Archive > 19.7 Legacy Series

IPv6 in LAN can only reach FritzBox but not the internet

(1/2) > >>

jimpd:
Hi :)

I tried to configure IPv6 behind my OPNsense but I stuck right now.
My setup looks like this:
Internet -> FritzBox -> LAN1
                                    -> OPNsense (in LAN1) -> LAN2
What is working?
IPv6 is working fine on devices in LAN1. IPv6 is working fine on the WAN port on my OPNsense.

What is not working?
IPv6 is not working on devices in LAN2

I do get IPv6 addresses on devices in LAN2 and I can ping OPNsense and the FritzBox via IPv6 but I cannot reach anything outside on the Internet.

Configuration:
Enabled IPv6 in FritzBox with "DNS and IA_PD"
Enabled IPv6 in OPNsense

WAN interface:
 IPv6 Configuration Type - DHCPv6

 Configuration Mode - Basic
 Request only an IPv6 prefix - Yes
 Prefix delegation size - 62 (also tried 60 here)
 Send IPv6 prefix hint - Yes
 Prevent release - Yes
 Enable debug - No
 Use IPv4 connectivity - No
 Use VLAN priority - NO

LAN interface:
 IPv6 Configuration Type - Track Interface

 IPv6 Interface - WAN
 IPv6 Prefix ID - 0x0
 Manual configuration - No

Firewall -> Advanced:
 Allow IPv6  - Yes

Firewall -> Rules -> LAN:
 Action - Pass
 Interface - LAN
 Direction - in
 TCP/IP Version - IPv6
 Protocol - ICMP
 ICMP type - any
 Source - LAN net

With this config I get IPv6 addresses in LAN2 and can ping other local devices but I cannot reach outside IPv6 addresses via ping.
According to the "Live View" under "Log Files" the ICMP ping is successful, at least it is not blocked.
A mtr shows successful connection to OPNsense, then FritzBox, then it stops.

Any idea what is wrong here?

/edit
To test this more I added following rules to LAN:
IPv6 * - Source WAN - any...
IPv6 * - Source LAN - any...

And on WAN the same:
IPv6 * - Source WAN - any...
IPv6 * - Source LAN - any...

But still not working

chriss_de:
There is a Firewall within the fritzbox that may block the packet returning.

I used to have a fritzbox and must say that ipv6 function in the fritzbox are more like a beta state feature.

you can test if you allow all traffic for the the host / network (your delegated ipv6) within the fritzbox.
I think Internet > Freigaben > somewhere there

jimpd:
I added my OPNsense as exposed IPv6 host but that did not work either.
The most interesting part is, that if the mtr runs long enough sometimes a single package goes out.

jimpd:
I played a bit more around and noticed the following:
If I block the device via Filter -> Kindersicherung and then change it again I get a single package through it via IPv6.
If I block it again and set it back to "Standard" the mtr always succeeds but only until I stop and re-start the mtr on a device in LAN2

chriss_de:
just for fun... because its all strange

can you ping devices in LAN2 from LAN1? but all in all it seems to be a problem of the fritzbox? try contacting AVM support - they are pretty good and give you test firmewares that might fix your problem.

Navigation

[0] Message Index

[#] Next page

Go to full version