Show posts

#1

23.7 Legacy Series / Multiple IPv6 IPs on WAN issues

November 15, 2023, 08:49:56 PM

Hi guys. I'm trying to understand with my VPS provider with isn't my IPv6 setup working properly.

I'm assigned 5 /64 IPv6, which one is the main one and the other 4 are like aliases. To configure this on OPNSense, I've configured one directly on the interface using Static IPv6 and defining a custom GW for it, the others are defined on the Virtual IPs setting.
The symptoms I'm observing is that only when I ping the IPv6 GW from any of the source IPv6 is that the traffic actually "works", as in, I can reach the internet via IPv6. After 10-20s of stopping the ping to the GW, all traffic stops (from either of the 5 IPv6s).

What am I missing on my configuration or what did I do wrong here?

#2

23.7 Legacy Series / Re: [WORKAROUND] 23.7.8 - IPV6 issues with WG / DHCPv6 / Gateways / RADVD

November 11, 2023, 02:43:30 PM

Just to add that I tested the patch too and everything looks fine and working normally.

One quick question tho: do we need to revert the patch before the next update, or a normal update will work without issues?

#3

22.7 Legacy Series / Re: IPv6 connectivity woes

December 03, 2022, 11:30:14 PM

OK, while I know it's different (Linux vs FreeBSD), comparing the route outputs from an OpenWRT router, which is actually doing the same job, looks like there are missing routes, which I really don't know it's normal.

Key differences:
- On OpenWRT, when configure to lan side to track an interface, it doesn't get a public IP address, but OPNSense does have it (there are actually 2 public addresses on the FW, one on each interface)
- On OpenWRT, I have ipv6 routes to every IP what was requested, but I get nothing like this on OPNSense. Example:

OpenWRT:
root@router-1:~# ip -6 r
default from 2001:818:dcb6:6e00::/64 via fe80::1 dev eth0 metric 512
2001:818:dcb6:6e00:2b8f:xxxx:xxxx:xxxx dev br-lan metric 1024
2001:818:dcb6:6e00:2cc0:xxxx:xxxx:xxxx dev br-lan metric 1024
2001:818:dcb6:6e00:30c9:xxxx:xxxx:xxxx dev br-lan metric 1024
2001:818:dcb6:6e00:4439:xxxx:xxxx:xxxx dev br-lan metric 1024
2001:818:dcb6:6e00:51a7:xxxx:xxxx:xxxx dev br-lan metric 1024
2001:818:dcb6:6e00:540c:xxxx:xxxx:xxxx dev br-lan metric 1024
2001:818:dcb6:6e00:7066:xxxx:xxxx:xxxx dev br-lan metric 1024
2001:818:dcb6:6e00:71e6:xxxx:xxxx:xxxx dev br-lan metric 1024
2001:818:dcb6:6e00:7ca2:xxxx:xxxx:xxxx dev br-lan metric 1024
2001:818:dcb6:6e00:86ec:xxxx:xxxx:xxxx dev br-lan metric 1024

OPNSense:
Internet6:
Destination Gateway Flags Netif Expire
default fe80::2ad1:27ff:fe4e:4a70%vtnet0 UGS vtnet0
::1 link#6 UHS lo0
2001:818:dcb6:6e00:7066:xxxx:xxxx:xxxx link#1 UHS lo0
2001:818:dcb6:6e00:70aa:xxxx:xxxx:xxxx link#3 UHS lo0
fe80::%vtnet0/64 link#1 U vtnet0
fe80::7066:xxxx:xxxx:xxxx%vtnet0 link#1 UHS lo0
fe80::%vtnet2/64 link#3 U vtnet2
fe80::70aa:xxxx:xxxx:xxxx%vtnet2 link#3 UHS lo0
fe80::%lo0/64 link#6 U lo0
fe80::1%lo0 link#6 UHS lo0

#4

22.7 Legacy Series / IPv6 connectivity woes

December 03, 2022, 07:48:18 PM

Hi guys!

I'm trying to setup IPv6 connectivity on the "lan" side of the opnsense firewall but for some reason, while i do get and IP, it doesn't talk to anyone.

Setup is like this:

Internet ----------- [WAN: SLAAC] OPNsense [LAN: Track Interface WAN] ---------- Clients

OPNSense has internet connection no problem.
Any client that connects on the LAN side of it, get's and IP address (2001:XXX) but can't use it for anything, not even pinging the LAN interface (that also get's an IPv6 address).

Nothing obvious shows up on the firewall logs.

Any ideia of what I might be doing wrong?

#5

22.7 Legacy Series / Re: NAT Loopback 22.7

August 07, 2022, 03:22:40 PM

You mean something like this?

EDIT: Forgot to actually put the link. https://forum.opnsense.org/index.php?topic=29703.0

#6

22.7 Legacy Series / 1:1 NAT for a Virtual IP (from the LAN side)

August 05, 2022, 01:15:29 PM