Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
access to internal host ipv6 result in destionation unreachable
« previous
next »
Print
Pages: [
1
]
Author
Topic: access to internal host ipv6 result in destionation unreachable (Read 8380 times)
Droppie391
Jr. Member
Posts: 55
Karma: 5
access to internal host ipv6 result in destionation unreachable
«
on:
January 11, 2017, 09:55:50 am »
Situation:
dual-stack pppoe link to ISP with local link addresses
outgoing Ipv4 and Ipv6 work without a problem (floating rule Ipv6-ICMP on LAN and WAN)
incoming Ipv4 also no problem (NATted hosts are reachable)
rule to allow incoming Ipv6 http on WAN to a host called „2001:Target“
rule to alow ALL Ipv6 on LAN („2001:LAN“)
incoming request reaches „2001:Target“ but the answer back to host „2a01:Requestor“ result in a destination unreachable message: (2001:LAN is the LAN Address of the OPNsense box)
IP6 "2a01:Requestor".65170 > „2001:Target“.80: tcp 0
IP6 „2001:LAN“ > „2001:Target“: ICMP6, neighbor solicitation, who has „2001:Target“, length 32
IP6 „2001:Target“ > ff02::1:ff00:11: ICMP6, neighbor solicitation, who has „2001:LAN“, length 32
IP6 „2001:Target“ > „2001:LAN“: ICMP6, neighbor advertisement, tgt is „2001:Target“, length 32
IP6 „2001:Target“.80 > "2a01:Requestor".65170: tcp 0
IP6 „2001:LAN“ > „2001:Target“: ICMP6, destination unreachable, unreachable address "2a01:Requestor", length 84
We suspect that there is a problem with the default routing as we do NOT see one for Ipv6 under System – Route – Status
on the console, there IS a default route:
Internet6:
Destination Gateway Flags Netif Expire
default fe80::211:bcff:feb9:4c08%pppoe0 UGS pppoe0
Logged
mbosner
Newbie
Posts: 43
Karma: 1
Re: access to internal host ipv6 result in destionation unreachable
«
Reply #1 on:
January 11, 2017, 11:01:45 pm »
Hello Droppie,
may i ask for your providers name?
Cheers
Logged
Droppie391
Jr. Member
Posts: 55
Karma: 5
Re: access to internal host ipv6 result in destionation unreachable
«
Reply #2 on:
January 12, 2017, 10:39:55 am »
Hi, our ISP is Titan-Networks in Germany. They provide dual-stack access with static v6 (no dhcpv6)
Logged
mbosner
Newbie
Posts: 43
Karma: 1
Re: access to internal host ipv6 result in destionation unreachable
«
Reply #3 on:
January 12, 2017, 08:04:52 pm »
Interesting. Your default gw is a locallink address and that seems to be the reason why opnsense ipv6 does not work for me since the "track interface" option is looking for a public ip. But that might be wrong guessing.
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: access to internal host ipv6 result in destionation unreachable
«
Reply #4 on:
January 12, 2017, 09:00:33 pm »
Can you ping 2001:Target from OPNsense? Are they both in the same /64?
Bart...
Logged
Droppie391
Jr. Member
Posts: 55
Karma: 5
Re: access to internal host ipv6 result in destionation unreachable
«
Reply #5 on:
January 13, 2017, 08:39:49 am »
There is absolutely no problem in the internal network. all hosts can communicate with eachother AND wit ANY host outside. The problem is with hosts that we want to be reachable from the outside. Packets are getting through to the destination and are being answered by them. The problem ist, that the OPNsense router does not know what the way back to the external requestor is.
To clear things, we are NOT getting a global IPv6 address from the ISP. We have set the IPv6 settings on our WAN interface to DHCPv6 (SLAAC seems to work as well, but as the Dashboard will NOT display an IPv6 address in that case, we decide to go for DHCPv6), flag "Only request an IPv6 prefix and leave all other options off. Our ISP gave us a 48 prefix so we also set that.
On the LAN side, we use static 64 prefixes derived from the 48 prefix assigned by our ISP and Unmanaged advertisements set under Services-DHCPv6. You could as well use managed but we have no need for that.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
access to internal host ipv6 result in destionation unreachable