Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Firewall VM not accessible via IPv6 on Hetzner
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall VM not accessible via IPv6 on Hetzner (Read 3008 times)
simonszu
Newbie
Posts: 17
Karma: 1
Firewall VM not accessible via IPv6 on Hetzner
«
on:
August 06, 2019, 09:25:12 am »
Hi,
i have a problem with setting up the network on one of my servers, located at Hetzner. I want to have a OPNsense VM as a firewall for the other VMs and LXC containers. There is a HAproxy running on this firewall VM as well, and i have made the web frontend reachable from WAN side for easier config.
For setting up IPv4 i have followed
https://pratt.is/hetzner-und-proxmox-pfsense-als-gateway/
- this works quite reliable. This is the complete config of the interfaces on the hypervisor:
https://pastebin.com/xjcSUYpU
For IPv6 config i tried Dominic Pratt's way as well, but without success. Currently i have a static IPv6 on my WAN interface, it has the first IP from the /64 subnet Hetzner gave me. On the LAN end i took another IP from this subnet, and set the interface to /64 for SLAAC. As a result, the VMs get a v6 IP and can reach the internet via IPv6.
On the other side i have a problem. Of course i have set up an AAAA-Record in the DNS to access the firwall. I have also set up some firewall rules so that one can connect to the HAproxy. The proxy itself binds to the address i have set up on WAN side. Now the problem:
I can ping the firewall via its AAAA record perfectly well from the internet. However, it is not accessible via IPv6 at all, except the pings. Neither the web frontend, nor the HAproxy. The access from the LAN side works fine.
What is strange: The firewall has an Accept-rule for IPv6 traffic from the WAN side. I can see the connection attempts in the firewall log, they are marked as "Pass". However, i do not see any connection attempts in the HAproxy log. The web frontend isn't accessible either.
Where is my error? Has my interface config a mistake somewhere?
I think it isn't HAproxy's fault, it is reachable from the inside (via its WAN IP, though).
It isn't the firewall's fault. It logs the connection as "pass".
It cannot be due to missing IP forwarding in the hypervisor's kernel, since the VMs can communicate with the internet via IPv6. Strangely they were able to do so as well, when i had forgotten to activate net.ipv6.conf.all.forwarding in sysctl.
For information: I am using proxmox 6, the LXC containers are a fresh install from a Debian 10 template.
Maybe someone has an idea.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Firewall VM not accessible via IPv6 on Hetzner