been altered but I cannot tell you what.
I would suggest a clean install and do nothing except a default install and take it from there, checking your iPv6 constantly to see what breaks it.
Sorry I cannot be of more use.. :-[
-
Like Marjohn I’m using static ipv6 (zen IPv6 is implemented correctly)
But we know it worked at 17.7.12 as one of our other team rebellion members has a non static ipv6
Eh @skyeci did you have to do anything Different at 17.7 for ipv6 vs pfSense
-
Also have you set radvd to assisted mode ?
-
You can't when you are using wan tracking, it's all automatic. :)
-
Of course - Dim moment !!!
-
This is one of those "I have to see how it plays out."
My laptop on wifi was not assigned an IPv6 address earlier today. Now, when I type "ipconfig /all" I see it having been assigned two different IPv6 addresses:
Autoconfiguration Enabled.....: Yes
IPv6 Address........................:2600:1700:fc0:864f:588c:xxxx:xxxx:xxxx (Preferred)
Temporary IPv6 Address........:2600:1700:fc0:864f:17e:xxxx:Xxxx:xxxx (Preferred)
The IPv6 tests at test-ipv6.com still fail. I haven't changed a single setting since earlier today. Meanwhile, my desktop passes all of the tests at test-ipv6.com but can't ping any IPv6 hosts (e.g., Google).
This is maddening!
-
Multiple IPv6 addresses is the norm.
From that device do a tracert -6 www.google.com and see where it takes you.
-
This is one of those "I have to see how it plays out."
The IPv6 tests at test-ipv6.com still fail. I haven't changed a single setting since earlier today. Meanwhile, my desktop passes all of the tests at test-ipv6.com but can't ping any IPv6 hosts (e.g., Google).
This is maddening!
??? it fails and it works??
-
This is one of those "I have to see how it plays out."
My laptop on wifi was not assigned an IPv6 address earlier today. Now, when I type "ipconfig /all" I see it having been assigned two different IPv6 addresses:
Autoconfiguration Enabled.....: Yes
IPv6 Address........................:2600:1700:fc0:864f:588c:xxxx:xxxx:xxxx (Preferred)
Temporary IPv6 Address........:2600:1700:fc0:864f:17e:xxxx:Xxxx:xxxx (Preferred)
The IPv6 tests at test-ipv6.com still fail. I haven't changed a single setting since earlier today. Meanwhile, my desktop passes all of the tests at test-ipv6.com but can't ping any IPv6 hosts (e.g., Google).
This is maddening!
This may be a silly question but are you allowing ICMP for IPv6 through the firewall (it is needed)?
[EDIT]Have you also tried this site to see what's happening: http://ipv6-test.com/
The following two sites are also useful for testing IPv6:
https://ipv6.chappell-family.com/ipv6tcptest/
https://www6.chappell-family.co.uk/cgi-bin6/ipscan-js.cgi
-
[EDIT]Have you also tried this site to see what's happening: http://ipv6-test.com/
My goto site for ipv6 testing, but even that fails ICMP with a default windows 10 setup as it blocks ICMP in the windows firewall, you need to turn off the windows firewall to get a nearly perfect score, and a have a reverse DNS entry to score 20, my mail server does. :)
-
This is one of those "I have to see how it plays out."
The IPv6 tests at test-ipv6.com still fail. I haven't changed a single setting since earlier today. Meanwhile, my desktop passes all of the tests at test-ipv6.com but can't ping any IPv6 hosts (e.g., Google).
This is maddening!
??? it fails and it works??
There’s a reason I got reassigned to software QA for a few years. I have a unique ability to find edge cases no one else does.