Show Posts
1
21.7 Legacy Series / IPv6 NAT driving me nuts
« on: April 06, 2022, 08:41:37 pm »
Hi,
I am behind a cable router, which is not handing me down prefixes - so my opensense needs to NAT the IPv6 - this is possible - and I know, not the optimal solution, but please no discussion about that
I was looking already in several documentations - and hence I upgraded the opensense I am really thinking of reinstalling with a fresh install, because its driving me crazy, because I had success but only for a short time.
I am doing something wrong - or misconfigured something
Here are the details:
Cable Router - Opensense - WLAN ROUTER - CLIENTS
System is on 21.7.8 - I have enabled DHCPv6 and also in the Services Router Advertisments Asssisted - so its is doing SLAAC.
Behind opensense is an ddwrt wifi router - configured with radv - nothing else, FW disabled
The linux and the windows system get an IPv6 address from opensense, also a lease and know their DNS server now.
from those systems I can ping each other and also the opensense (!)
but although the Firewall OUTBOUND NAT is configured with my source adresses (like (fd42:4242:4242:4242:ffff:ffff:ffff:8 and WAN address) its not going out:
on windows:
tracert -6 google.com
Tracing route to google.com [2a00:1450:4016:809::200e]
over a maximum of 30 hops:
1 * * 1 ms OPNsense.localdomain [fd42:4242:4242:4242::]
2 * * * Request timed out.
From opensense shell - I can ping google successfull.
In the FW:
LAN: LAN TO ANY - all traffic IPv6 allowed
WAN:
WAN TO ANY - TCP/IP V6 allowed
WAN TO ANY - ICMP V6 allowed
thanks
jon
funfact: I played around with restarting the DHCP and also configured the WLAN router with DDWRT and I had some successes, but there are not reproducible. So really some assistance would be very apricated.
I am behind a cable router, which is not handing me down prefixes - so my opensense needs to NAT the IPv6 - this is possible - and I know, not the optimal solution, but please no discussion about that
I was looking already in several documentations - and hence I upgraded the opensense I am really thinking of reinstalling with a fresh install, because its driving me crazy, because I had success but only for a short time.
I am doing something wrong - or misconfigured something
Here are the details:
Cable Router - Opensense - WLAN ROUTER - CLIENTS
System is on 21.7.8 - I have enabled DHCPv6 and also in the Services Router Advertisments Asssisted - so its is doing SLAAC.
Behind opensense is an ddwrt wifi router - configured with radv - nothing else, FW disabled
The linux and the windows system get an IPv6 address from opensense, also a lease and know their DNS server now.
from those systems I can ping each other and also the opensense (!)
but although the Firewall OUTBOUND NAT is configured with my source adresses (like (fd42:4242:4242:4242:ffff:ffff:ffff:8 and WAN address) its not going out:
on windows:
tracert -6 google.com
Tracing route to google.com [2a00:1450:4016:809::200e]
over a maximum of 30 hops:
1 * * 1 ms OPNsense.localdomain [fd42:4242:4242:4242::]
2 * * * Request timed out.
From opensense shell - I can ping google successfull.
In the FW:
LAN: LAN TO ANY - all traffic IPv6 allowed
WAN:
WAN TO ANY - TCP/IP V6 allowed
WAN TO ANY - ICMP V6 allowed
thanks
jon
funfact: I played around with restarting the DHCP and also configured the WLAN router with DDWRT and I had some successes, but there are not reproducible. So really some assistance would be very apricated.