IPv6 issues for WAN: DHCPv6 LAN: SLAAC (Packet Loss , high latency)

[houmi]

Hi Everyone,

I recently researched OPNsense at work by installing it on a MiniPC, everything worked fine including IPv6 so I decided to also install it at home replacing my current router. Overall very happy with the product.

So at work we decided to purchase a DEC2770 system to setup OPNsense to use it in our testing lab. However in this setup, I have a difficulty getting IPv6 working (everything else is fine)

The current setup is our org is that we have an ISP provider that gives us dual stack, the IT team have their own Cisco Routers and supply us with IPv6 with PD with a subnet size of /64.

Before when we used regular consumer routers, we'd set it to Passthrough or when not available, we'd use DHCPv6 on the WAN site with PD enabled and SLAAC on LAN (tp-links, asus, etc.) and no issues.

On OPNsense, When I set DHCPv6 on WAN side, it works fine, and I can use Diagnostic ping to go to IPv6 sites.

Any type of setup I put on Lan side works for some time. Then there are either packet losses when doing ping, or no IPv6 altogether.

I have tried all these scenarios

- Tracking Interface on LAN for IPv6 and let OPNsense manage RA
- set the setting so I'd manage RA myself, setting it to unmanaged
- use the new NDProxy (noticed there was a typo in the doc for it was saying to use LAN MAC Address but used WAN instead), I think there is a pull request on github fixing it ?

I have also asked our ITs to possibly give us /56 or /60 on their end so I could try this again.

Just curious how I can set this up on our end.

Appreciate any help!

[houmi]

I finally got it working... I had to disable "Promiscuous mode" on WAN for NDProxy setup.

Code Select Expand

Ping statistics for 2607:f8b0:400a:806::200e:
    Packets: Sent = 1000, Received = 1000, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 170ms, Average = 2ms

Only one ping at 170ms, so all is well.