OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: QuentinC on May 11, 2018, 12:12:01 am
-
Hello,
I'm using an OPNsense box at home, to provide me two VLAN from my LAN (guests and sandbox VLANs).
I only use one Ethernet interface, where untagged traffic is LAN and two VLANs are defined. Traffic is managed by a Netgear switch. The LAN router is NOT the OPNsense box, but the main home router, on the LAN network.
Everything works correctly in IPv4. LAN computers can reach the OPNsense box correctly. Guests users and Sandbox users access the internet using OPNsense (with the LAN IP as the output IP - NAT on the LAN interface).
I currently have a very strange behavior in IPv6.
I have made a /64 delegation for sandboxed clients. It's working fine. No IPv6 for guests clients.
But I'm not able to reach the OPNsense from the LAN... I can reach it from the WAN, but it seemb that the ICMP response for the LAN client is sent to the WAN gateway...
Here is a simple tcpdump capture:
01:15:51.616287 xx:xx:xx:xx:xx:89 (oui Unknown) > xx:xx:xx:xx:xx:cb (oui Unknown), ethertype IPv6 (0x86dd), length 94: xx::xx:ad47 > opnsense.xx: ICMP6, echo request, seq 460, length 40
01:15:51.616340 xx:xx:xx:xx:xx:cb (oui Unknown) > xx:xx:xx:xx:xx:3c (oui Unknown), ethertype IPv6 (0x86dd), length 94: opnsense.xx > xx::xx:ad47 ICMP6, echo reply, seq 460, length 40
01:15:51.616547 xx:xx:xx:xx:xx:3c (oui Unknown) > xx:xx:xx:xx:xx:cb (oui Unknown), ethertype IPv6 (0x86dd), length 190: fe80::xx:c3c > opnsense.xx: ICMP6, redirect, xx::xx:ad47 to xx::xx:ad47, length 136
Here is how I understand it:
- The LAN client sends the ping request
- The OPNsense box sends the reply to the wrong MAC address (the LAN gateway one), but the correct IP address.
- The LAN router sends a IPv6 redirect to the OPNsense
--> Nothing comes back to the LAN client...
I'm thinking about something wrong in the routing table, but a ping from the OPNsense to the LAN client works...
I'm looking for some ideas about how to diagnose the issue...
Thanks,
Quentin