standard setup, no route on IPv6

Started by LoneGumMan, July 03, 2022, 09:03:52 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 03, 2022, 09:03:52 AM Last Edit: July 03, 2022, 11:00:39 AM by LoneGumMan
I am new to OPNSense.  Running the setup with two NICs for WAN and LAN.

IPv6 did work previously (test-ipv6.com passes, as did ipv6test.google.com) when the network was on a Mikrotik router with pretty much OOTB setup, so I know the ISP side is not an issue.

edit: this is a home setup, no VLAN, just beefier hardware to consolidate other server-like duties on one box.

The setup:
* IPv4 is DHCP on WAN side, typical setup
* ISP supports IPv6 with both SLAAC and DHCPv6. both gives a valid /64 prefix, and I am using SLAAC. LAN side tracks the WAN interface.
* "Allow manual adjustment of DHCPv6 and Router Advertisements" is unchecked in the LAN interface.
* System DNS (system-> settings -> general) is using Google and Cloudflare public DNS (1.1.1.1/8.8.8.8/2001:4860:4860::8888/2606:4700:4700::1111)
* Unbound for DNS, set to use system DNS ("Use System Nameservers" in query forwarding), I can resolve AAAA records if I point nslookup to the router's port 53

What's working:
* IPv4 front to back; DHCP on the LAN side, no problem
* ALL clients, windows, linux and android phones, can all setup a GUA with the correct prefix.

Problem:
* Clients seemingly don't have a route on IPv6.

Other than setting system DNS and changing unbound, I pretty much have a bog standard setup. Not sure what else I need to do. Any advice is welcomed.

Below is radvdump output on opnsense. "igc1" is the LAN inteface
Code Select
root@OPNsense:~ # radvdump
#
# radvd configuration generated by radvdump 2.19
# based on Router Advertisement from fe80::62be:b4ff:fe03:9cf3 <-- the LAN interface
# received by interface igc1
#

interface igc1
{
        AdvSendAdvert on;
        # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
        AdvManagedFlag on;
        AdvOtherConfigFlag on;
        AdvReachableTime 0;
        AdvRetransTimer 0;
        AdvCurHopLimit 64;
        AdvDefaultLifetime 1800;
        AdvHomeAgentFlag off;
        AdvDefaultPreference medium;
        AdvLinkMTU 1500;
        AdvSourceLLAddress on;

        prefix 2404:c800:dead:beef::/64
        {
                AdvValidLifetime 86400;
                AdvPreferredLifetime 14400;
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        }; # End of prefix definition


        DNSSL myhome
        {
                AdvDNSSLLifetime 600;
        }; # End of DNSSL definition

}; # End of interface definition

And here is my windows "ipconfig /all"; the address ending "fe0c:9cf3" is the LAN interface on the router.
Code Select
Ethernet adapter vEthernet (Virtual Switch Wifi):

   Connection-specific DNS Suffix  . : myhome
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : 9C-B6-D0-8F-E4-81
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2404:c800:dead:beef:8494:910:1e7:7485(Preferred)
   Link-local IPv6 Address . . . . . : fe80::8494:910:1e7:7485%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.20.101(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, July 3, 2022 2:21:02 PM
   Lease Expires . . . . . . . . . . : Sunday, July 3, 2022 2:55:26 PM
   Default Gateway . . . . . . . . . : fe80::62be:b4ff:fe03:9cf3%11
                                       192.168.20.1
   DHCP Server . . . . . . . . . . . : 192.168.20.1
   DHCPv6 IAID . . . . . . . . . . . : 949794512
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-79-51-59-9C-B6-D0-8F-E4-81
   DNS Servers . . . . . . . . . . . : 2404:c800:dead:beef:62be:b4ff:fe03:9cf3
                                       192.168.20.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       myhome

And the adapter is on a "private" network, so there should not be too much windows firewall shenanigans.
July 03, 2022, 03:34:14 PM #1
what happens if you try setting dhcpv6 to dhcpv6 and set router advertisements to assisted.


July 03, 2022, 05:35:42 PM #2
Quote from: walkerx on July 03, 2022, 03:34:14 PM
what happens if you try setting dhcpv6 to dhcpv6 and set router advertisements to assisted.
Yea, tried that too before posting here, but things get a bit weird. Hence I went with SLAAC.

Changing WAN to DHCPv6
* WAN DHCPv6 with the option "Send IPv6 prefix hint" checked (this gives me more consistent behavior)
* LAN DHCPv6 adding the LAN interface's link local address as DNS does not do anything; windows gets a 2404 address for DNS server, probably my ISP's
* RA set to "assisted", and adding my LAN link local address gets it to publish my local DNS server in RA, but windows still gets the same 2404 DNS address for some magical reason.

The whole DHCP delegate thing is still new to me, so I am not sure if I am reading this right.

Several observations:
* WAN side looks fine, still get the same /64 prefix
* LAN side, RA is publishing a /56 prefix of a slightly different prefix; I thought it'd use the same prefix as the WAN interface?
* Windows does not seem to get a GUA at all, and the DNS server address is, for some reason, not in my address range. I am guessing it's from the ISP, but I have my LAN link-local address added to both DHCPv6 and RA already.

I don't have the time to do a tcpdump yet to capture the DHCP messages, nor am I that proficient to be frank

Below are the radvdump.

From WAN side
Code Select
interface igc0
{
        AdvSendAdvert on;
        # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
        AdvManagedFlag off;
        AdvOtherConfigFlag on;
        AdvReachableTime 0;
        AdvRetransTimer 0;
        AdvCurHopLimit 0;
        AdvDefaultLifetime 1800;
        AdvHomeAgentFlag off;
        AdvDefaultPreference medium;
        AdvSourceLLAddress on;
        AdvLinkMTU 1500;

        prefix 2404:c800:dead:beef::/64
        {
                AdvValidLifetime 1800;
                AdvPreferredLifetime 1800;
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        }; # End of prefix definition

}; # End of interface definition

And from my LAN
Code Select
interface igc1
{
        AdvSendAdvert on;
        # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
        AdvManagedFlag on;
        AdvOtherConfigFlag on;
        AdvReachableTime 0;
        AdvRetransTimer 0;
        AdvCurHopLimit 64;
        AdvDefaultLifetime 1800;
        AdvHomeAgentFlag off;
        AdvDefaultPreference high;
        AdvLinkMTU 1500;
        AdvSourceLLAddress on;

        prefix 2404:c805:1bad:ba00::/56
        {
                AdvValidLifetime 86400;
                AdvPreferredLifetime 14400;
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        }; # End of prefix definition


        RDNSS fe80::62be:b4ff:fe03:9cf3
        {
                AdvRDNSSLifetime 600;
        }; # End of RDNSS definition


        DNSSL myhome
        {
                AdvDNSSLLifetime 600;
        }; # End of DNSSL definition

}; # End of interface definition


WIndows "ipconfig /all"
Code Select
Ethernet adapter vEthernet (Virtual Switch):

   Connection-specific DNS Suffix  . : myhome
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : 00-E0-4C-A1-C9-D9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8b6:e9f5:6fc5:5fab%34(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.20.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, July 3, 2022 10:53:38 PM
   Lease Expires . . . . . . . . . . : Sunday, July 3, 2022 11:05:54 PM
   Default Gateway . . . . . . . . . : fe80::62be:b4ff:fe03:9cf3%34
                                       192.168.20.1
   DHCP Server . . . . . . . . . . . : 192.168.20.1
   DHCPv6 IAID . . . . . . . . . . . : 570482764
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-79-51-59-9C-B6-D0-8F-E4-81
   DNS Servers . . . . . . . . . . . : 2404:c800:dead:babe:62be:b4ff:fe03:9cf3
                                       192.168.20.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       myhome
July 03, 2022, 05:58:35 PM #3
Who is the isp?
July 03, 2022, 09:55:47 PM #4
Quote from: agh1701 on July 03, 2022, 05:58:35 PM
Who is the isp?
it is not Charter/Spectrum.  ;)
July 05, 2022, 06:02:42 PM #5
Going back to SLAAC on the WAN side, a bit of new observation that didn't jump out before.

If I uncheck the "Allow manual adjustment of DHCPv6 and Router Advertisements" on the LAN interface, then RA publishes the expected /64 prefix , but there is no RDNSS, so there is no DNS for IPv6 for Windows to pick up.

If I set "Allow manual adjustment of DHCPv6 and Router Advertisements", and go and reload all config, then RA publishes RDNSS, but there is no prefix if I use stateless / assisted mode.

Something is always missing, and if I go DHCPv6, then RA publishes both, but Windows does not seem to pick up a path.

There's always something missing  :-\
Print
Go Up Pages1
User actions