Messages

Glad you're sorted!

Is that a wired link or W-Fi? Is this IPv4 or v6?

I have just upgraded to 23.7.10_1 and will test speed tomorrow on my wired PC to see if my very basic setup with 1 WAN, 1 LAN (albeit on a software bridge) is affected. I report back so you have something to compare against.

That's really useful. Thanks.

I have reinstalled Firefox and now the traffic monitor works fine. :)

Glad it's working :)

Well, at least you know what the issue is. 

Perhaps you can work round it with a VPN - which is probably safer too

Just to check the obvious - your ISP isn't blocking https traffic?

Very odd. I just tried it in Firefox 119.0.1 on Windows 10 64bit. It was fine.

If it is OK in Chrome, then it suggest something about Firefox. Update / reinstall?

These links may be useful:
https://forum.opnsense.org/index.php?topic=3876.0
https://forum.opnsense.org/index.php?topic=573.0

The obvious dangers are discussed, but they should help.

A useful suggestion seems to be to try disabling reply-to on WAN rules (Firewall > Settings > Advanced)

BTW pfctl -d disables the firewall completely (and maybe NAT too, I am not sure). pfctl -e enables it.

Thanks both

Good to know Ubiquiti haven't sorted that yet. I am using one of their PoE switches too, so it's a double whammy.

There is definitely an MS Windows thing going on too - even with stateless DHCP. The DHCPv6 assigned DNS server addresses don't always appear - and last night found to be on wired (via an unmanaged Netgear switch) as well as wireless.

I may play further during the week. :)

I've just been reading about UniFi access point issues with IPv6 multicast. It's a 3 year old post that pretty much describes the issue. I am trying to find if it was ever resolved.
https://community.ui.com/questions/Bug-IPv6-Multicast-Traffic-is-dropped-by-AccessPoints-on-5GHz-WiFi-Clients-loose-IPv6-address/2541cb8f-efd9-41ed-82bd-42145956fddb?page=1

Also wondering if some of the known issues with Windows 10 IPv6 haven't been solved. I have exactly 'Issue 1' (paragraph 4) of this post https://www.reddit.com/r/ipv6/comments/j9j4j2/windows_10_2004_19041_has_multiple_rdnss_issues/
Interestingly my son has just had this issue on his PC, which is wired, not Wi-Fi.  That may make the whole UniFi thing moot, apart from the iPhone losing DNS IPv6 addresses after a while.

It's very convoluted, and part of me says 'enough': just let DNS servers be contacted on IPv4. It won't stop IPv6 traffic working.

Yes, IPv6 works well. At the start of the day, only IPv4 DNS server addresses were listed, but of course  DNS lookups still received IPv6 addresses info and all worked.

Since doing the stateless DHCPv6 with the IPv6 addresses, I know get DNS server IPv6 addresses on Wi-Fi devices as well.  It's just the one's created from SLAAC info that are hit and miss. Sometimes they appear, sometimes not. Hence my thinking that somethings going on with multicast.

One for another day!

[QUICK UPDATE]

QUICK UPDATE

I set:
Interfaces>LAN to 'Allow manual adjustment of DHCPv6 and Router Advertisements' (checked);
Services>Router Advertisements>LAN Router Advertisements to 'Stateless';
Services>DHCPv6>LAN to enabled; no range entered; and DNS servers of fe80::5a9c:fcff:fe10:6d75 (link-local of my OPNsense) and 2606:4700:4700::1111 (Cloudflare).

On Windows on wired LAN I get DNS servers listed as follows:

Code Select Expand


   DNS Servers . . . . . . . . . . . : fe80::5a9c:fcff:fe10:6d75%9
                                       2606:4700:4700::1111
                                       192.168.0.1
                                       1.1.1.1
                                       2a02:xxxx:xxxx:xxxx:xxxx:fcff:fe10:6d75 (note: global address of OPNsense LAN interface)


On Windows on WiFi, I get the same but without the 2a02:xxxx:xxxx:xxxx:xxxx:fcff:fe10:6d75 which I think is via SLAAC / RA.

iPhones give the same but IPv4 first. I.e.
192.168.0.1;
1.1.1.1;
fe80::5a9c:fcff:fe10:6d75 and
2606:4700:4700::1111.
No 2a02 global address.

I can't face turning on my wife's Mac but I suspect similar to Windows on Wi-Fi.

It looks very much as if my UniFi Access Points or Controller aren't passing through DNS server addresses from Router Advertisements.  I wonder if its a multicast thing? (Does client router solicitation use multicast??)

Anyway, wine and food are calling. Thanks for listening, and I hope it's of use to someone, sometime.

Thanks @Maurice

I suspect the UniFi Access points and controller aren't playing too nicely with SLAAC DNS server addresses. The update below shows that the SLAAC / RA advertised 2a02:xxxx:xxxx:xxxx:xxxx:fcff:fe10:6d75 address doesn't reliably get though to any Wi-Fi clients. The ones entered in DHCPv6 settings do get through, so all is good.

For maximum compatibility I won't let anyone with an Android device enter the house.  :D

Thanks again - it's appreciated.

For stateless DHCPv6, set the Router Advertisements to "Stateless" and enable the DHCPv6 server, but don't specify an address range there.

Perfect - thank you. I had, as a test, reverted to "Allow manual adjustment of DHCPv6 and Router Advertisements" disabled". It corrected the IPv6/IPv4 order thing, but I was getting additional IPv6 addresses - presumably one from DHCPv6, and Windows generated ones from SLAAC.

I have just tried your suggested stateless setting. It gets rid of the extra permanent IPv6. On wired LAN windows client it's good, albeit it with repeated IPv6 DNS server addresses. On a Wi-Fi windows clients, ipconfig /all doesn't show any IPv6 DNS server addresses at all!

I'll play a little longer, but suspect I will eventually give up on this one!

Thanks again

@maurice

Sorry - I feel a bit dumb, but a search isn't really helping. How do you enable DHCPv6 in stateless mode?

Thanks