Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - tasadar2

Pages1
#1
General Discussion / Re: Inbound IPv6 traffic not connecting
December 23, 2024, 09:07:39 PM
I think I found it. I switched from DHCP6 to SLAAC, which didn't help as all IPv6 communication failed. But when I switched it back to DHCP6, my site was reachable all of a sudden. The thing I noticed from my logs was a routing entry that was not there before.
Code Select
Destination                       Gateway                       Flags     Netif Expire
default                           fe80::12ff:fe3d:c900%bxe1     UG         bxe1

Why this was missing from opnsense in the first place is troubling(and how everything except inbound was working as expected), but it seems to be working now.
#2
General Discussion / [SOLVED] Inbound IPv6 traffic not connecting
December 23, 2024, 08:30:23 PM
I am attempting to expose my website via IPv6 and am running into issues. Though I have researched IPv6, this is my first time attempting to do any routing beyond connecting to another's site.

My server(hosting the site) can access an IPv6 website.
The server reports it's addresses as
Code Select
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2604:f780:d220:f100::2000/128 scope global dynamic noprefixroute
       valid_lft 5869sec preferred_lft 3169sec
    inet6 fe80::f59c:3716:b71:c3ac/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

Another machine on my LAN can `curl http://[2604:f780:d220:f100::2000]:8080` successfully.
I have a firewall rule set to allow the `8080` on that IP address, and when I `curl http://[2604:f780:d220:f100::2000]:8080` from an external machine, I can see the connection accepted in my firewall logs.
Code Select
Informational    filterlog    84,,,fae559338f65e11c53669fc3642c93c2,bxe0,match,pass,out,6,0x00,0x229fb,53,tcp,6,40,2601:3d02::f03f:93ff:fe5a:e261,2604:f780:d220:f100::2000,40252,8080,0,S,2760746982,,28800,,mss;sackOK;TS;nop;wscale   
Informational    filterlog    91,,,ba12a6fae4ded317f9604e82ebb419ec,bxe1,match,pass,in,6,0x00,0x229fb,53,tcp,6,40,2601:3d02::f03f:93ff:fe5a:e261,2604:f780:d220:f100::2000,40252,8080,0,S,2760746982,,28800,,mss;sackOK;TS;nop;wscale
But the command just hangs until it times out.

Since it seemed like the connection never made it's way back, I tried a tcp dump, and verified that the connection is reaching the server, but appears something is failing with `destination unreachable`.
Code Select
IP6 2601:3d02::f03f:93ff:fe5a:e261.46038 > 2604:f780:d220:f100::2000.8080: Flags [S], seq 1105096936, win 28800, options [mss 1440,sackOK,TS val 150905032 ecr 0,nop,wscale 7], length 0
IP6 2604:f780:d220:f100::2000.8080 > 2601:3d02::f03f:93ff:fe5a:e261.46038: Flags [S.], seq 1345266100, ack 1105096937, win 64260, options [mss 1440,sackOK,TS val 2088291025 ecr 150904270,nop,wscale 7], length 0
IP6 2604:f780:d220:f100:9ab7:85ff:fe01:821a > 2604:f780:d220:f100::2000: ICMP6, destination unreachable, unreachable route 2601:3d02::f03f:93ff:fe5a:e261, length 88
I added firewall rules to allow ICMP on the global and local addresses, but end up with the same result.
To simplify things, I attempted just pinging, but end up with the same behavior.
What am I missing?

Running on opnsense 24.7.11_2
Interfaces overview
Code Select
LAN   2604:f780:d220:f100:9ab7:85ff:fe01:821a/56
      fe80::9ab7:85ff:fe01:821a/64
WAN   2604:f780:d001::79/128
      fe80::9ab7:85ff:fe01:821b/64
Pages1