Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Spectrum and IPV6 Help
« previous
next »
Print
Pages: [
1
]
Author
Topic: Spectrum and IPV6 Help (Read 2117 times)
wangel
Newbie
Posts: 6
Karma: 0
Spectrum and IPV6 Help
«
on:
March 24, 2024, 04:29:05 pm »
Hello all;
So I decided to try to deep dive into IPV6. I have Spectrum as my isp, and they are giving me WAN an IPV6 address.I went to my WAN interface, did a 60 for the prefix delegation size, and check Send IPv6 prefix hint.This appears to work... at first the prefix delegation was 64.
After that, I went to my LAN interface, set IPv6 to Track Interface, and then under the Trace Interface, I set it to WAN with a Prefix ID of 1. Once I get this working my IOT vlan will be a prefix id of 2 etc. I also checked the box for Allow manual adjust of DHCPv6 and RA.
Then I went Services -> RA. I first tried it Unmanaged for just SLAAC. I eventually want to static a couple of servers with ipv6, so I ended up changing it to Assisted. Neither of them worked, so I don't think this was the issue.Advertise Default GW was checked, and for DNS config, I put the linklocal ip of my pihole box in the server list.
I was able to get an ipv6 on my Windows 11 computer. It would _always_ report no internet access. No matter what I did, I was never able to ever have it SHOW it had a dns server for ipv6, but not sure that matters as dns was resolving ipv6 names.
if I went to ipv6test.google.com it would tell me No problems, but I'm not using Ipv6. test-ipv6.com would also always fail.
If I went to command prompt and ran tracert -6 google.com, the first hope was the ipv6 ip of my Opnense Box (NOT the link local, it was the Ip from my ISP) and then dead.
I was never able to ping out or traceroute out. Yes I have firewall rules and it appeared I was passing traffic, but never got anything back.... and the test sites where saying I don't have ipv6 and Windows 11 kept saying I had no Interenet Acces w/ IPV6.
IPV6 ping test _FROM_ Opnsense worked. Only my Lan Clients seemed to be effected.
Not sure what I'm missing. I'm assuming maybe it's a route issue
I saw a couple of guides that say I need a floating rule for ipv6 icmp .. I've added that etc and it never seems to make a difference. If I live watch the logs I do see the traffic getting passed by a IPv6 RFC4890 requirememets (ICMP)" ... so I assume that is old info/guide info?
I can get screenshots etc if that would help. For now I've disabled ipv6 on my LAN.
Thanks!
Logged
meyergru
Hero Member
Posts: 1682
Karma: 165
IT Aficionado
Re: Spectrum and IPV6 Help
«
Reply #1 on:
March 24, 2024, 05:16:40 pm »
I don't know if I understood you correctly, but if you only get a /64 prefix from your ISP, your are a bit out of luck.
Standard should be /56 or even /48 as there is no shortage of IPv6. From that you can yourself use 256 different prefixes for your LANs, because SLAAC uses up the 64 remaining bits for the local address part, so 56 + 8 + 64 = 128.
This just does not work (tm) with /64: There are no bits left any more for LAN prefixes, which explains why your SLAAC did not work.
The best thing you could probably achieve is IPv6 with (the only) /64 prefix you get on only one LAN.
Usually, you can request a IA_NA address for your WAN and a IA_PD prefix for your own prefix delegation. Depending on what your ISP can handle, they may give you a larger prefix if you request a "prefix only". In that case, your WAN would get no IPv6, but OpnSense can use one of the LAN IPs to communicate outside.
«
Last Edit: March 24, 2024, 05:20:23 pm by meyergru
»
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
wangel
Newbie
Posts: 6
Karma: 0
Re: Spectrum and IPV6 Help
«
Reply #2 on:
March 24, 2024, 05:34:18 pm »
Yep ok awesome, that makes sense. So in terms of IPv6, a /64 is the same as saying a /24 in ipv4? It's just 1 network?
I took a screenshot of the Overview of my WAN interface, hoping it might help?
«
Last Edit: March 24, 2024, 05:36:37 pm by wangel
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6799
Karma: 571
Re: Spectrum and IPV6 Help
«
Reply #3 on:
March 24, 2024, 05:42:02 pm »
Quote from: wangel on March 24, 2024, 05:34:18 pm
So in terms of IPv6, a /64 is the same as saying a /24 in ipv4? It's just 1 network?
Yes and no. You can split a /24 in two halves or even four subnets and IPv4 will just work as always only with fewer hosts in each subnet.
In IPv6 all Ethernet style links are /64. There is no other net size. Many of the automatic things in IPv6 like address management rely on that size.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
wangel
Newbie
Posts: 6
Karma: 0
Re: Spectrum and IPV6 Help
«
Reply #4 on:
March 24, 2024, 06:17:41 pm »
Got it. OK cool.
So I've put in, on my WAN interface, Prefix Delegation Size and checked Send IPv6 prefix hint. I've tried both 60 and now 56.
The screenshot of the overview of my WAN shows it looks like I'm getting a /60 ... but I can also get a /56 it seems.
So I'm assuming Spectrum is handing me a /60 or /56 if I ask for it?
Logged
Patrick M. Hausen
Hero Member
Posts: 6799
Karma: 571
Re: Spectrum and IPV6 Help
«
Reply #5 on:
March 24, 2024, 06:33:33 pm »
You need to ask them.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
meyergru
Hero Member
Posts: 1682
Karma: 165
IT Aficionado
Re: Spectrum and IPV6 Help
«
Reply #6 on:
March 24, 2024, 06:36:27 pm »
Probably, if they do it like they should. Even a /60 prefix is be fine, because then you still can use 68 bits, which leaves you with 4 bits for LAN prefixes in the "Track IPv6 Interface" sections of your LANs.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
muchacha_grande
Full Member
Posts: 219
Karma: 19
Re: Spectrum and IPV6 Help
«
Reply #7 on:
March 24, 2024, 08:24:35 pm »
I have the name problem with my ISP... a /64 delegation, son I can't use SLAAC. But I managed to subnet my 64 bits part to have 16 for LANs and the rest for host... No IPv6 for Android phones but the rest of hosts have a working dual stack... I've been using this setup for about three years and everything worked fine.
This is an awful solution, but is the only thing I could do to use IPv6 with my ISP... for now.
Logged
wangel
Newbie
Posts: 6
Karma: 0
Re: Spectrum and IPV6 Help
«
Reply #8 on:
March 24, 2024, 08:30:57 pm »
So I talked with Spectrum, and it looks like they are giving me a /56. I don't need that many, so I changed it on my WAN interface to give a me a /60.
In the LAN section, I set it to Track Interface, WAN, and the IpV6 prefix id of 1. This should give me a /64, and it appears that it did.
It looks like my Win11 machine is getting an Ipv6 address. So I tried to ping... nothing. Request timed out.
Then, out of no where, it just started working. WTF? Ping -t -6 google.com started working. I got all excited.
Thought ok, I did something right. So I went to my IOT interface, enabled Ipv6 Tracking, WAN, IpV6 prefix id of F (put it on the other end of a /64 was my thought).
Now nothing works again. I even turned off IPv6 on my IOT interface, but LAN still does not work.
I can ping just from the Opnsense box... but trying to ping from a client on the LAN (windows 11) doesn't work. I can Ping the ipv6 interface of the Opnsense box. I can try to traceroute, but it dies right after the first hop (which is the ipv6 interface of the Opnsense box).
Granted, I'm a big newb to ipv6, but this seems like it's straight forward, lol
Logged
meyergru
Hero Member
Posts: 1682
Karma: 165
IT Aficionado
Re: Spectrum and IPV6 Help
«
Reply #9 on:
March 24, 2024, 09:20:03 pm »
Did you enable "Manual configuration" of the router advertisements? (Usually, this is not needed)
If so, what did you configure in RADVD? You can disable advertising the default gateway in its service setting, which would prevent the IPv6 route from being advertised?
Is RADVD running in the first place? If not, start it from the dashboard. If it stops, what is the content of /usr/local/etc/radvd.conf?
Do your clients get IPv6 GUAs (i.e. not starting with fe80:...)?
On some clients, you can look at the configured IPv6 route, you can even try tracerouting and see where traffic is blocked...
Have you enabled outbound IPv6 traffic for LAN and IoT by creating rules?
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
wangel
Newbie
Posts: 6
Karma: 0
Re: Spectrum and IPV6 Help
«
Reply #10 on:
March 24, 2024, 10:43:49 pm »
Yes, I enabled Allow manual adjustment of DHCPv6 and Router Advertisments, as I want to give the clients my PiHole as DNS, not my ISP's.
That being said, I had turned everything off (Ipv6 on the wan and everything).
Started setting everything back up ... but I did NOT turn on the Allow Manual Adjustment.
Win11 box got an ipv6, I started ping -t -6 google.com and let it go. Was a bunch of requests timed out, but then all of a sudden it started working!!!!!
Tested another machine, it worked!! But I was getting my isp's DNS servers, so I turned on Allow Manual Adjustment, and now everything is broke again rofl.
I've turned it back off, but I am still not able to ping out anymore. Clearly I'm doing something wrong, or my stuff is broke.
Logged
meyergru
Hero Member
Posts: 1682
Karma: 165
IT Aficionado
Re: Spectrum and IPV6 Help
«
Reply #11 on:
March 24, 2024, 11:34:31 pm »
Then some of the manual settings may be incorrect, which may lead to radvd not starting up. Also, this is a cascade of delegations where addresses are assigned via router advertisements, which are broadcasts. Every time you change a setting, radvd removes all adresses and then, it can take a few seconds until new IPs are being picked up.
Thus, it may take a while until someting works. I would look into if radvd is running at all.
You have have DNS on IPv4 servers only and still have IPv6 resolved, so there is really no need to change DNS settings for IPv6 servers. Hence, no need for manual RADVD settings which are hard to comprehend when you are not an expert.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
wangel
Newbie
Posts: 6
Karma: 0
Re: Spectrum and IPV6 Help
«
Reply #12 on:
March 25, 2024, 12:07:21 am »
Holy hell I think I have it all working!
Yah, the dns thing is going to irk me. I understand that dns servers on ipv4 can return ipv6 addresses etc ... I just want to make sure my clients are using my pihole, cuz ... I'm a dork like that. LOL
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Spectrum and IPV6 Help