Show Posts
1
24.1 Legacy Series / Re: Weirdness with IPv6 and DHCPv6...
« on: March 02, 2024, 07:03:14 pm »
I don't mean to hijack this thread, but I think my symptoms might be related to your difficulties here. It sounds like I picked the wrong time to convert off of Ubiquiti to opnsense!
I configured the WAN interface for DHCPv6 client, requesting only a prefix enabled, sending a prefix-hint enabled, and requesting a /56 prefix. I then configured each of my internal interfaces (LAN, OPT1-4) to each to use interface tracking and assigned a unique ipv6 prefix-id to each internal interface.
I'm getting my external /56 prefix assignment properly, the FW IPv6 routing table has the correct link-local next-hop for a default gateway (FiOS ONT), and the firewall is able to ping6 www.google.com without issue.
My internal clients are seeing the the correct IPv6 prefix configured by DHCPv6 stateless configuration. Internal clients can ping FW solely on FE80: prefix, and cannot ping past the FW. On my windows client, I have the following neighbor information (sanitized of course. I have confirmed that on the other subnets, they are assigned the correct prefix ID of ":60x:" where X is the is prefix ID that I set in the opnsense):
Can you check your neighbor list on your windows host? I think this is a router-advertisement issue and the configuration that used to work doesn't work anymore?
Thoughts? (Again I apologize if my interruption is unwelcome. First time post on this forum.)
Thanks,
-Pete
I configured the WAN interface for DHCPv6 client, requesting only a prefix enabled, sending a prefix-hint enabled, and requesting a /56 prefix. I then configured each of my internal interfaces (LAN, OPT1-4) to each to use interface tracking and assigned a unique ipv6 prefix-id to each internal interface.
I'm getting my external /56 prefix assignment properly, the FW IPv6 routing table has the correct link-local next-hop for a default gateway (FiOS ONT), and the firewall is able to ping6 www.google.com without issue.
My internal clients are seeing the the correct IPv6 prefix configured by DHCPv6 stateless configuration. Internal clients can ping FW solely on FE80: prefix, and cannot ping past the FW. On my windows client, I have the following neighbor information (sanitized of course. I have confirmed that on the other subnets, they are assigned the correct prefix ID of ":60x:" where X is the is prefix ID that I set in the opnsense):
Code: [Select]
PS C:\> netsh interface ipv6 show neighbors interface=Ethernet
Interface 11: Ethernet
Internet Address Physical Address Type
-------------------------------------------- ----------------- -----------
2600:xxxx:xxxx:600::1240 00-00-00-00-00-00 Unreachable
2600:xxxx:xxxx:600:12ca:71fe:5029:2e2c 00-00-00-00-00-00 Unreachable
2600:xxxx:xxxx:600:227c:14ff:fea1:e7de Unreachable Unreachable (Router)
2600:xxxx:xxxx:600:ed94:3f26:dcc6:c3aa 00-00-00-00-00-00 Unreachable
2600:xxxx:xxxx:3700:227c:14ff:fea1:e7de 20-7c-14-a1-e7-de Stale (Router)
fe80::227c:14ff:fea1:e7de 20-7c-14-a1-e7-de Stale (Router)
ff02::1 33-33-00-00-00-01 Permanent
ff02::2 33-33-00-00-00-02 Permanent
ff02::c 33-33-00-00-00-0c Permanent
ff02::16 33-33-00-00-00-16 Permanent
ff02::fb 33-33-00-00-00-fb Permanent
ff02::1:2 33-33-00-01-00-02 Permanent
ff02::1:3 33-33-00-01-00-03 Permanent
ff02::1:ff00:1240 33-33-ff-00-12-40 Permanent
ff02::1:ff29:2e2c 33-33-ff-29-2e-2c Permanent
ff02::1:ffa1:e7de 33-33-ff-a1-e7-de Permanent
ff02::1:ffa2:9713 33-33-ff-a2-97-13 Permanent
ff02::1:ffb2:7848 33-33-ff-b2-78-48 Permanent
ff02::1:ffdf:3bd8 33-33-ff-df-3b-d8 Permanent
Can you check your neighbor list on your windows host? I think this is a router-advertisement issue and the configuration that used to work doesn't work anymore?
Thoughts? (Again I apologize if my interruption is unwelcome. First time post on this forum.)
Thanks,
-Pete