Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
IPv6 RA issue
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPv6 RA issue (Read 820 times)
dMopp
Newbie
Posts: 49
Karma: 1
IPv6 RA issue
«
on:
September 13, 2023, 01:58:02 am »
Hi, iam struggeling since two days now with the following issue:
I have Two RAs in one of my networks (and only there as far as i can see).
First:
RA is assigning the Gateway (fe80::fc7c:e7ff:fee0:d96c, the gateway for my WIREDCLIENTS Interface) and everything works fine. I can reach internal and external IPv6 adresses
After some time:
fe80::505c:56ff:feb0:824 is reaching the Client, which is the gateway addr from my LAN Interface. From that point on, i can only reach external IPv6 adresses.
I have absolute NO idea, why this is happening. In the other networks, i cant observe the issue. On my SERVERS network, i only see the one route. On my WPA3 network, i only see the WPA3 Gateway.
It looks like some bug, because the firewall rules are floatet (and therefore the same) + the whitelisting the other networks, which are even the same except that the WPA3 is whitelisting WIRED and vice versa
Looks like a bug.
BTW: Can i assign a CUSTOM IPv6 Gateway over RA/DHCPv6?
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1622
Karma: 178
Re: IPv6 RA issue
«
Reply #1 on:
September 13, 2023, 06:22:11 am »
To the custom IPv6 Gateway over RA:
Create a Virtual IP - IP Alias on each internal interface (for example fe80::1/64, fe80::2/64 ...).
If you use track interface for IPv6 enable "Manual configuration" "Allow manual adjustment of DHCPv6 and Router Advertisements" on each local interface.
Then go to Services: Router Advertisements and on each internal interface choose "Source Address" fe80::1 etc... and set Router Advertisement to Stateless, and Advertise Default Gateway enabled.
So far I only tried it with CARP Vips but I think it should work with normal IP Alias too.
«
Last Edit: September 13, 2023, 06:27:29 am by Monviech
»
Logged
Hardware:
DEC740
dMopp
Newbie
Posts: 49
Karma: 1
Re: IPv6 RA issue
«
Reply #2 on:
September 13, 2023, 08:01:37 am »
Sadly it doesnt work with IP Aliases, i cant select nothing else then automatic. (Even with CARP... nothing to select there)
Anyway the main issue is still the wrong advertised RA on the Interface. This breaks the entire network.
I DONT have this issue on all the other Interfaces/Networks, only on the wired one.. i dont understand that at all!
«
Last Edit: September 13, 2023, 08:37:52 am by dMopp
»
Logged
dMopp
Newbie
Posts: 49
Karma: 1
Re: IPv6 RA issue
«
Reply #3 on:
September 13, 2023, 09:39:15 am »
Okay, i found the issue and this was a WINDOWS/Switch issue.
background:
On the Client iam using a realtek NIC with configured VLANID4. But on SwitchPort i used default 0 for untagged traffic. So it looks like, realtek NICs letting passtrough even the default traffic which voerwrites the routing table with a non reachable ipv6 gateway ...
My Fix/Workarround: Using VLANID4 as DEFAULT for the Port as well.
Logged
franco
Administrator
Hero Member
Posts: 17672
Karma: 1613
Re: IPv6 RA issue
«
Reply #4 on:
September 13, 2023, 11:05:24 am »
> Sadly it doesnt work with IP Aliases, i cant select nothing else then automatic. (Even with CARP... nothing to select there).
So only link-local IPs show up in RA because it only supports link-local
You can use IP aliases too but it's basically the same as automatic. Only CARP address (VHID set) will switch into CARP mode which persists routes which is only needed if you have a HA setup.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
IPv6 RA issue
