Messages

Try clamping your mss to 1492

This now seems to work.... Will test further

Try clamping your mss to 1492

Under Firewall - Settings - Normalization ?

For the WAN interface?

I had similar issues with Microsoft and it's the DNSmasq RA MTU that needs to be manually set. If you use radvd instead, the issue goes away. But setting the dnsmasq RA MTU to a workable value also fixes it. As does clamping the WAN MSS value

I set the RA MTU to 1452. Unfortunately this did not have an impact. Still not working.

It stopped working for me again also with the 1400 MTU

Seems I am not the only one:
https://www.reddit.com/r/ipv6/comments/1mp3gl2/certain_microsoft_websites_are_inaccessible_over/

Weird... really the only problems with this VS code or packages.microsoft.com sites.
IPv6 working with all other sites. Also the IPv6 test sites showing perfect results.

With 1400. The packaging updating and the website of VS code works again.
You are right, still no ping. But the problem is solved.

The MTU field was empty, however it stated below: Calculated PPP MTU: 1492, so I thought this is fine for PPPoE.

I have a standard private FTTH connection by the German Telekom.

In between, I found out with curl that the connection to https://code.visualstudio.com/ worked with IPv4, but not with IPv&.

Lower your MTU to 1400.

FreeBSD 15 supposedly fixes this

OK. Changed the MTU on the WAN to 1400. Now it works...
Thanks a lot. Can you explain it?

Hi everybody,

since weeks I have a strange problem.

My setup:
- German Telekom FTTH connection
- OPNsense with always up-to-date version
- IPv4/IPv6 dual stack
This is PPPoE to the fiber modem. DHCPv6 receives a /56 subnet. On the LAN interface it is identity association and RA by Dnsmasq.

My internet connection works completely fine. IPv4 and IPv6. With all my devices in different VLANS etc.
However I have reoccuring problems with servers from Microsoft.
I discovered it because my "apt update" on my Mint system hangs at the servers for VS Code (packages.microsoft.com).

Now for example. I am not able to open https://code.visualstudio.com/ from any of my devices.
https://microsoft.com/ did not work the whole day. However coming from google, https://www.microsoft.com/de-de just worked.


Also Ping:

Code Select Expand

mario@mint-vm:~$ ping packages.microsoft.com
PING packages.microsoft.com (2620:1ec:46::45) 56 data bytes
^C
--- packages.microsoft.com ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 8182ms
Same with IPv4:

Code Select Expand

mario@mint-vm:~$ ping -4 packages.microsoft.com
PING packages.microsoft.com (13.107.246.45) 56(84) bytes of data.
^C
--- packages.microsoft.com ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4082ms

Yesterday I was able to go on https://code.visualstudio.com/
Today nothing loads.

My work laptop is also connected here but uses a Proxy from my company. There no problems at all.

I already disabled my firewalls:
- Zenarmor
- Crowdsec
No effect.

As you see from the ping: DNS resolving works. But the IPs are not reachable.
It is with all devices in my network. Android, Linux, Windows, etc..
When I am using the mobile network it works. So the servers are there, I am just not able to reach them from my home network.

I have no ideas where this is coming from. Any advice in which direction to investigate?


Cheers
Mario

Hi Franco,

thanks, clear.
However, what I would like to understand is if my way is currently still the recommended way with different prefixes for different subnets, or if there is now an alternative more "standard" way with KEA or DNSmasq.

Maybe I also not really understand the difference between "track interface" and "Identity Association".

Thanks
Mario

Hi everybody,

I will be in the same situation when I upgrade to 26.1 and honestly, I am somehow confused with the IPv6 topic.

I have a FTTH account with Telekom in Germany. I also get a /56 prefix.

My current setup:
KEA DHCP for IPv4. Different VLANs with different subnets.

For my VLAN interfaces and IPv6, I did the following:
- In the WAN interface I put "IPv6 Configuration Type: DHCPv6"
- In the LAN VLANS I put "IPv6 Configuration Type: Track interface"
 - Under "Track IPv6 Interface" I put my WAN interface and I assigned a unique prefix for each interface
- Under "Services" KEA DHCPv6 is disabled
- Under "Services" ISC DHCPv6 is enabled for the VLANs and shows the IP ranges
- "Service -> Router Advertisments" is set to "Assisted" for the single LAN VLANS.

DNSMasq is not enabled.

I have this IPv6 setup since the beginning and put it following a howto for my provider.

Will this still work with the 26.1 upgrade? (I think so with ISC running as a plugin...?)
More important: Is this the way to go? What would now be the recommended way for my setup?
- Different prefixes for my VLANS
- Dynamic IPv6 /56 prefix received from my provider when dialing in via PPPoE.

I think this will be relevant for a lot of users at least in Germany ;)


Cheers
Mario

I could solve the problem, so for all of you who are in the same situation:

Realtek basically offers the following drivers:
- Auto Installation Program (NDIS) Not Support Power Saving
- Auto Installation Program (NDIS)
- Auto Installation Program (NetAdapterCx) Not Support Power Saving
- Auto Installation Program (NetAdapterCx)

I had the issue with the one from ASROCK driver (Realtek Lan driver ver:10.071.0425.2024). Based on the version, I think this is an NDIS driver. Then also with the "Auto Installation Program (NetAdapterCx)". Same result.

Now I also tried the "Auto Installation Program (NetAdapterCx) Not Support Power Saving". And finally all works fine.

So seems, that the power saving has caused this problem.

Connected by a switch. However same cable for the USB and for the Realtek.

IPv6 enabled for the NIC with DHCP enabled. Same for the Realtek and for the USB model.

I first used the Realtek driver from the ASROCK homepage for my mainboard. Then later also changed it to the latest from the Realtek homepage. Without any change.
As this is now happening with 2 computers and with a completely new Win11 installation, I was wondering if I am the only one.

Quite strange as it works for all my other devices (Linux), my work Laptop (win11) and also for my new Win11 computer if I just plug in the USB NIC...

On OPNSense ISC DHCPv6 I could see a lease given, but seems not to be received/accepted on my client.

btw: Service - Router Advertisements was "disabled", I changed it now to "Assisted". However does not make a difference.

Hi,

I had a Win11 Desktop with an ASROCK B550 Mainboard with a Realtek 2.5G NIC. And since some time I realized I did not get an IPv6 adress anymore.
All other devices work fine.

Now I got a new PC with a fresh Win11 installation. ASROCK X870 Pro RS board, again with a Realtek 2.5G NIC. Same problem. When I plug in a USB NIC, I get the IPv6 address.

Does anybody know problems like this?

Is anyone going to fix the version typo on the title of this thread?

Sorry ;)
Done

One question regarding DHCPv6 and RA.

In my LAN interface I track my WAN interface for IPv6 and just define a prefix for my 56-subnet I get from my provider.
If I then do not select the manual configuration (Allow manual adjustment of DHCPv6 and Router Advertisements).

What are then the defaults for DHCPv6 and RA?
My challenge is that, when the "manual configuration" is not ticked, I do not even see the Service->RA or the Service->ISC-DHCPv6 settings showing up.