Show Posts
1
23.7 Legacy Series / IPv6 Routing not working
« on: August 09, 2023, 10:37:24 am »
Hi there,
I am trying to configure the IPv6 subnet I got from my ISP, but I cannot get connectivity between devices on the LAN and anything outside my firewall. I have tried solutions found on the forums but nothing seems to work.
Here's what I got from the ISP:
Subnet: xxxx:xxxx:xxxx:d200::
Prefix: /56
Gateway/Router address: xxxx:xxxx:xxxx:d200::1
I am from Germany and the ISP is 1&1 Versatel, if it matters.
What I have configured on my OpnSense:
WAN: Static IPv6 xxxx:xxxx:xxxx:d200::2/64 with upstream gateway xxxx:xxxx:xxxx:d200::1
LAN: Static IPv6 xxxx:xxxx:xxxx:d201::1/64
- IPv6 is allowed in Firewall / Settings / Advanced
- ICMPv6 on WAN and LAN is allowed (in case of ndp)
- IPv6 outbound on WAN and LAN allowed
As this is a production network, I cannot enable DHCPv6 and RA without confirming that connectivity is working. I gave my client xxxx:xxxx:xxxx:d201::2/64 with a gateway of xxxx:xxxx:xxxx:d201::1. I can ping xxxx:xxxx:xxxx:d201::1 and xxxx:xxxx:xxxx:d200::2, but I cannot reach the ISP's gateway of xxxx:xxxx:xxxx:d200::1 or other external IPs.
From the firewall itself I can reach external IPv6's and the ISPs Gateway. From outside, only xxxx:xxxx:xxxx:d200::2 is pingable.
Is this a configuration problem or do I need to contact my ISP? In the beginning we had problems with IPv4 not routing correctly, but this has been fixed.
I am trying to configure the IPv6 subnet I got from my ISP, but I cannot get connectivity between devices on the LAN and anything outside my firewall. I have tried solutions found on the forums but nothing seems to work.
Here's what I got from the ISP:
Subnet: xxxx:xxxx:xxxx:d200::
Prefix: /56
Gateway/Router address: xxxx:xxxx:xxxx:d200::1
I am from Germany and the ISP is 1&1 Versatel, if it matters.
What I have configured on my OpnSense:
WAN: Static IPv6 xxxx:xxxx:xxxx:d200::2/64 with upstream gateway xxxx:xxxx:xxxx:d200::1
LAN: Static IPv6 xxxx:xxxx:xxxx:d201::1/64
- IPv6 is allowed in Firewall / Settings / Advanced
- ICMPv6 on WAN and LAN is allowed (in case of ndp)
- IPv6 outbound on WAN and LAN allowed
As this is a production network, I cannot enable DHCPv6 and RA without confirming that connectivity is working. I gave my client xxxx:xxxx:xxxx:d201::2/64 with a gateway of xxxx:xxxx:xxxx:d201::1. I can ping xxxx:xxxx:xxxx:d201::1 and xxxx:xxxx:xxxx:d200::2, but I cannot reach the ISP's gateway of xxxx:xxxx:xxxx:d200::1 or other external IPs.
From the firewall itself I can reach external IPv6's and the ISPs Gateway. From outside, only xxxx:xxxx:xxxx:d200::2 is pingable.
Is this a configuration problem or do I need to contact my ISP? In the beginning we had problems with IPv4 not routing correctly, but this has been fixed.