Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
IPv6 NPT and Policy routing issue.
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPv6 NPT and Policy routing issue. (Read 1676 times)
Napsterbater
Newbie
Posts: 33
Karma: 2
IPv6 NPT and Policy routing issue.
«
on:
March 22, 2022, 03:56:19 am »
Mullvad VPN using Wireguard. It has a Single IPv4 and IPv6.
I am using PBR to redirect a single IPv4 and a single IPv6 on the LAN out the Mullvad VPN, I am using Outbound NAt on IPv4 and NPt with a /128 for IPv6.
For IPv4 I also have port forwarding. IPv4 work perfectly fine, inbound and outbound connections are perfect.
IPv6 though, outbound is fine, outbound initiated connections has full 2way traffic.
Inbound is half fine, I can see the SYN make it to my server, the server replies SYN ACK, the SYN ACK hits the LAN of OPNsense, but the packet never makes it out the Mullvad interface.
But again, Outbound initiated traffic get through and NPt ed to the Mullvad Interface IPv6.
Where should I start looking, what can I provide to help track down the problem.
Edit: I did find this, which kinda fits what I am seeing, but there was no resolution.
https://forum.opnsense.org/index.php?topic=3076.msg9553#msg9553
«
Last Edit: March 22, 2022, 03:58:57 am by Napsterbater
»
Logged
jbattermann
Newbie
Posts: 24
Karma: 2
Re: IPv6 NPT and Policy routing issue.
«
Reply #1 on:
March 22, 2022, 07:25:34 pm »
I have no answer unfortunately, but, given that I -do- have PBR issues with IPv6... I got a bit curious and was wondering what you're doing / if it works. I try to do PBR for a very select few destination IPv6 networks over VPN and while IPv4 works perfectly, IPv6 does not. Did you by any chance specify a specific destination network and it DOES work for you, and if so, would you mind posting screenshots for the typical places to configure?
Thanks!
-Joerg
Logged
Napsterbater
Newbie
Posts: 33
Karma: 2
Re: IPv6 NPT and Policy routing issue.
«
Reply #2 on:
March 22, 2022, 10:26:46 pm »
I am using a rule on the LAN (2, one for v4 one for v6) to specify any traffic from a particular IP is forced over the Wireguard VPN Gateway. But I also have to NPt that /128 address as the VPN only has a single IPv6.
All outbound work fine, full 2way if the connection is initiated in the outbound direction, it is the Replies to Inbound traffic that get stuck on their way out (confusing I know heh)
Syn from Internet:
Internet Host -> VPN Public IP -> VPN ULA IP -(NPt)> OPNsense -> LAN Host (Makes it to the Lan Host OK)
Syn Ack back to Internet Host:
LAN Host -> OPNsense X (Is seen on the OPNsens LAN, never makes it out onto the VPN interface with ot without NPt applied)
Logged
Napsterbater
Newbie
Posts: 33
Karma: 2
Re: IPv6 NPT and Policy routing issue.
«
Reply #3 on:
March 30, 2022, 01:44:28 am »
Hoping someone has an idea. Or even so step to take to trouble shoot where the issue is exactly.
Logged
Napsterbater
Newbie
Posts: 33
Karma: 2
Re: IPv6 NPT and Policy routing issue.
«
Reply #4 on:
April 10, 2022, 11:34:03 pm »
Still hoping for something to try, or what information I need to gather to help troubleshoot the issue or anything like that.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
IPv6 NPT and Policy routing issue.