Messages

Hi

Thanks for the feedback ! It's annoying for testing... but at least now you can enjoy your opnSense :)

sadly not, because I can't get IPV6 to work via 6rd.

THX
   Chaos

Hi,
looks like i was wrong and probably could not ping google.

right now i can't ping:

Enter a host name or IP address: 2a00:1450:4001:816::2003

ping6: sendmsg: Operation not permitted
ping6: sendmsg: Operation not permitted
ping6: sendmsg: Operation not permitted
PING6(56=40+8+8 bytes) 2a00:61e0:dead:beef::1 --> 2a00:1450:4001:816::2003
ping6: wrote 2a00:1450:4001:816::2003 16 chars, ret=-1
ping6: wrote 2a00:1450:4001:816::2003 16 chars, ret=-1
ping6: wrote 2a00:1450:4001:816::2003 16 chars, ret=-1

THX
   Chaos

Hi there,

i can't figure out how to make IPV6 over 6rd work.

Setup 6rd in WAN and track WAN in LAN. Get the correct IPV6 adress on the LAN.
I can ping6 google from the LAN interface of OPNsense.

But the routing does not work. The Clients get an IPV6 via SLAAC but are unable to connect via IPV6.

obfuscated traceroute (dead beef = OPNSENSE IP)

Code Select Expand

>tracert -6 www.google.de

Routenverfolgung zu www.google.de [2a00:1450:4001:816::2003]
über maximal 30 Hops:

  1    95 ms     1 ms    <1 ms  2a00:61e0:dead:beef::1
  2  Zielnetz nicht erreichbar.

Ablaufverfolgung beendet.

Can't see any block in the fw log.
Any hints?

THX
   Chaos

Hi there,

problem is fixed.
Had a nice talk with my isp and it is really necessary to wait one hour, so that the DHCP lease time is expired.

THX
   Chaos

Hi there,

thanks for the ideas.
MAC is the same (see tcpdump examples).
And my ISP does not mind, because if I use a Fritzbox router I still get an IP and that one has a different MAC.

Due to time related issues I might try the port mirroring switch next week. Meanwhile I am gonna write my ISP and see if they can find something.

THX
Chaos

Hi,

pfsense brings the same results as opnsense :-/

It seems that my provider does not answer the requests and give me an address, but i doubt they try to filter it.

TCPDump of OpenWRT

Code Select Expand

root@Hauptrouter:~# tcpdump -i eth0 port 67 or port 68 -e -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:55:34.454468 00:15:17:91:07:c8 > 02:00:00:00:00:22, ethertype IPv4 (0x0800), length 342: 100.64.74.29.68 > 100.64.0.1.67: BOOTP/DHCP, Request from 00:15:17:91:07:c8, length 300
11:55:34.482541 02:00:00:00:00:22 > 00:15:17:91:07:c8, ethertype IPv4 (0x0800), length 364: 100.64.0.1.67 > 100.64.74.29.68: BOOTP/DHCP, Reply, length 322

TCPDump of pfsense

Code Select Expand

[2.3.2-RELEASE][root@pfSense.localdomain]/root: tcpdump -i em0 port 67 or port 68
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
20:44:23.192518 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:15:17:91:07:c8 (oui Unknown), length 300
20:44:40.831473 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:15:17:91:07:c8 (oui Unknown), length 300
20:44:42.789420 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:15:17:91:07:c8 (oui Unknown), length 300
20:44:44.223050 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:15:17:91:07:c8 (oui Unknown), length 300
20:44:48.185863 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:15:17:91:07:c8 (oui Unknown), length 300

Out of ideas...


THX
   Chaos

Hi,

IPv6 is disabled and I tried a realtek instead of the intel already.

Started a packet capture and it shows a couple of discovers like:

Code Select Expand

10 11.434240 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x1cc2488a
But apperently no DHCP offer.

Meanwhile tested IPFire and instantly got an IPv4 address.
Next I try pfsense.

Super annoying.

THX
   Chaos

Hi,

it is strange indeed.
Thanks for the good ideas.

Tried to set a hostname yesterday already, but no difference.

Speed and duplex is set to auto and link is up.

So the next step I am gonna try is to put a DHCP in front of WAN and see if that works.

Is there a logging option for the dhcp request part?
On the openwrt i could log the udhcpc output and see what the ISP "provides" me.

Update: Connected the WAN to another Router and the interface gets an IP.

Thing I did so far:
- I started over with a different USB Stick and new config.
- Changed WAN from em0 to re0

Any further ideas appreciated.
Or maybe BSD is a bit picky because the 6rd config also gets delivered via DHCP?

Not blaming the ISP, since any other device I connected worked.

THX
   Chaos

Hi,
Not necessary with my isp.
And the MAC is the same as with Openwrt. The same machine, just a different OS and no spoofing involved.

THX
Chaos

Hi there,

after my ISP finally made it possible to use own chosen routers (by changing their route to a brigde) I am eager to switch to opnsense.
But for some "weird" reason I don't get a IP4 address on the WAN interface (and therefore 6rd won't work either).
If I use the same hardware (just changing the USB Stick) with OpenWRT I instantly get my addresses (IP4 and 6).
And if plugging in a Fritzbox I get addresses too.

Tried changing "Block private" and "Block bogon" already, although should not have an effect, because the WAN IP I should be getting is 100.64.74.29/16.
Changed firewall to allow any incoming traffic too.

Any ideas highly appreciated.

THX
   Chaos