"
I have actually found my problem. It is due to a buffer bloat fix that I took from this website (https://maltechx.de/en/2021/03/opnsense-setup-traffic-shaping-and-reduce-bufferbloat/). If I deactivate the rules, Unbound works again with IPv6 NS querys. But I don't understand the reason for this at all.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
23.7 Legacy Series / Re: Unbound needs Outgoing Network Interfaces set to resolve AAAA via IPv6
December 22, 2023, 12:28:54 PM #2
23.7 Legacy Series / Re: Unbound needs Outgoing Network Interfaces set to resolve AAAA via IPv6
December 21, 2023, 08:08:34 PM
Thank you for your answer. Unfortunately, that is not the reason. I can ping from the OPNSense via the WAN IP:
What else could it be? It must be some kind of setting. I quickly set up an OPNSense from scratch on another system and connected it to the same modem. The problem does not occur there.
Code Select
ping -S MY_WAN_IPV6 www.google.de
PING6(56=40+8+8 bytes) MY_WAN_IPV6 --> 2a00:1450:400e:805::2003
16 bytes from 2a00:1450:400e:805::2003, icmp_seq=0 hlim=118 time=37.263 ms
16 bytes from 2a00:1450:400e:805::2003, icmp_seq=1 hlim=118 time=19.277 ms
16 bytes from 2a00:1450:400e:805::2003, icmp_seq=2 hlim=118 time=17.602 ms
16 bytes from 2a00:1450:400e:805::2003, icmp_seq=3 hlim=118 time=38.381 msWhat else could it be? It must be some kind of setting. I quickly set up an OPNSense from scratch on another system and connected it to the same modem. The problem does not occur there.
#3
23.7 Legacy Series / Unbound needs Outgoing Network Interfaces set to resolve AAAA via IPv6
December 21, 2023, 04:38:11 PM
Hello,
I am using OPNsense 23.7.10_1-amd64 and have a strange problem with Unbound. If I have set Unbound => General => Outgoing Network Interfaces to ALL (the default), I get a timeout from Unbound with the following query:
However, if I only add LAN to the Outgoing Network Interfaces, the query is resolved correctly:
I get a dynamic IPv4 and a dynamic /59 subnet from my provider. IPv6 generally works. How can I find out what is going wrong?
I am using OPNsense 23.7.10_1-amd64 and have a strange problem with Unbound. If I have set Unbound => General => Outgoing Network Interfaces to ALL (the default), I get a timeout from Unbound with the following query:
Code Select
dig -t AAAA aaaa.v6ns.test-ipv6.com
; <<>> DiG 9.10.6 <<>> @10.1.1.1 -t AAAA aaaa.v6ns.test-ipv6.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reachedHowever, if I only add LAN to the Outgoing Network Interfaces, the query is resolved correctly:
Code Select
dig -t AAAA aaaa.v6ns.test-ipv6.com
; <<>> DiG 9.10.6 <<>> @10.1.1.1 -t AAAA aaaa.v6ns.test-ipv6.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47182
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;aaaa.v6ns.test-ipv6.com. IN AAAA
;; ANSWER SECTION:
aaaa.v6ns.test-ipv6.com. 300 IN AAAA 2001:470:1:18::115
;; Query time: 331 msec
;; SERVER: 10.1.1.1#53(10.1.1.1)
;; WHEN: Thu Dec 21 16:28:04 CET 2023
;; MSG SIZE rcvd: 80
I get a dynamic IPv4 and a dynamic /59 subnet from my provider. IPv6 generally works. How can I find out what is going wrong?
#4
23.7 Legacy Series / Re: Unbound does not respond on IPv6 ULA Virtual IP
November 21, 2023, 11:52:40 AM
I can only apologize for not providing all the relevant information. I will do better next time.
My problem has now been solved without me deliberately doing anything. I must have made some kind of mistake beforehand.
Many thanks to everyone for the help.
My problem has now been solved without me deliberately doing anything. I must have made some kind of mistake beforehand.
Many thanks to everyone for the help.
#5
23.7 Legacy Series / Re: Unbound does not respond on IPv6 ULA Virtual IP
November 16, 2023, 09:37:36 AM
Even with the new version 23.7.8_1, the unbound does not listen to the ULA address. The patches should be included in this version, right?
#6
23.7 Legacy Series / Unbound does not respond on IPv6 ULA Virtual IP
November 13, 2023, 11:38:09 AM
Hi,
I have OPNSense 23.7.8 running. I would like to experiment with IPv6 in my network. Currently I assign an IPv4 like 10.1.1.X to my clients via DHCP. Via SLAAC the clients get a dynamic public /64 IPv6 and a ULA /64 IPv6. I have enabled this via a virtual IP /64 ULA on the LAN interface. So far that works.
Now I would like to address the Unbound Service from Opnsense via IPv6. If I use the public ipv6, this also works without any problems:
However, when I try to request the ULA of OpnSense, there is only a connection refused:
Even if I try it directly from the OPNsense box via 'host', I have the same result. Ping to ULA works in all directions.
Services -> Unbound -> General -> Network Interfaces is set to 'ALL'.
What do I have to do so that I can address Unbound via the Virtual ULA IP? Does anyone have an idea how I can debug this?
I have OPNSense 23.7.8 running. I would like to experiment with IPv6 in my network. Currently I assign an IPv4 like 10.1.1.X to my clients via DHCP. Via SLAAC the clients get a dynamic public /64 IPv6 and a ULA /64 IPv6. I have enabled this via a virtual IP /64 ULA on the LAN interface. So far that works.
Now I would like to address the Unbound Service from Opnsense via IPv6. If I use the public ipv6, this also works without any problems:
Code Select
dig @MY_OPNSENSE_PUBLIC_IPv6 www.google.de
; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> @MY_OPNSENSE_PUBLIC_IPv6 www.google.de
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32014
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.google.de. IN A
;; ANSWER SECTION:
www.google.de. 300 IN A 142.250.27.94However, when I try to request the ULA of OpnSense, there is only a connection refused:
Code Select
dig @MY_OPNSENSE_ULA_IPv6 www.google.de
;; communications error to MY_OPNSENSE_ULA_IPv6#53: connection refused
;; communications error to MY_OPNSENSE_ULA_IPv6#53: connection refused
;; communications error to MY_OPNSENSE_ULA_IPv6#53: connection refused
; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> @MY_OPNSENSE_ULA_IPv6:: www.google.de
; (1 server found)
;; global options: +cmd
;; no servers could be reachedEven if I try it directly from the OPNsense box via 'host', I have the same result. Ping to ULA works in all directions.
Services -> Unbound -> General -> Network Interfaces is set to 'ALL'.
What do I have to do so that I can address Unbound via the Virtual ULA IP? Does anyone have an idea how I can debug this?
Pages1
