Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
IPv6 NAT Problem
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPv6 NAT Problem (Read 1027 times)
seed
Full Member
Posts: 174
Karma: 12
IPv6 NAT Problem
«
on:
May 23, 2023, 09:45:44 am »
I have an interesting problem with NATv6 on the OPNsense.
if I run e.g. OpenVPN on all interfaces and set it to port 1194 (so that OpenVPN runs in the dual stack) I use NAT to redirect e.g. incoming traffic from port 443 to the "VPN IP".
With IPv4 this works perfectly. But not with IPv6.
Also the redirection from the WAN IP to a loopback interface fails.
So e.g.:
192.0.2.12:443 DNAT-> 192.0.2.12:1194 works
[2001:DB8::12]:443 DNAT-> [2001:DB8::12]:1194 does not work
[2001:DB8::12]:443 DNAT-> [lo1]:1194 does not work either
What am i doing wrong?
Logged
i want all services to run with wirespeed and therefore run this dedicated hardware configuration:
AMD Ryzen 7 9700x
ASUS Pro B650M-CT-CSM
64GB DDR5 ECC (2x KSM56E46BD8KM-32HA)
Intel XL710-BM1
Intel i350-T4
2x SSD with ZFS mirror
PiKVM for remote maintenance
private user, no business use
Patrick M. Hausen
Hero Member
Posts: 6801
Karma: 571
Re: IPv6 NAT Problem
«
Reply #1 on:
May 23, 2023, 11:20:43 am »
Have you tried setting the filter rule association to "pass"?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
seed
Full Member
Posts: 174
Karma: 12
Re: IPv6 NAT Problem
«
Reply #2 on:
May 23, 2023, 11:32:43 am »
I just set "Filter rule association" to "Pass" ans it still does not work.
Also worth mentioning is that a Filter rule on wan with "pass" for 443 TCP (VPN-IPv6) also exists.
Logged
i want all services to run with wirespeed and therefore run this dedicated hardware configuration:
AMD Ryzen 7 9700x
ASUS Pro B650M-CT-CSM
64GB DDR5 ECC (2x KSM56E46BD8KM-32HA)
Intel XL710-BM1
Intel i350-T4
2x SSD with ZFS mirror
PiKVM for remote maintenance
private user, no business use
seed
Full Member
Posts: 174
Karma: 12
Re: IPv6 NAT Problem
«
Reply #3 on:
May 23, 2023, 11:40:18 am »
Someone else also has a similar issue:
https://www.reddit.com/r/opnsense/comments/110n7cc/nat_redirect_for_dns_on_ipv6_loopback_address/
Also not working with the IPv6 itself. Like described in my first post.
«
Last Edit: May 23, 2023, 11:49:43 am by seed
»
Logged
i want all services to run with wirespeed and therefore run this dedicated hardware configuration:
AMD Ryzen 7 9700x
ASUS Pro B650M-CT-CSM
64GB DDR5 ECC (2x KSM56E46BD8KM-32HA)
Intel XL710-BM1
Intel i350-T4
2x SSD with ZFS mirror
PiKVM for remote maintenance
private user, no business use
Bob.Dig
Sr. Member
Posts: 257
Karma: 13
Re: IPv6 NAT Problem
«
Reply #4 on:
May 23, 2023, 12:18:54 pm »
Do you have outbound NAT for IPv6?
Logged
seed
Full Member
Posts: 174
Karma: 12
Re: IPv6 NAT Problem
«
Reply #5 on:
May 23, 2023, 12:25:57 pm »
In normal cases i route ipv6.
But in this special case i enabled "NAT reflection" in the port forwarding rule.
It does not work either. Same issue with wireguard IPv6 NAT.
Logged
i want all services to run with wirespeed and therefore run this dedicated hardware configuration:
AMD Ryzen 7 9700x
ASUS Pro B650M-CT-CSM
64GB DDR5 ECC (2x KSM56E46BD8KM-32HA)
Intel XL710-BM1
Intel i350-T4
2x SSD with ZFS mirror
PiKVM for remote maintenance
private user, no business use
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
IPv6 NAT Problem
