Show Posts
1
23.1 Legacy Series / [SOLVED] IPv6 traffic not routed properly
« on: March 12, 2023, 08:39:24 am »
Hello everyone,
`netstat -r` shows the correct IPv6 default gateway, but traffic is not routed. The gateway is reachable and works(tested with a different, not-OPNsene device).
I checked the firewall logs, the ping attempts went through.
ping from client in `fc00:4::/64`:
ping from the OPNsense router:
for completeness:
I am a bit at a loss, based on my testing it has to be the router not routing. But how does that make sense, the gateway is set. Would really appreciate any ideas/insights on what I could have missed here. Thanks in advance
Best regards
Hannes
EDIT: My WireGuard endpoint config didn't have `::/0` in allowed IPs, adding that solved it.
`netstat -r` shows the correct IPv6 default gateway, but traffic is not routed. The gateway is reachable and works(tested with a different, not-OPNsene device).
Code: [Select]
Internet6:
Destination Gateway Flags Netif Expire
default fd42:42:42::1 UGS wg1 <---- gateway in the VPN network
localhost link#6 UHS lo0
fc00:4::/64 link#2 U igc1
router link#2 UHS lo0
fd42:42:42::/64 link#9 U wg1 <---- the VPN network
fd42:42:42::4 link#9 UHS lo0
fe80::%igc0/64 link#1 U igc0
...I checked the firewall logs, the ping attempts went through.
ping from client in `fc00:4::/64`:
Code: [Select]
λ ~/ ping -6 google.com
PING google.com(fra24s05-in-x0e.1e100.net (2a00:1450:4001:828::200e)) 56 data bytes
From router.dorm (fc00:4::1) icmp_seq=1 Destination unreachable: No route
From router.dorm (fc00:4::1) icmp_seq=2 Destination unreachable: No route
From router.dorm (fc00:4::1) icmp_seq=3 Destination unreachable: No route
...ping from the OPNsense router:
Code: [Select]
root@router:~ # ping -v -6 google.com
PING6(56=40+8+8 bytes) fd42:42:42::4 --> 2a00:1450:4001:828::200e
ping: sendmsg: Capabilities insufficient
ping6: wrote google.com 16 chars, ret=-1
64 bytes from fd42:42:42::4: No Route to Destination
Vr TC Flow Plen Nxt Hlim
6 00 00000 0010 3a 40
fd42:42:42::4->2a00:1450:4001:828::200e
ICMP6: type = 128, code = 0for completeness:
Code: [Select]
root@router:~ # ping -v -6 fd42:42:42::1
PING6(56=40+8+8 bytes) fd42:42:42::4 --> fd42:42:42::1
16 bytes from fd42:42:42::1, icmp_seq=0 hlim=64 dst=fd42:42:42::4%9 time=10.504 ms
λ ~/ ping -6 fd42:42:42::1
PING fd42:42:42::1(fd42:42:42::1) 56 data bytes
64 bytes from fd42:42:42::1: icmp_seq=1 ttl=63 time=10.8 ms
I am a bit at a loss, based on my testing it has to be the router not routing. But how does that make sense, the gateway is set. Would really appreciate any ideas/insights on what I could have missed here. Thanks in advance
Best regards
Hannes
EDIT: My WireGuard endpoint config didn't have `::/0` in allowed IPs, adding that solved it.