IPv6 not working fully

[andrema2]

Hi

I'm trying to make my IPv6 to work.

This is how my equipments are setup

My ISP router seems to provide a valid PD and if I connect my Mac directly to it, I can test using https://ipv6-test.com/ and the result is 19 out of 20.

The WAN interface at the IPv6 is set to DHCP and the LAN is set to track WAN. The WAN has an IPv6 address but LAN doesn't.

If I ssh OPNSense and ping6 google.com I get replies. If I do the same thing on my MAC, now connected to the OPNSense LAN then it solves the address but it doesn't go anywhere. I do get a IPv6 address that seems ok.

Attached some information about the FW configuration, my ISP Router config and other things that might help.

WAN FW Rules https://i.imgur.com/VOYqqo5.png
LAN FW Rules https://i.imgur.com/wvalKcH.png
ISP Router Prefix Delegation https://i.imgur.com/1kOdRWH.png
ISP Router IPv6 Config https://i.imgur.com/eGGx7j8.png

[bartjsmit]

Do you have the RADVD service enabled on the LAN interface?

Services, Router Advertisements, [LAN].

Bart...

[andrema2]

Hi

Good point, it wasn't. It's now. I tried every set for Router Advertisements but the LAN IPv6 is still empty. For each change I got in the LAN interface and save it again to try to force it to realize a change happened.

I wonder if the fact that the my ISP is giving me a /64 and my WAN is not directly connected to the Internet is not the root of the problem.
I don't have a full comprehension of the IPv6.

[bartjsmit]

Open up a shell on the firewall (console option 8) and run radvdump

Wait a few minutes and you should see the WAN gateway advertised. You don't need a publicly routed 2000::/3 LAN interface IP address for clients on the LAN to get a public IPv6 address through SLAAC. They can connect through fe80::/10 networks.

Do you have a WAN gateway for IPv6? System, Gateways, Single. It should show the fe80::/10 address of your upstream router.

Bart...

[andrema2]

The WAN Interface is set to DHCPv6, is it correct ? For the RA in the LAN side what should I use ?

This is the result of the RADVDump

Code Select Expand

# radvd configuration generated by radvdump 2.18
# based on Router Advertisement from fe80::1272:23ff:febb:2a0
# received by interface igb0
#

interface igb0
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag off;
AdvOtherConfigFlag on;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 64;
AdvDefaultLifetime 180;
AdvHomeAgentFlag off;
AdvDefaultPreference high;
AdvLinkMTU 1500;
AdvSourceLLAddress on;

prefix 2804:431:c7d5:1796::/64
{
AdvValidLifetime 259200;
AdvPreferredLifetime 172800;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition


route 2804:431:c7d5:1796::/64
{
AdvRoutePreference high;
AdvRouteLifetime 259200;
}; # End of route definition


RDNSS fe80::1272:23ff:febb:2a0
{
AdvRDNSSLifetime 1200;
}; # End of RDNSS definition


DNSSL br
{
AdvDNSSLLifetime 1200;
}; # End of DNSSL definition

}; # End of interface definition

[mircolino]

The WAN interface at the IPv6 is set to DHCP and the LAN is set to track WAN. The WAN has an IPv6 address but LAN doesn't.
I wonder if the fact that the my ISP is giving me a /64 and my WAN is not directly connected to the Internet is not the root of the problem.

Did you try getting a bigger prefix delegation from your ISP. In the WAN interface -> DHCP6 client set a prefix delegation size of 63 and select the prefix hint checkbox. Then make sure LAN is traking WAN prefix 0.

[bartjsmit]

The WAN Interface is set to DHCPv6, is it correct ? For the RA in the LAN side what should I use ?

Yes, since your ISP router is using DHCPv6. RA for the LAN should advertise your ISP router since the small ISP PD doesn't allow you a separate /64 LAN subnet. You may want to enable ULA in the ISP router RA for luck. It's concerning that radvdump only shows fe80::1272:23ff:febb:02a0 as a DNS server, and not as a router.

Have you allowed ICMPv6 in your WAN rules? It's used for a lot of multicast stuff, which is the backbone of IPv6. Read RFC 4443 if you're terminally bored  ;)

Did you check your gateways for an IPv6 entry?

Bart...

[marjohn56]

The WAN Interface is set to DHCPv6, is it correct ? For the RA in the LAN side what should I use ?

This is the result of the RADVDump

Code Select Expand

# radvd configuration generated by radvdump 2.18
# based on Router Advertisement from fe80::1272:23ff:febb:2a0
# received by interface igb0
#

interface igb0
{
   AdvSendAdvert on;
   # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
   AdvManagedFlag off;
   AdvOtherConfigFlag on;
   AdvReachableTime 0;
   AdvRetransTimer 0;
   AdvCurHopLimit 64;
   AdvDefaultLifetime 180;
   AdvHomeAgentFlag off;
   AdvDefaultPreference high;
   AdvLinkMTU 1500;
   AdvSourceLLAddress on;

   prefix 2804:431:c7d5:1796::/64
   {
      AdvValidLifetime 259200;
      AdvPreferredLifetime 172800;
      AdvOnLink on;
      AdvAutonomous on;
      AdvRouterAddr off;
   }; # End of prefix definition


   route 2804:431:c7d5:1796::/64
   {
      AdvRoutePreference high;
      AdvRouteLifetime 259200;
   }; # End of route definition


   RDNSS fe80::1272:23ff:febb:2a0
   {
      AdvRDNSSLifetime 1200;
   }; # End of RDNSS definition


   DNSSL br
   {
      AdvDNSSLLifetime 1200;
   }; # End of DNSSL definition

}; # End of interface definition

Turn on dhcp6c debug and then in the system log files filter on 'dhcp6c', copy that and paste the results. It will tell us what dhcp6c is getting from your ISP.