Messages

1

23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

« on: March 20, 2023, 02:59:20 pm »

I gave up and pulled the OPNsense box out. Reset my AT&T gateway to be the firewall/router. Spouse is much happier now. There's enough stuff that will use IPv6 out there that it has to work if you're going to have it enabled. I wasn't noticing the issue from my Mac since it was using the iCloud private relay, but her Android has no such thing enabled and it definitely did not like having broken IPv6.

2

23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

« on: March 12, 2023, 06:39:18 pm »

I turned off IPv6 entirely while I decide if I want to downgrade back to 22.z when it worked properly, or buy a Firewalla.

3

23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

« on: March 09, 2023, 09:58:00 pm »

I had an internet blip happen in the middle of the day and now I'm broken again.

I took the chance to go ahead and upgrade to 23.1.2 figuring it's not going to work less at this point - or if it does I can just disable IPv6 entirely until it gets fixed.

Anything further on your end cayenne or dfw3xan1n3r?

4

23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

« on: March 07, 2023, 10:11:25 pm »

I've been stable since the last time I posted so I'm leery of updating - I'll wait and see.

I haven't done anything to make it stabilize, I'm still in the same place - 23.1_6 + the aforementioned patch.

5

23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

« on: February 27, 2023, 11:43:37 pm »

Well I must have spoken too soon. IPv6 is down again today, even with the patch - and this time restarting radvd isn't getting it going again.

Do we have any new ideas to try? I hate having to reboot the whole firewall, it's disruptive and annoying to the other residents of my streaming-only TV house.

6

23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

« on: February 23, 2023, 03:10:57 pm »

So as not to be that person who got their answer and vanished -

My firewall is still running great after applying the patch.

I have AT&T Fiber, 1Gbps up/down, running through their BGW320 gateway set to IP passthrough mode.

Configuration wise, I'm on 23.1.1_2 + that patch on a Protectli box.
LAN interface is static for IPv4 and track interface for IPv6.
WAN interface is DHCP4 + DHCPv6 with DHCPv6-PD. I'm sending a hint for a /64 prefix.
RADVD is running in stateless mode so it can push DNS servers.
I have Zenarmor (paid) running.

Just about everything else is defaults. Very simple config.

The only oddity in the system logs is that dhclient reports unknown dhcp option value 0x7d with some regularity; that does not seem to impact anything.

It sounds like the others must be having another issue, or perhaps an additional one. I'm happy that the patch fixed me - my wife was complaining of things acting strangely, which makes sense knowing that IPv6 was broken. Android seems to not handle that case well, while my iPhone is running through iCloud private relay so I never noticed.

7

23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

« on: February 22, 2023, 05:08:40 pm »

I came here because I was having the same problem, also with AT&T Fiber. The opnsense-patch 9eaff5c21907d command has fixed my issue - my IPv6 is now working again.

8

20.7 Legacy Series / Re: IPv6 Routing(?) keeps stopping

« on: August 31, 2020, 04:12:31 pm »

Update -

After making it through a busy weekend, this morning I updated to the development firmware (21.1.a) and it works flawlessly. There's apparently some sort of an IPv6 issue in the current release 20.7.1 firmware.

9

20.7 Legacy Series / IPv6 Routing(?) keeps stopping

« on: August 27, 2020, 08:18:46 pm »

Brand new install of 20.7, then updated to 20.7.1, on a Protectli FW4B (coreboot).

When I enable IPv6, the WAN interface properly grabs a /128 for itself and grabs a /64 via DHCPv6-PD. The machines inside the LAN get v6 addresses from that prefix, all works as it is supposed to. For about 5 minutes. Then all of the clients are unable to get anywhere with IPv6. When I look at the firewall, it still shows the addresses in place, and the firewall itself can get places via IPv6 if I ssh into it.

https://pastebin.com/UJTswM59 to see system.log filtered down to dhcp6c messages.

Options are nearly all default - DHCPv6 for the WAN interface's v6 config, the LAN interface is tracking the WAN. I did have to send a PD hint for a /64 or else xfinity sends a /60.

All of this mess works fine on my old pfSense box - I moved over because Protectli ships OPNsense preinstalled and I figured why not try it.

Any thoughts/things to try?

Thanks!