Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Mechanix

Pages1
#1
25.1, 25.4 Production Series / Re: NPTv6 not working as expected
February 16, 2025, 04:42:29 PM
Thanks for you reply. That bi-net log entry comes because I've enable logging on the NPTv4 sequence.
How did you configure the loopback to track your WAN?

Edit: I've found it and its working! Thanks for the hint.

Wonder why this has changed from 25.1 to 25.1.1 though
#2
25.1, 25.4 Production Series / NPTv6 not working as expected
February 16, 2025, 03:01:34 PM
So here a little background:
My Opnsense is configured behind a FritzBox (doing PPPoE Passthrough). From my ISP I get a /56 prefix so plenty of room to delegate to VLANs.The Fritzbox is configured to assign IPv6 prefixes (IA_PD)
So far, the Opnsense gets prefix

Code Select
cat /tmp/pppoe0_prefixv6
2001:xxx:xxx:9300::/56
The LAN interfaces, which track the PPPoE interface, all get a /64 address assigned. Since I'm using many Android devices in my network, I configured the Route Advertisements to "Assisted" to have both DHCPv6 and SLAAC.
So far everything works as expected with the IPv6 connectivity (all IPv6 online tests pass)

Now here comes the rub. I'm also using Wireguard in dual stack. Since the ISP changes the prefix pretty often I decided to use ULA.
For the IPv6 server address I've assigned a additional ULA address, lets say fd00:1234:5678:10:1/64 and the clients starting with fd00:1234:5678:10:2/128
I've also configured NPTv6 for the ULA like this:

Code Select
Interface: PPPoE
Internal IPv6 Prefix (source): fd00:1234:5678:10::/64
External IPv6 Prefix (target): empty
Track interface: LAN

I can ping6 the Wireguard server interfaces as well as all internal IPv6 interfaces but the internet connectivity fails.

From the logs I can see the ipv6-icmp going from the WG1 to PPPoE interface but the source address is not correctly NAT-ed:

Code Select
PPPoE 2025-02-16T14:58:44 fd00:1234:5678::3 2001:4860:4860::8888 ipv6-icmp let out anything from firewall host itself
PPPoE 2025-02-16T14:58:44 fd00:1234:5678:10::3 2001:4860:4860::8888 ipv6-icmp binat rule
WG1 2025-02-16T14:58:44 fd00:1234:5678:10::3 2001:4860:4860::8888 ipv6-icmp WireGuard LAN Access

I recently upgraded to 25.1.1.

Is this issue known, or am I missing something in my configuration?

Thanks
Pages1