Messages

1

23.7 Legacy Series / Multiple IPv6 IPs on WAN issues

« on: November 15, 2023, 08:49:56 pm »

Hi guys. I'm trying to understand with my VPS provider with isn't my IPv6 setup working properly.

I'm assigned 5 /64 IPv6, which one is the main one and the other 4 are like aliases. To configure this on OPNSense, I've configured one directly on the interface using Static IPv6 and defining a custom GW for it, the others are defined on the Virtual IPs setting.
The symptoms I'm observing is that only when I ping the IPv6 GW from any of the source IPv6 is that the traffic actually "works", as in, I can reach the internet via IPv6. After 10-20s of stopping the ping to the GW, all traffic stops (from either of the 5 IPv6s).

What am I missing on my configuration or what did I do wrong here?

2

23.7 Legacy Series / Re: [WORKAROUND] 23.7.8 - IPV6 issues with WG / DHCPv6 / Gateways / RADVD

« on: November 11, 2023, 02:43:30 pm »

Just to add that I tested the patch too and everything looks fine and working normally.

One quick question tho: do we need to revert the patch before the next update, or a normal update will work without issues?

3

22.7 Legacy Series / Re: IPv6 connectivity woes

« on: December 03, 2022, 11:30:14 pm »

OK, while I know it's different (Linux vs FreeBSD), comparing the route outputs from an OpenWRT router, which is actually doing the same job, looks like there are missing routes, which I really don't know it's normal.

Key differences:
- On OpenWRT, when configure to lan side to track an interface, it doesn't get a public IP address, but OPNSense does have it (there are actually 2 public addresses on the FW, one on each interface)
- On OpenWRT, I have ipv6 routes to every IP what was requested, but I get nothing like this on OPNSense. Example:

OpenWRT:
root@router-1:~# ip -6 r
default from 2001:818:dcb6:6e00::/64 via fe80::1 dev eth0  metric 512
2001:818:dcb6:6e00:2b8f:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:2cc0:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:30c9:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:4439:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:51a7:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:540c:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:7066:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:71e6:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:7ca2:xxxx:xxxx:xxxx dev br-lan  metric 1024
2001:818:dcb6:6e00:86ec:xxxx:xxxx:xxxx dev br-lan  metric 1024

OPNSense:
Internet6:
Destination                       Gateway                       Flags     Netif Expire
default                           fe80::2ad1:27ff:fe4e:4a70%vtnet0 UGS   vtnet0
::1                               link#6                        UHS         lo0
2001:818:dcb6:6e00:7066:xxxx:xxxx:xxxx link#1                   UHS         lo0
2001:818:dcb6:6e00:70aa:xxxx:xxxx:xxxx link#3                   UHS         lo0
fe80::%vtnet0/64                  link#1                        U        vtnet0
fe80::7066:xxxx:xxxx:xxxx%vtnet0  link#1                        UHS         lo0
fe80::%vtnet2/64                  link#3                        U        vtnet2
fe80::70aa:xxxx:xxxx:xxxx%vtnet2  link#3                        UHS         lo0
fe80::%lo0/64                     link#6                        U           lo0
fe80::1%lo0                       link#6                        UHS         lo0

4

22.7 Legacy Series / IPv6 connectivity woes

« on: December 03, 2022, 07:48:18 pm »

Hi guys!

I'm trying to setup IPv6 connectivity on the "lan" side of the opnsense firewall but for some reason, while i do get and IP, it doesn't talk to anyone.

Setup is like this:

Internet ----------- [WAN: SLAAC] OPNsense [LAN: Track Interface WAN] ---------- Clients

OPNSense has internet connection no problem.
Any client that connects on the LAN side of it, get's and IP address (2001:XXX) but can't use it for anything, not even pinging the LAN interface (that also get's an IPv6 address).

Nothing obvious shows up on the firewall logs.

Any ideia of what I might be doing wrong?

5

22.7 Legacy Series / Re: NAT Loopback 22.7

« on: August 07, 2022, 03:22:40 pm »

You mean something like this?

EDIT: Forgot to actually put the link. https://forum.opnsense.org/index.php?topic=29703.0

6

22.7 Legacy Series / 1:1 NAT for a Virtual IP (from the LAN side)

« on: August 05, 2022, 01:15:29 pm »

I have 2 Virtual IPs assigned to the WAN interface (plus the "normal" one), and I've created 2 1:1 BINAT rule for those and everything is working fine. What is not working fine is if one of the LAN hosts tries to talk to one of the VirtualIPs, the firewall, instead of forwarding the request back to the LAN to the designated host, just consumes the request for itself. Is there any configuration that I'm missing here?