New build with Zen IPv6 not starting

Started by N0_Klu3, December 23, 2020, 03:30:21 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 23, 2020, 03:30:21 PM Last Edit: December 23, 2020, 03:36:20 PM by N0_Klu3
Hey all,
So I did a new OPNSense build yesterday, and its all setup nicely.
I use Zen and have IPv6 enabled. I have it setup using DHCP right now as no need for anything else.
If I restart OPNSense then dpinger for WAN_DHCP6 is down and dhcpd6.
I left it all night it never starts.
If I check https://ipv6-test.com/ IPv6 fails and isn't working even tho my devices get IPv6 local addresses.

As soon as I click start on those 2 services boom https://ipv6-test.com/ Starts to report as working right away...

Is there any reason why those services are not auto starting?

Also as a side note I don't think the IPv6 gateways work nicely/right.
So for instance on my LAN and WAN interfaces if I disable or turn off IPv6 so its set to none, there is still a IPv6 GW.
If I click delete on that gateway it says apply and never gets deleted.
Basically its always there even if I don't want to use it anymore, its kinda janky and buggy to remove.
I even tried once to remove the gateway from the config but it came right on back.
December 29, 2020, 11:41:20 AM #1
if you delete the gateway when using dhcp it will automatically re-create it, you need a gateway so Opnsense creates it. If you don't wish to use IPv6 then set  the IPv6 configuration type to none in the interfaces. If you do want to use IPv6 the best method is to use static addressing, and as Zen provide you with the ability to do so then take advantage of it, it's pretty easy to set up, instructions are here: https://docs.opnsense.org/manual/how-tos/IPv6_ZenUK.html?highlight=zen


There is, and always has been, an issue with dpinger sometimes failing to restart after a PPPoE flutter, this can be resolved by using Monit to watch the dpingers instances and restarting them if they go down.


If you need help just ask, I've been with Zen a long time now and most of those who use Zen on Opnsense use static addressing.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
April 03, 2021, 12:53:47 PM #2
Hi,

I am sorry for replying to an old thread but I am having trouble with IPV6 on Zen since upgrading to 21.1.4 yesterday. Everything was working fine before the upgrade and I initially (quite some considerable time ago) followed the instructions here

https://docs.opnsense.org/manual/how-tos/IPv6_ZenUK.html

and set it up using static assignments. It has been working fine for many months but since upgrading my LAN clients can no longer ping ipv6 addresses on the internet. The opnsense box can ping ipv6 addresses fine and the LAN clients can ping each other via their ipv6 addresses. However when LAN clients ping ipv6 external addresses they get "Destination unreachable: Address unreachable".

I backed up the config and tried to follow the instructions again using DHCP instead of static assignments. When I do that and reboot I don't seem to get any ipv6 address on the WAN interface. I'm obviously doing something wrong but not sure what. I've been going around in circles for half a day so thought it might be quicker to sign up for an account here and ask the experts. I have reverted to the original config as the DHCP instructions don't give me any ipv6 addresses on any interface. Feel free to move this post if it is in the wrong place.

Thanks in advance.
April 03, 2021, 12:58:08 PM #3
OK, first off, can you ping 2001:4860:4860::8844 from Opnsense itself, using both the LAN and the WAN interfaces in Interfaces: Diagnostics: Ping?
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
April 03, 2021, 01:12:55 PM #4
From the WAN, yes

# /sbin/ping6 -c '3' '2001:4860:4860::8844'
PING6(56=40+8+8 bytes) 2a02:8011:d000:5cf::1 --> 2001:4860:4860::8844
16 bytes from 2a02:8011:d000:5cf::1, icmp_seq=0 hlim=64 time=0.088 ms
16 bytes from 2a02:8011:d000:5cf::1, icmp_seq=1 hlim=64 time=0.094 ms
16 bytes from 2a02:8011:d000:5cf::1, icmp_seq=2 hlim=64 time=0.067 ms

--- 2001:4860:4860::8844 ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.067/0.083/0.094/0.012 ms

From the LAN no
# /sbin/ping6 -S '2a02:8010:65dd:1:1:1:1:1' -c '3' '2001:4860:4860::8844'
PING6(56=40+8+8 bytes) 2a02:8010:65dd:1:1:1:1:1 --> 2001:4860:4860::8844
ping6: wrote 2001:4860:4860::8844 16 chars, ret=-1
ping6: wrote 2001:4860:4860::8844 16 chars, ret=-1
ping6: wrote 2001:4860:4860::8844 16 chars, ret=-1

--- 2001:4860:4860::8844 ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
ping6: sendmsg: Network is down
ping6: sendmsg: Network is down
ping6: sendmsg: Network is down

Thank you for replying. Your help is much appreciated.
April 03, 2021, 03:06:28 PM #5
Is the gateway showing online? Should be, but just checking.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
April 03, 2021, 03:41:21 PM #6
Yes, the gateway shows as online. I have a monitor ipv6 address set and it is showing green. The problem seems to be just with the LAN clients, but looking on one of them I can see the ipv6 gateway is set (seems to be the link local address). From this client machine I can ping the LAN ipv6 address and the WAN ipv6 address but can't ping anything on the internet.
April 04, 2021, 12:51:38 AM #7
Sorry to not get back to you earlier, been having an issue of my own. After going through all my switches and reconfiguring my router and generally pulling my hair out my issues were down to the Sky boxes which had been updated and Sky had switched the wifi on them back on, that caused massive loop backs all over the place... Thanks Sky, wasted hours on that as it was the last thing I expected.


Anyway, back to your issues. Statics work really well so let's just go through what's on my system and you should just need to adjust to your addresses and all should be good.


WAN first.




Now LAN, again static, just one of my LANs,


I will not post the dhcp6 server settings, but as long as your clients are getting a GUA address and it falls within the /64 range on your LAN that's good.
Again Router advertisements should be OK as they pretty much sort themselves out.
I'm beginning to think it could be firewall rules.


PM me and I'll try and give you some direct help.





OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
April 04, 2021, 11:11:20 AM #8
Thanks a lot marjohn, I dropped you a PM.
April 06, 2021, 12:40:33 PM #9
Just to close the loop on this, my problems were nothing to do with opnsense or the upgrade, but rather an issue on the Zen side meaning my routers dhcp6 requests were being rejected. This has now been sorted and I'm all working again.

I'd consider myself fairly experienced networking wise, but confess I find ipv6 a bit of a black art! I would like to publicly thank marjohn56 for helping out with the fault finding. You sir are a gentleman.
April 06, 2021, 01:31:06 PM #10
It was slightly off the normal dhcp6c stuff though as statics ( when set ) were also not working on the LAN side. The PPPoE session was rejecting the IPv6 link request, which meant there was no RS/RA for link local. The odd thing though was that a static V6 address set on the WAN was able to ping a GUA address and the gateway monitor worked as the target was a GUA address.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
Print
Go Up Pages1
User actions