1
22.1 Legacy Series / standard setup, no route on IPv6
« on: July 03, 2022, 09:03:52 am »
I am new to OPNSense. Running the setup with two NICs for WAN and LAN.
IPv6 did work previously (test-ipv6.com passes, as did ipv6test.google.com) when the network was on a Mikrotik router with pretty much OOTB setup, so I know the ISP side is not an issue.
edit: this is a home setup, no VLAN, just beefier hardware to consolidate other server-like duties on one box.
The setup:
* IPv4 is DHCP on WAN side, typical setup
* ISP supports IPv6 with both SLAAC and DHCPv6. both gives a valid /64 prefix, and I am using SLAAC. LAN side tracks the WAN interface.
* "Allow manual adjustment of DHCPv6 and Router Advertisements" is unchecked in the LAN interface.
* System DNS (system-> settings -> general) is using Google and Cloudflare public DNS (1.1.1.1/8.8.8.8/2001:4860:4860::8888/2606:4700:4700::1111)
* Unbound for DNS, set to use system DNS ("Use System Nameservers" in query forwarding), I can resolve AAAA records if I point nslookup to the router's port 53
What's working:
* IPv4 front to back; DHCP on the LAN side, no problem
* ALL clients, windows, linux and android phones, can all setup a GUA with the correct prefix.
Problem:
* Clients seemingly don't have a route on IPv6.
Other than setting system DNS and changing unbound, I pretty much have a bog standard setup. Not sure what else I need to do. Any advice is welcomed.
Below is radvdump output on opnsense. "igc1" is the LAN inteface
And here is my windows "ipconfig /all"; the address ending "fe0c:9cf3" is the LAN interface on the router.
And the adapter is on a "private" network, so there should not be too much windows firewall shenanigans.
IPv6 did work previously (test-ipv6.com passes, as did ipv6test.google.com) when the network was on a Mikrotik router with pretty much OOTB setup, so I know the ISP side is not an issue.
edit: this is a home setup, no VLAN, just beefier hardware to consolidate other server-like duties on one box.
The setup:
* IPv4 is DHCP on WAN side, typical setup
* ISP supports IPv6 with both SLAAC and DHCPv6. both gives a valid /64 prefix, and I am using SLAAC. LAN side tracks the WAN interface.
* "Allow manual adjustment of DHCPv6 and Router Advertisements" is unchecked in the LAN interface.
* System DNS (system-> settings -> general) is using Google and Cloudflare public DNS (1.1.1.1/8.8.8.8/2001:4860:4860::8888/2606:4700:4700::1111)
* Unbound for DNS, set to use system DNS ("Use System Nameservers" in query forwarding), I can resolve AAAA records if I point nslookup to the router's port 53
What's working:
* IPv4 front to back; DHCP on the LAN side, no problem
* ALL clients, windows, linux and android phones, can all setup a GUA with the correct prefix.
Problem:
* Clients seemingly don't have a route on IPv6.
Other than setting system DNS and changing unbound, I pretty much have a bog standard setup. Not sure what else I need to do. Any advice is welcomed.
Below is radvdump output on opnsense. "igc1" is the LAN inteface
Code: [Select]
root@OPNsense:~ # radvdump
#
# radvd configuration generated by radvdump 2.19
# based on Router Advertisement from fe80::62be:b4ff:fe03:9cf3 <-- the LAN interface
# received by interface igc1
#
interface igc1
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag on;
AdvOtherConfigFlag on;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 64;
AdvDefaultLifetime 1800;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvLinkMTU 1500;
AdvSourceLLAddress on;
prefix 2404:c800:dead:beef::/64
{
AdvValidLifetime 86400;
AdvPreferredLifetime 14400;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
DNSSL myhome
{
AdvDNSSLLifetime 600;
}; # End of DNSSL definition
}; # End of interface definition
And here is my windows "ipconfig /all"; the address ending "fe0c:9cf3" is the LAN interface on the router.
Code: [Select]
Ethernet adapter vEthernet (Virtual Switch Wifi):
Connection-specific DNS Suffix . : myhome
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . : 9C-B6-D0-8F-E4-81
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2404:c800:dead:beef:8494:910:1e7:7485(Preferred)
Link-local IPv6 Address . . . . . : fe80::8494:910:1e7:7485%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.20.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 3, 2022 2:21:02 PM
Lease Expires . . . . . . . . . . : Sunday, July 3, 2022 2:55:26 PM
Default Gateway . . . . . . . . . : fe80::62be:b4ff:fe03:9cf3%11
192.168.20.1
DHCP Server . . . . . . . . . . . : 192.168.20.1
DHCPv6 IAID . . . . . . . . . . . : 949794512
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-79-51-59-9C-B6-D0-8F-E4-81
DNS Servers . . . . . . . . . . . : 2404:c800:dead:beef:62be:b4ff:fe03:9cf3
192.168.20.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
myhome
And the adapter is on a "private" network, so there should not be too much windows firewall shenanigans.