IPv6 working properly???

Started by opns-sc0, January 30, 2022, 12:12:47 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
February 08, 2022, 07:51:46 AM #15 Last Edit: February 08, 2022, 01:16:23 PM by zneaks
@franco, I have no static routes with IPv6, it's the default setup. I have RA in Assisted mode, DHCPv6 enabled on the WAN interface.

I can't ping the link local address from either side, WAN -> LAN, LAN -> WAN, but I can ping link local from LAN interface to a client in that LAN.

I can't ping any other public IPv6 addresses from the public IPv6 address on the LAN interface.

I tried what @cardinal said, but it still doesn't work, I removed my DNS domain from the RA settings, unticked everything and still failing

EDIT:

I can't explain this at all, I tried rebuilding a brand new VM with same NIC etc, started from scratch, and IPv6 wasn't working initially. After a reboot it started working from my client devices. I restored my old settings, and IPv6 wasn't working from client devices again.

I rebuild the VM again, played around with it some more, and I once again had IPv6 on the client devices, through DHCPv6, NOT RA, and was able to ping Google through IPv6.

I compared the config file of the working IPv6 and non working IPv6, and found no discernable differences.

I then found a very strange issue, where if I disabled "Request only an IPv6 prefix", while pinging from a client device, I was able to then ping an IPv6 address for 2 seconds before it eventually started failing again.

PING: transmit failed. General failure.
PING: transmit failed. General failure.
Reply from 2404:6800:4006:814::2004: time=14ms
Reply from 2404:6800:4006:814::2004: time=15ms
Request timed out.
Request timed out.

Hopefully relevant logs:

<28>1 2022-02-08T20:01:30 opnsense.local radvd 61512 - [meta sequenceId="5"] prefix length should be 64 for vmx0
<30>1 2022-02-08T20:01:30 opnsense.local radvd 61512 - [meta sequenceId="6"] removing /var/run/radvd.pid
<30>1 2022-02-08T20:01:30 opnsense.local radvd 61512 - [meta sequenceId="7"] returning from radvd main
<30>1 2022-02-08T20:01:35 opnsense.local radvd 61974 - [meta sequenceId="8"] version 2.19 started
<28>1 2022-02-08T20:01:35 opnsense.local radvd 62486 - [meta sequenceId="9"] prefix length should be 64 for vmx0
<28>1 2022-02-08T20:01:35 opnsense.local radvd 62486 - [meta sequenceId="10"] prefix length should be 64 for vmx0
<28>1 2022-02-08T20:01:37 opnsense.local radvd 62486 - [meta sequenceId="11"] exiting, 1 sigterm(s) received
<30>1 2022-02-08T20:01:37 opnsense.local radvd 62486 - [meta sequenceId="12"] sending stop adverts
<28>1 2022-02-08T20:01:37 opnsense.local radvd 62486 - [meta sequenceId="13"] prefix length should be 64 for vmx0
<30>1 2022-02-08T20:01:37 opnsense.local radvd 62486 - [meta sequenceId="14"] removing /var/run/radvd.pid
<30>1 2022-02-08T20:01:37 opnsense.local radvd 62486 - [meta sequenceId="15"] returning from radvd main
<30>1 2022-02-08T20:01:37 opnsense.local radvd 84614 - [meta sequenceId="16"] version 2.19 started

cannot forward src fe80:1::11ae:5d59:abdd:d43f, dst xxxx:6800:4015:801::xxxx, nxt 58, rcvif vmx0, outif igb0
cannot forward src fe80:1::aef1:8ff:fe58:13bc, dst xxxx:108:700f::341a:34e2, nxt 6, rcvif vmx0, outif igb0
cannot forward src fe80:1::aef1:8ff:fe58:13bc, dst xxxx:108:700f::2ce6:119c, nxt 6, rcvif vmx0, outif igb0
cannot forward src fe80:1::11ae:5d59:abdd:d43f, dst xxxx:3fc0:1:104::670a:7d12, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:19f0:5801:1daa:5400:1ff:fe95:cf80, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:4700:f1::1, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::86b:b72c:d5a4:3beb, dst xxxx:8006:3510:7085::1c50, nxt 6, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:9400:4:0:216:3eff:fee2:1a8b, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::11ae:5d59:abdd:d43f, dst xxxx:3fc0:1:104::670a:7d13, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:4700:f1::1, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:9400:4:0:216:3eff:fee2:1a8b, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:4700:f1::1, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::250:56ff:feb5:247c, dst xxxx:bc80:3010:600:dead:beef:cafe:feda, nxt 6, rcvif vmx0, outif igb0
cannot forward src fe80:1::d0a8:136a:8213:cc4b, dst xxxx:1380:1001:6c00::1, nxt 6, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:9400:4:0:216:3eff:fee2:1a8b, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:4178:5:200::10, nxt 6, rcvif vmx0, outif igb0
cannot forward src fe80:1::11ae:5d59:abdd:d43f, dst xxxx:3fc0:1:103::670a:7d03, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::86b:b72c:d5a4:3beb, dst xxxx:8003:5448:7600:250:56ff:feae:7fa8, nxt 17, rcvif vmx0, outif igb0
cannot forward src fe80:1::86b:b72c:d5a4:3beb, dst xxxx:8003:5448:7600:250:56ff:feae:7fa8, nxt 58, rcvif vmx0, outif igb0
cannot forward src fe80:1::30ee:db83:ec1b:3214, dst xxxx:9400:4:0:216:3eff:fee2:1a8b, nxt 17, rcvif vmx0, outif igb0

I've given up with IPv6 for now, hopefully it gets fixed in 22.2
February 08, 2022, 09:39:08 PM #16
I also have found since updating to 22.1 that RA would not start.
After much messing and many reboots, I removed the DNS servers entries I had in all the interfaces on RA and rebooted and it started working.
I then put them back again (to the DNS servers I wanted in there) and rebooted again.

Now it SEEMS to be back to normal.... in that RA starts on boot up and the problem has gone.... I think....

Chris
February 13, 2022, 04:52:03 PM #17
Quote from: fgsfdgfds on February 08, 2022, 09:39:08 PM
I also have found since updating to 22.1 that RA would not start.
After much messing and many reboots, I removed the DNS servers entries I had in all the interfaces on RA and rebooted and it started working.
I then put them back again (to the DNS servers I wanted in there) and rebooted again.

Now it SEEMS to be back to normal.... in that RA starts on boot up and the problem has gone.... I think....

Chris

I am having the same issue. RA, what is this and where is it in GUI?
February 15, 2022, 11:56:44 AM #18
After the upgrade, I basically did not notice any problems with IPv6 for the time being.
My provider has assigned me a fixed 56 prefix. The WAN interface is set to DHCP and the LAN interfaces to track interface with manual configuration.
DHCPv6 is active and works. Additionally, router advertisements (assisted mode) are enabled.
Since the changeover, I noticed that some clients irregularly lost their IPv6 address and the assigned IPv6 DNS server after some time.

I was able to fix the problem by setting the following settings:

  • AdvDefaultLifetime: 9000
  • AdvPreferredLifetime: 7200
  • AdvRDNSSLifetime: 1800
  • AdvDNSSLLifetime: 1800
  • AdvRouteLifetime: 1800
February 17, 2022, 01:36:35 AM #19
Quote from: fgsfdgfds on February 08, 2022, 09:39:08 PM
I also have found since updating to 22.1 that RA would not start.
After much messing and many reboots, I removed the DNS servers entries I had in all the interfaces on RA and rebooted and it started working.
I then put them back again (to the DNS servers I wanted in there) and rebooted again.

Now it SEEMS to be back to normal.... in that RA starts on boot up and the problem has gone.... I think....

Chris

I just upgraded 2 system from 21.7.7 through to 22.1.1_1.

The RA service was stopped and refused to start, I went though and clicked save on each interfaces config page with no changes in the RA service and it came back up.
February 18, 2022, 05:57:50 AM #20
Hi, just wanted to share what I did to fix, my situation is that my RA did not start, I have multiple interfaces and multiple Vlans on one interface, I enabled promiscuous mode on the single interface, did not fix it, went to every interface page, and saved - Apply, did not fix, unchecked "Use the DNS settings of the DHCPv6 server" in RA setting fixed it immediately after saving, the service started by it self, I checked the box back and the service still up, I rebooted to make sure it is working after the reboot and yes it is working.

Thank you to all the developers for the great product and for keeping the M0N0wall legacy alive  :D 8).
February 23, 2022, 07:00:52 PM #21
Was going to start a similar sounding thread but will post here. I should do otherwise, please let me know.

I was going to title mine:
Trying to get IPv6 working, can't find Services > Router Advertisement

I have my LAN (/64) and WAN (/56) set to dhcpv6, set Send IPv6 prefix hint & not set Use IPv4 connectivity (Xfinity). The WAN gets a /128 IPv6 address but that's it. Nothing on the LAN or the OPT1 interface (not important).

I've seen several message that suggest changing settings under Service > Router Advertisements but I don't have the menu option.

Versions   OPNsense 22.1.1_3-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021

CPU type   Intel(R) Xeon(R) CPU E3-1270 v3 @ 3.50GHz (4 cores, 8 threads)

My IPv4 is still working so I'm not in a rush but I'll help out if I can.

Thanks
February 24, 2022, 02:16:31 AM #22
Quote from: linuxha on February 23, 2022, 07:00:52 PM
Was going to start a similar sounding thread but will post here. I should do otherwise, please let me know.

I was going to title mine:
Trying to get IPv6 working, can't find Services > Router Advertisement

I have my LAN (/64) and WAN (/56) set to dhcpv6, set Send IPv6 prefix hint & not set Use IPv4 connectivity (Xfinity). The WAN gets a /128 IPv6 address but that's it. Nothing on the LAN or the OPT1 interface (not important).

I've seen several message that suggest changing settings under Service > Router Advertisements but I don't have the menu option.

Versions   OPNsense 22.1.1_3-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021

CPU type   Intel(R) Xeon(R) CPU E3-1270 v3 @ 3.50GHz (4 cores, 8 threads)

My IPv4 is still working so I'm not in a rush but I'll help out if I can.

Thanks


You need to tick "Allow manual adjustment of DHCPv6 and Router Advertisements" in the LAN interface option to see Router Advertisements.

I've never had an issue with the Router Advertisement service being online, it's always been online for me. My devices receive an IPv6 address, but just can't use it.
February 24, 2022, 04:23:24 AM #23
Quote from: zneaks on February 24, 2022, 02:16:31 AM
Quote from: linuxha on February 23, 2022, 07:00:52 PM
....
I've seen several message that suggest changing settings under Service > Router Advertisements but I don't have the menu option.
...


You need to tick "Allow manual adjustment of DHCPv6 and Router Advertisements" in the LAN interface option to see Router Advertisements.
...
I do not have that option  on the Interface > LAN page
February 24, 2022, 07:30:57 AM #24
Probably because you have configured DHCPv6 for LAN

Is OPNsense sitting behind an ISP router? Possible that the ISP router is pinching the prefix
February 24, 2022, 07:42:29 AM #25
Quote from: Greelan on February 24, 2022, 07:30:57 AM
Probably because you have configured DHCPv6 for LAN

Is OPNsense sitting behind an ISP router? Possible that the ISP router is pinching the prefix

I don't think so, I had IPv6 working with pfsense. My cable modem's routing and WiFi are disabled. I switched to get support for a Realtek NBaseT card that pfsense won't support.

Now it is possible that I have Opnsense setup incorrectly. The current version is a bit different than the GUI dicussed on most of the search responses.
February 24, 2022, 07:54:21 AM #26
IPv6 varies a lot between ISPs

In my case I use Track Interface for LAN, to track the WAN

I get a /48 prefix and allocate a /64 to each internal network
Print
Go Up Pages 1 2
User actions