Topics

1

19.1 Legacy Series / IPv6 ping fails on LAN

« on: May 07, 2019, 09:34:50 pm »

Hi,

I am new to both OPNsense and IPv6, so this might be a silly question/problem.

I have an ISP that supports IPv6 (in Sweden). I have a brand new installation of OPNsense (19.1.7). I have selected DHCPv6 as configuration for my WAN and there I have selected:

• Send IPv6 prefix hint
• SOLICIT
• Prevent Release

I can now see in my Dashboard that I get an 2001:<lots of hex>:2d16 address for my WAN. So far I think I'm good. I can also go to the Console in OPNsense and ping 'ipv6.google.com' successfully.

Now the trouble starts... Only way I managed to enable the DHCPv6 service for my LAN was to set a static IP for the LAN nic. So I took the next one 2001:<lots of hex>:2d17. Now the DHCPv6 service was enabled and prefilled with "Available range". So I set the range from 2001:<lots of hex>:2d20 to 2001:<lots of hex>:2dff just to test. I still did not get an IPv6 address for any of my computers on the LAN, but searching this forum I found a post stating that I needed "Router Advertisment" enabled. Enabled it with:

• Managed
• Normal
• Advertise Default Gateway

and suddenly all my computers had IPv6 addresses! Yay!

So, next step was to test connectivity:

• Tried "ping6 ipv6.google.com" from LAN computer. Nothing. Why?
• Tried pinging within the LAN, works!
• Tried pinging the LAN interface on the firewall, works!
• Tried pinging the WAN interface on the firewall, failed.
• Started the console in OpnSense again. Ping from Default, works.
• Ping from WAN, works.
• Ping from LAN, fails!

I'm stumped. I have been searching for what I'm doing wrong for hours now and I got nothing... The best suggestion I could find was that the firewall somehow blocks it even though the rules indicated it should not. But looking in the firewall logs I only get "PASS" for the ICMP pings going to the firewall, but no one is answering...
Any help is appreciated!