Messages

Definitely familiar with that issue. Yesterday I did power cycle the CM and then OpnSense in hopes that was part of the issue and it didn't immediately fix anything.

The toggle mentioned in my previous post came after that.

To be clear, IPv4 has been working flawlessly this whole time.

Going to keep adding my troubleshooting in hopes someone sees this and can help me out.

I saw a post online suggesting to check "Request only an IPv6 prefix".  I did this. Surprisingly pings from my test system out started working. Wanted to see if this was a reproducible solution I unchecked the box and saved, ping briefly dropped and then came back again. Once more I checked it and same thing, pings dropped briefly and came back.

I'm at a complete loss.  Checking the box, in and of itself, doesn't seem to be the solution just the fact that I toggled it.  I'm not in a position to reboot but tomorrow I plan on rebooting to see if a) the pings continue to work and if not, if b) toggling that checkbox fixes it again.

So, I do think it's OpnSense but i can't figure out what I'm doing wrong.

When I reboot, or reload services, there's a window where pings from one of my inside machines to google will work and once the services are done reloading they stop working again.  That leads me to believe there's something in the pf I'm missing but I don't know what. My rules are pretty basic.

But then again that doesn't explain why I see the outbound packets on the WAN interface during my testing.

I could really use some help on how to troubleshoot this further.

Yes, there's a ::/0 route with the next-hop of the fe80 of the router's vlan interface.

Also, if I run a packet capture I can see the outbound traffic but no return.

IPv6, length 118: 2603:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:3f80 > 2607:f8b0:4009:81c::200e: ICMP6, echo request, seq 16, length 64

Thanks for replying. I'm learning as I go with IPv6 so if I'm missing something obvious please let me know.  I'm starting to think this is an ISP issue.

I've recently switched to OpnSense and am trying to utilize the IPv6 prefixes provided to me by my ISP (Spectrum) but I cannot get LAN traffic to consistently route outside of my network.  IPv4 is working fine.

My WAN interface is configured for DHCP & DHCPv6. DHCPv6 Config:

• Prefix Delegation: 60
• Send IPv6 Prefix Hint: Checked

Interfaces > Overview > WAN shows both an IPv6 address and an IPv6 prefix which is a /60 as requested. Both GUA.

On my VLAN I'm testing this with I have a Static IPv4 that works fine and I have IPv6 set to track the WAN interface. Currently manual configuration is unchecked. I have tried checking it and several variations of settings in RA but right now I'm just trying to make this work as "out of the box" before I go tweaking.

Checking the VLAN in Interfaces > Overview shows IPv6 addressing. A link-local address as well as a GUA that out of the Prefix assigned to this interface and it has the correct mask (/64).

On my test system, it has a link-local fe80 and 2 GUAs with the correct prefix. One is a /64 and one is a /128. I can ping both of these from the OpnSense router and I can ping the OpnSense router from the test system.

When I try to ping a public address (i.e. google.com) from the test system it times out.  Traceroutes stop after the 1st hop.

When I try to ping a public address from OpnSense it works.
When I try to ping a public address from OpnSense, and source from the vlan interfaces (ping 6 -I vlan0.xxx) it also works fine and indicates it's sourcing using the GUA of that interface.

I could use some help trying to figure out where to go next to troubleshoot this issue. I've been digging through forum and reddit posts for a couple days now and nothing has worked.

Edit:
I left out that I do have an IPv6 rule in the firewall to allow traffic out from that network.