Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
[SOLVED] Weird issue with icmpv6 initiated from internet+he.net tunnel
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Weird issue with icmpv6 initiated from internet+he.net tunnel (Read 2753 times)
5SpeedFun
Full Member
Posts: 119
Karma: 7
[SOLVED] Weird issue with icmpv6 initiated from internet+he.net tunnel
«
on:
April 16, 2022, 11:54:47 pm »
Hello,
I have a WAN interface as well as an HE.NET gif tunnel that runs over the wan interface.
If I ping from lan -> outbound, ipv6 (using he.net address from lan), it works fine & I get a reply.
For inbound traffic coming across he.net, I have a rule that allows ipv6 icmp6 an/any. If an outside (internet) host tries to ping somethig in my he.net /48, I see the packet come in, it gets routed correctly, but the reply uses the wan interface, not the he.net tunnel
For the inbound rule on he.net interface, I've tried:
reply-to: default, reply-to (he.net gateway)
Neither worked.
Anyone have ideas?
«
Last Edit: April 22, 2022, 04:02:44 pm by 5SpeedFun
»
Logged
5SpeedFun
Full Member
Posts: 119
Karma: 7
Re: Weird issue with icmpv6 initiated from internet+he.net tunnel
«
Reply #1 on:
April 20, 2022, 01:36:08 pm »
To be a little more clear:
The he.net tunnel is over the same interface the replie actually goes. While the iintial ping comes in the outside (static ipv4) interface inside the he.net tunnel and makes it to my ipv6 host, the return packet (my host replying) goes over the same physical interface but doesnt' use the he.net tunnel (gif interface) that sits on that physical interface. Bug or something misconfigured?
Strangely, traffic originating from my lan side using icmpv6 (ping) to outside hosts works fine and is routed correctly.
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1611
Re: Weird issue with icmpv6 initiated from internet+he.net tunnel
«
Reply #2 on:
April 20, 2022, 04:24:47 pm »
Usual suspects are either toggling "Disable force gateway" or "Shared forwarding" settings on Firewall: Settings: Advanced. Does that change the outcome?
Cheers,
Franco
Logged
5SpeedFun
Full Member
Posts: 119
Karma: 7
Re: Weird issue with icmpv6 initiated from internet+he.net tunnel
«
Reply #3 on:
April 20, 2022, 06:40:42 pm »
Thanks for the suggestion.
Currently "shared forwarding" is checked. Edit: Disabling this did not fix the issue.
Disable force gateway is unchecked. Edit: I checked this box, and saved & still didn't fix it.
I'm wondering what toggling one of these globals may break.
Is there anything else I shoud look at to narrow down the problem?
Also: FWIW I have "disable reply-to" checked from a long time ago. (
https://forum.opnsense.org/index.php?topic=15900.msg78593#msg78593
)
«
Last Edit: April 20, 2022, 06:56:53 pm by 5SpeedFun
»
Logged
5SpeedFun
Full Member
Posts: 119
Karma: 7
Re: Weird issue with icmpv6 initiated from internet+he.net tunnel
«
Reply #4 on:
April 22, 2022, 04:02:28 pm »
I solved this. There was a logic error in the rules on my side. I didn't create the rule I thought I created
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1611
Re: [SOLVED] Weird issue with icmpv6 initiated from internet+he.net tunnel
«
Reply #5 on:
April 25, 2022, 02:48:06 pm »
Ah, happy to hear you got it to work
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
[SOLVED] Weird issue with icmpv6 initiated from internet+he.net tunnel
