Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - neerdoc

Pages1
#1
19.1 Legacy Series / Re: IPv6 ping fails on LAN
May 07, 2019, 10:50:30 PM
Awesome!

Now it works perfectly!

I do have new questions though...

If I look at my computer I now have 3 IPv6 addresses on my interface. Why?

  • One that starts with fe80:: which I understand is the local-link-address
  • One that starts with 2001:9b1:ef8: and says "autoconf secured"
  • One that starts with 2001:9b1:ef8: and says "autoconf temporary"

Next question is this: With the "track" setup, all my units gets their IPv6 address from my ISP, correct? If possible, I would like to assign the IPs myself. How would I do that? Would it have worked if I only had used a different subnet for the LAN than what the WAN has?
#2
19.1 Legacy Series / IPv6 ping fails on LAN
May 07, 2019, 09:34:50 PM
Hi,

I am new to both OPNsense and IPv6, so this might be a silly question/problem.

I have an ISP that supports IPv6 (in Sweden). I have a brand new installation of OPNsense (19.1.7). I have selected DHCPv6 as configuration for my WAN and there I have selected:

  • Send IPv6 prefix hint
  • SOLICIT
  • Prevent Release
I can now see in my Dashboard that I get an 2001:<lots of hex>:2d16 address for my WAN. So far I think I'm good. I can also go to the Console in OPNsense and ping 'ipv6.google.com' successfully.

Now the trouble starts... Only way I managed to enable the DHCPv6 service for my LAN was to set a static IP for the LAN nic. So I took the next one 2001:<lots of hex>:2d17. Now the DHCPv6 service was enabled and prefilled with "Available range". So I set the range from 2001:<lots of hex>:2d20 to 2001:<lots of hex>:2dff just to test. I still did not get an IPv6 address for any of my computers on the LAN, but searching this forum I found a post stating that I needed "Router Advertisment" enabled. Enabled it with:

  • Managed
  • Normal
  • Advertise Default Gateway
and suddenly all my computers had IPv6 addresses! Yay!

So, next step was to test connectivity:

  • Tried "ping6 ipv6.google.com" from LAN computer. Nothing. Why?
  • Tried pinging within the LAN, works!
  • Tried pinging the LAN interface on the firewall, works!
  • Tried pinging the WAN interface on the firewall, failed.
  • Started the console in OpnSense again. Ping from Default, works.
  • Ping from WAN, works.
  • Ping from LAN, fails!

I'm stumped. I have been searching for what I'm doing wrong for hours now and I got nothing... The best suggestion I could find was that the firewall somehow blocks it even though the rules indicated it should not. But looking in the firewall logs I only get "PASS" for the ICMP pings going to the firewall, but no one is answering... :-\
Any help is appreciated!
Pages1