Messages

1

22.1 Legacy Series / Re: ipv6 issues

« on: March 23, 2022, 01:13:43 am »

Created a new firewall rule on the LAN,

Address: IPv4 + IPv6
Action: Pass
Direction: In
Source: LAN Net
Destination: LAN Address

That's a typical rule you need when you set your policy based routing too coarsely.


Cheers,
Franco

I have allow all rules, I don't block anything  and it still wasn't working.

My Allow All Rule:

Address: IPv4 + IPv6
Action: Pass
Direction: In
Source: LAN Net
Destination: *

With this rule, IPv6 still wasn't working until I created the below rule:

Address: IPv4 + IPv6
Action: Pass
Direction: In
Source: LAN Net
Destination: LAN Address

2

22.1 Legacy Series / Re: No IPv6 to the internet, works locally

« on: March 20, 2022, 01:00:50 pm »

I fixed my issue, where I was receiving IPv6 addresses but not actually able to reach the internet with IPv6.

Created a new firewall rule on the LAN,

Address: IPv4 + IPv6
Action: Pass
Direction: In
Source: LAN Net
Destination: LAN Address

Rebooted, and clients are now working on IPv6.

Makes me think there was a firewall generation/compatibility issue with 21.7 -> 22.1, as I'm using my config from 21.7 and experiencing this issue.

3

22.1 Legacy Series / Re: ipv6 issues

« on: March 20, 2022, 01:00:07 pm »

I fixed my issue, where I was receiving IPv6 addresses but not actually able to reach the internet with IPv6.

Created a new firewall rule on the LAN,

Address: IPv4 + IPv6
Action: Pass
Direction: In
Source: LAN Net
Destination: LAN Address

Rebooted, and clients are now working on IPv6.

Makes me think there was a firewall generation/compatibility issue with 21.7 -> 22.1, as I'm using my config from 21.7 and experiencing this issue.

4

22.1 Legacy Series / Re: No IPv6 to the internet, works locally

« on: March 07, 2022, 07:33:30 am »

This is same as I was experiencing in https://forum.opnsense.org/index.php?topic=26622.0.

Still have not been able to fix it, so I gave up on IPv6 until more people report the same issue.

Running ESXi 7.0, latest update, with a Intel I-350 passed through for the WAN interface, and the VMX interfaces on LAN.

5

22.1 Legacy Series / Re: IPv6 working properly???

« on: February 24, 2022, 02:16:31 am »

Was going to start a similar sounding thread but will post here. I should do otherwise, please let me know.

I was going to title mine:
Trying to get IPv6 working, can't find Services > Router Advertisement

I have my LAN (/64) and WAN (/56) set to dhcpv6, set Send IPv6 prefix hint & not set Use IPv4 connectivity (Xfinity). The WAN gets a /128 IPv6 address but that's it. Nothing on the LAN or the OPT1 interface (not important).

I've seen several message that suggest changing settings under Service > Router Advertisements but I don't have the menu option.

Versions   OPNsense 22.1.1_3-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021

CPU type   Intel(R) Xeon(R) CPU E3-1270 v3 @ 3.50GHz (4 cores, 8 threads)

My IPv4 is still working so I'm not in a rush but I'll help out if I can.

Thanks

You need to tick "Allow manual adjustment of DHCPv6 and Router Advertisements" in the LAN interface option to see Router Advertisements.

I've never had an issue with the Router Advertisement service being online, it's always been online for me. My devices receive an IPv6 address, but just can't use it.

6

22.1 Legacy Series / Re: ipv6 issues after upgrade

« on: February 13, 2022, 11:44:19 am »

Same thing in happening in https://forum.opnsense.org/index.php?topic=26622.0

7

22.1 Legacy Series / Re: IPv6 working properly???

« on: February 08, 2022, 07:51:46 am »

@franco, I have no static routes with IPv6, it's the default setup. I have RA in Assisted mode, DHCPv6 enabled on the WAN interface.

I can't ping the link local address from either side, WAN -> LAN, LAN -> WAN, but I can ping link local from LAN interface to a client in that LAN.

I can't ping any other public IPv6 addresses from the public IPv6 address on the LAN interface.

I tried what @cardinal said, but it still doesn't work, I removed my DNS domain from the RA settings, unticked everything and still failing

EDIT:

I can't explain this at all, I tried rebuilding a brand new VM with same NIC etc, started from scratch, and IPv6 wasn't working initially. After a reboot it started working from my client devices. I restored my old settings, and IPv6 wasn't working from client devices again.

I rebuild the VM again, played around with it some more, and I once again had IPv6 on the client devices, through DHCPv6, NOT RA, and was able to ping Google through IPv6.

I compared the config file of the working IPv6 and non working IPv6, and found no discernable differences.

I then found a very strange issue, where if I disabled "Request only an IPv6 prefix", while pinging from a client device, I was able to then ping an IPv6 address for 2 seconds before it eventually started failing again.

PING: transmit failed. General failure.
PING: transmit failed. General failure.
Reply from 2404:6800:4006:814::2004: time=14ms
Reply from 2404:6800:4006:814::2004: time=15ms
Request timed out.
Request timed out.

Hopefully relevant logs:

<28>1 2022-02-08T20:01:30 opnsense.local radvd 61512 - [meta sequenceId="5"] prefix length should be 64 for vmx0
<30>1 2022-02-08T20:01:30 opnsense.local radvd 61512 - [meta sequenceId="6"] removing /var/run/radvd.pid
<30>1 2022-02-08T20:01:30 opnsense.local radvd 61512 - [meta sequenceId="7"] returning from radvd main
<30>1 2022-02-08T20:01:35 opnsense.local radvd 61974 - [meta sequenceId="8"] version 2.19 started
<28>1 2022-02-08T20:01:35 opnsense.local radvd 62486 - [meta sequenceId="9"] prefix length should be 64 for vmx0
<28>1 2022-02-08T20:01:35 opnsense.local radvd 62486 - [meta sequenceId="10"] prefix length should be 64 for vmx0
<28>1 2022-02-08T20:01:37 opnsense.local radvd 62486 - [meta sequenceId="11"] exiting, 1 sigterm(s) received
<30>1 2022-02-08T20:01:37 opnsense.local radvd 62486 - [meta sequenceId="12"] sending stop adverts
<28>1 2022-02-08T20:01:37 opnsense.local radvd 62486 - [meta sequenceId="13"] prefix length should be 64 for vmx0
<30>1 2022-02-08T20:01:37 opnsense.local radvd 62486 - [meta sequenceId="14"] removing /var/run/radvd.pid
<30>1 2022-02-08T20:01:37 opnsense.local radvd 62486 - [meta sequenceId="15"] returning from radvd main
<30>1 2022-02-08T20:01:37 opnsense.local radvd 84614 - [meta sequenceId="16"] version 2.19 started

cannot forward src fe80:1::11ae:5d59:abdd:d43f, dst xxxx:6800:4015:801::xxxx, nxt 58, rcvif vmx0, outif igb0
cannot forward src fe80:1::aef1:8ff:fe58:13bc, dst xxxx:108:700f::341a:34e2, nxt 6, rcvif vmx0, outif igb0
cannot forward src fe80:1::aef1:8ff:fe58:13bc, dst xxxx:108:700f::2ce6:119c, nxt 6, rcvif vmx0, outif igb0
cannot forward src fe80:1::11ae:5d59:abdd:d43f, dst xxxx:3fc0:1:104::670a:7d12, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:19f0:5801:1daa:5400:1ff:fe95:cf80, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:4700:f1::1, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::86b:b72c:d5a4:3beb, dst xxxx:8006:3510:7085::1c50, nxt 6, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:9400:4:0:216:3eff:fee2:1a8b, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::11ae:5d59:abdd:d43f, dst xxxx:3fc0:1:104::670a:7d13, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:4700:f1::1, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:9400:4:0:216:3eff:fee2:1a8b, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:4700:f1::1, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::250:56ff:feb5:247c, dst xxxx:bc80:3010:600:dead:beef:cafe:feda, nxt 6, rcvif vmx0, outif igb0
cannot forward src fe80:1::d0a8:136a:8213:cc4b, dst xxxx:1380:1001:6c00::1, nxt 6, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:9400:4:0:216:3eff:fee2:1a8b, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:4178:5:200::10, nxt 6, rcvif vmx0, outif igb0
cannot forward src fe80:1::11ae:5d59:abdd:d43f, dst xxxx:3fc0:1:103::670a:7d03, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::86b:b72c:d5a4:3beb, dst xxxx:8003:5448:7600:250:56ff:feae:7fa8, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::86b:b72c:d5a4:3beb, dst xxxx:8003:5448:7600:250:56ff:feae:7fa8, nxt 58, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:9400:4:0:216:3eff:fee2:1a8b, nxt 17, rcvif vmx0, outif igb0

I've given up with IPv6 for now, hopefully it gets fixed in 22.2

8

22.1 Legacy Series / Re: IPv6 working properly???

« on: February 06, 2022, 11:34:59 am »

I registered to say the same thing, IPv6 was working before 22.1 upgrade.

VM with PCI Passthrough with Intel I350 NIC passed through.

Currently all my clients are receiving their delegated IPv6 address through Prefix Delegation from the WAN interface, but no IPv6 traffic is working. I see it being passed in the firewall, but just unable to ping any IPv6 addresses from the OPNsense VM itself or from any clients.

Tried ticking and unticking "Allow manual adjustment of DHCPv6 and Router Advertisements" and then changed from Assisted to Managed to Unmanaged RA, but still same results, would get IPv6 address, but unable to communicate to anything.

The only thing I can see in the logs that may hint at what is going on is,

/usr/local/etc/rc.newwanipv6: The command '/sbin/route add -host -'inet6' '2001:4860:4860::8888' 'fe80::d604:ffff:fe2c:2bc1%'' returned exit code '71', the output was 'route: fe80::d604:ffff:fe2c:2bc1%: Name does not resolve'