46
22.7 Legacy Series / Re: (dumb?) IPv6 question ...
« on: November 12, 2022, 11:16:06 am »
Thanks!
OK, I checked the settings .. and... it does not do what it should;
Fritzbox:
WAN on OPNsense is set to DHCPV6
Prefix delegation size is set to 57
Send IPv6 prefix hint is activated
on LAN, Track interface is on WAN, PrefixID = 1
on WLAN (OPT1): Track interface is on WAN , Prefix ID = 3
on AP TRack Interface is on WAN, ID = 2
WAN interface on OPNsense:
LAN interface
WLAN interface
inet 192.168.81.2 netmask 0xffffff00 broadcast 192.168.81.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
[/code]
or, in the GUI interface overview:
WAN
LAN:
WLAN
AP
example PC in LAN:
for me, that looks exactly as you described it:
Fritzbox gets a /56 from the ISP
and still no PC on LAN can reach any external ipv6 host, only the LAN interface of OPNsense
so - it's not the IPv6 configuration itself, I guess
router advertisment daemon is running on OPNsense
routing on PC
so the default route is the LAN interface of OPNsense
routing on OPNsense is
the default route is
the firewall logs show no reject/block
so, what's wrong?
I can't find anything :-(
OK, I checked the settings .. and... it does not do what it should;
Fritzbox:
Code: [Select]
Internet, IPv6
verbunden seit 18.09.2022, 04:13 Uhr, Telekom, Geschwindigkeit des Internetzugangs (verfügbare Bitrate): ↓ 251,6 Mbit/s ↑ 41,5 Mbit/s,
IPv6-Adresse: 2003:ce:77ff:3cef:9a9b:cbff:fe08:3c9d, Gültigkeit: 13891/1291s,
IPv6-Präfix: 2003:ce:773c:[b]be00[/b]::[b]/56[/b], Gültigkeit: 13685/1085s
Code: [Select]
Verwendete IPv6 Präfixe:
Heimnetz2003:ce:7731:[i]a300[/i]::/64
Gastnetz2003:ce:7731:a301::/64
WAN2003:ce:77ff:31d2::/64
Code: [Select]
Portfreigabe
aktiv, 1 Portfreigabe eingerichtet
Exposed Host '192.168.178.3, ::2a8:2cff:fe68:e3e7' aktiviert
WAN on OPNsense is set to DHCPV6
Prefix delegation size is set to 57
Send IPv6 prefix hint is activated
on LAN, Track interface is on WAN, PrefixID = 1
on WLAN (OPT1): Track interface is on WAN , Prefix ID = 3
on AP TRack Interface is on WAN, ID = 2
WAN interface on OPNsense:
Code: [Select]
igb1: flags=8b63<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WAN
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:a8:2c:68:e3:e7
inet6 fe80::2a8:2cff:fe68:e3e7%igb1 prefixlen 64 scopeid 0x2
inet6 2003:ce:773c:[b]be00[/b]:2a8:2cff:fe68:e3e7 prefixlen 128
inet6 fd00::2a8:2cff:fe68:e3e7 prefixlen 64 deprecated autoconf
inet6 2003:ce:7731:[i]a300[/i]:2a8:2cff:fe68:e3e7 prefixlen 64 autoconf
inet 192.168.178.3 netmask 0xffffff00 broadcast 192.168.178.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
LAN interface
Code: [Select]
igb0: flags=8b63<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: LAN
options=4900028<VLAN_MTU,JUMBO_MTU,NETMAP,NOMAP>
ether 00:a8:2c:68:e3:e6
inet6 fe80::2a8:2cff:fe68:e3e6%igb0 prefixlen 64 scopeid 0x1
inet6 2003:ce:773c:[b]be81[/b]:2a8:2cff:fe68:e3e6 prefixlen 64
inet 192.168.80.2 netmask 0xffffff00 broadcast 192.168.80.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
WLAN interface
Code: [Select]
igb2: flags=8b63<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WLAN
options=4900028<VLAN_MTU,JUMBO_MTU,NETMAP,NOMAP>
ether 00:a8:2c:68:e3:e8
inet6 fe80::2a8:2cff:fe68:e3e8%igb2 prefixlen 64 scopeid 0x3
inet6 2003:ce:773c:[code]be80
:2a8:2cff:fe68:e3e8 prefixlen 64inet 192.168.81.2 netmask 0xffffff00 broadcast 192.168.81.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
[/code]
or, in the GUI interface overview:
WAN
Code: [Select]
IPv6 link-local fe80::2a8:2cff:fe68:e3e7/64
IPv6 address 2003:ce:773c:[b]be00[/b]:2a8:2cff:fe68:e3e7/128
fd00::2a8:2cff:fe68:e3e7/64 deprecated
2003:ce:7731:[i]a300[/i]:2a8:2cff:fe68:e3e7/64
LAN:
Code: [Select]
IPv6 link-local fe80::2a8:2cff:fe68:e3e6/64
IPv6 address 2003:ce:773c:[b]be81[/b]:2a8:2cff:fe68:e3e6/64
WLAN
Code: [Select]
IPv6 link-local fe80::2a8:2cff:fe68:e3e8/64
IPv6 address 2003:ce:773c:[b]be80[/b]:2a8:2cff:fe68:e3e8/64
AP
Code: [Select]
IPv6 address 2003:ce:773c:[b]be82[/b]:1e4b:d6ff:fe7d:81e0/64
example PC in LAN:
Code: [Select]
ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:a0:98:0c:5c:d5 brd ff:ff:ff:ff:ff:ff
altname enp0s3
inet 192.168.80.29/24 brd 192.168.80.255 scope global dynamic noprefixroute ens3
valid_lft 6541sec preferred_lft 6541sec
inet6 2003:ce:773c:[b]be81[/b]:c199:8655:41bf:6729/64 scope global temporary dynamic
valid_lft 86158sec preferred_lft 2626sec
inet6 2003:ce:773c:[b]be81[/b]:670:91e:68d0:9fa/64 scope global temporary deprecated dynamic
valid_lft 86158sec preferred_lft 0sec
inet6 2003:ce:773c:[b]be81[/b]:133c:75e4:3833:e383/64 scope global temporary deprecated dynamic
valid_lft 86158sec preferred_lft 0sec
inet6 2003:ce:773c:[b]be81[/b]:2a0:98ff:fe0c:5cd5/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86158sec preferred_lft 14158sec
inet6 fe80::2a0:98ff:fe0c:5cd5/64 scope link noprefixroute
valid_lft forever preferred_lft forever
for me, that looks exactly as you described it:
Fritzbox gets a /56 from the ISP
- OPNsense requests a /57
- OPNsense WAN has an address in the "homenet" of Fritzbox and a different /64 net
- LAN, WLAN and AP have their own PrefixID and all of them get their own /64 net which is different from the Fritzbox "homenet"
- PC in the LAN net gets adresses from the /64 net of the LAN interface
and still no PC on LAN can reach any external ipv6 host, only the LAN interface of OPNsense
Code: [Select]
christian@debmatic:~$ ping -6 www.heise.de
PING www.heise.de(www.heise.de (2a02:2e0:3fe:1001:7777:772e:2:85)) 56 data bytes
^C
--- www.heise.de ping statistics ---
44 packets transmitted, 0 received, 100% packet loss, time 44042ms
christian@debmatic:~$
so - it's not the IPv6 configuration itself, I guess
router advertisment daemon is running on OPNsense
routing on PC
Code: [Select]
christian@debmatic:~$ ip -6 r
2003:ce:773c:be81::/64 dev ens3 proto ra metric 100 pref medium
fe80::/64 dev ens3 proto kernel metric 100 pref medium
default via fe80::2a8:2cff:fe68:e3e6 dev ens3 proto ra metric 100 pref high
christian@debmatic:~$
so the default route is the LAN interface of OPNsense
Code: [Select]
inet6 fe80::2a8:2cff:fe68:e3e6%igb0 prefixlen 64 scopeid 0x1
which seems to be what it should berouting on OPNsense is
Code: [Select]
[cbadmin@OPNsense ~]$ netstat -r -6 -n
Routing tables
Internet6:
Destination Gateway Flags Netif Expire
[b]default fe80::9a9b:cbff:fe08:3ca0%igb1 UG igb1[/b]
::1 link#7 UHS lo0
2003:ce:7731:a300::/64 link#2 U igb1
2003:ce:7731:a300:2a8:2cff:fe68:e3e7 link#2 UHS lo0
2003:ce:773c:be00::/64 link#2 U igb1
2003:ce:773c:be00:2a8:2cff:fe68:e3e7 link#2 UHS lo0
2003:ce:773c:be80::/64 link#3 U igb2
2003:ce:773c:be80:2a8:2cff:fe68:e3e8 link#3 UHS lo0
2003:ce:773c:be81::/64 link#1 U igb0
2003:ce:773c:be81:2a8:2cff:fe68:e3e6 link#1 UHS lo0
2003:ce:773c:be82::/64 link#11 U run0_wla
2003:ce:773c:be82:1e4b:d6ff:fe7d:81e0 link#11 UHS lo0
2a01:4f8:161:83d1::/64 link#18 US ovpnc4
2a01:4f8:161:83d1:cccc::/112 link#18 U ovpnc4
2a01:4f8:161:83d1:cccc::2 link#18 UHS lo0
fd00::/64 link#2 U igb1
fd00::2a8:2cff:fe68:e3e7 link#2 UHS lo0
fd10::/64 link#19 U ovpns2
fd10::1 link#19 UHS lo0
fd11::/64 link#17 U ovpns3
fd11::1 link#17 UHS lo0
fe80::%igb0/64 link#1 U igb0
fe80::2a8:2cff:fe68:e3e6%igb0 link#1 UHS lo0
fe80::%igb1/64 link#2 U igb1
fe80::2a8:2cff:fe68:e3e7%igb1 link#2 UHS lo0
fe80::%igb2/64 link#3 U igb2
fe80::2a8:2cff:fe68:e3e8%igb2 link#3 UHS lo0
fe80::%lo0/64 link#7 U lo0
fe80::1%lo0 link#7 UHS lo0
fe80::%run0_wlan1/64 link#11 U run0_wla
fe80::1e4b:d6ff:fe7d:81e0%run0_wlan1 link#11 UHS lo0
fe80::%ovpns3/64 link#17 U ovpns3
fe80::2a8:2cff:fe68:e3e6%ovpns3 link#17 UHS lo0
fe80::%ovpnc4/64 link#18 U ovpnc4
fe80::2a8:2cff:fe68:e3e6%ovpnc4 link#18 UHS lo0
fe80::%ovpns2/64 link#19 U ovpns2
fe80::2a8:2cff:fe68:e3e6%ovpns2 link#19 UHS lo0
[cbadmin@OPNsense ~]$
which seems to be OK as wellthe default route is
Code: [Select]
fe80::9a9b:cbff:fe08:3ca0
which is the link local address of the Fritz!Box as seen from OPNsense:Code: [Select]
Unique Local Address Ihrer FRITZ!Box: fd00::9a9b:cbff:fe08:3ca0/64
the firewall logs show no reject/block
so, what's wrong?
I can't find anything :-(