Archive > 19.7 Legacy Series
IPv6 in LAN can only reach FritzBox but not the internet
jimpd:
Sorry for the late reply
I have tested the following with IPv6:
device1 in LAN1
device2 in LAN2
device1 can ping device2
device2 can ping device1
installed webserver on device2 and allowed port 80 in opnsense on WAN interface for device2
-> device1 can access website running on device2
jimpd:
Next approach
Allow incoming port 443 on OPNsense WAN interface (which is in LAN1) with exposed Host configured in fritzbox -> OPNsense interface is reachable from remote via IPv6
Then I tried the similar setup as before from the internet (with curl)
device1 in LAN1
device2 in LAN2
device1 webserver port 80
i opened port 80 for device1 in fritzbox
-> access to webserver on device1 from remote server via IPv6 is possible
tcpdump on port 80
--- Code: ---13:43:46.206828 IP6 ipv6-of-device1:198d.54222 > ipv6-of-device2:e03a.http: Flags [S], seq 4161419774, win 28640, options [mss 1432,sackOK,TS val 3100947471 ecr 0,nop,wscale 7], length 0
13:43:46.206879 IP6 ipv6-of-device2:e03a.http > ipv6-of-device1:198d.54222: Flags [S.], seq 2344778224, ack 4161419775, win 64260, options [mss 1440,sackOK,TS val 457004862 ecr 3100947471,nop,wscale 7], length 0
.....
13:43:46.213160 IP6 ipv6-of-device1:198d.54222 > ipv6-of-device2:e03a.http: Flags [P.], seq 1:104, ack 1, win 224, options [nop,nop,TS val 3100947478 ecr 457004862], length 103: HTTP: GET / HTTP/1.1
......
--- End code ---
device2 webserver port 80
i opened firewall for opnsense (exposed host) and allowed also to access the delegated IPv6 prefixes for this device in fritzbox
i opened port 80 in opnsense on WAN interface for device2
-> access to webserver on device2 from remote server via IPv6 was **not** possible
i saw the request from the remote server in my opnsense firewall log
lan [remote-ipv6::2]:59836 [ipv6-of-device:e03a]:80 tcp let out anything from firewall host itself
then i tcpdump'd on device2 port 80
i saw the requests:
--- Code: ---13:55:21.417708 IP6 remote-ipv6::2.42044 > ipv6-of-device2:e03a.80: Flags [S], seq 2674231027, win 28800, options [mss 1440,nop,nop,sackOK,nop,wscale 7], length 0
13:55:21.417754 IP6 ipv6-of-device2:e03a.80 > remote-ipv6::2.42044: Flags [S.], seq 4276351807, ack 2674231028, win 64800, options [mss 1440,nop,nop,sackOK,nop,wscale 7], length 0
13:55:22.442402 IP6 ipv6-of-device2:e03a.80 > remote-ipv6::2.42044: Flags [S.], seq 4276351807, ack 2674231028, win 64800, options [mss 1440,nop,nop,sackOK,nop,wscale 7], length 0
--- End code ---
I wireshark'd this via http://fritz.box/html/capture.html - image1 is on eth1 - image2 on wan interface
(please ignore that image2 is ::1 instead of ::2, doesnt matter here)
also tcpdump'd on the remote server
--- Code: ---14:18:13.265952 IP6 remote-ipv6::2.39468 > ipv6-of-device2:e03a.80: Flags [S], seq 730490927, win 28800, options [mss 1440,sackOK,TS val 2624988435 ecr 0,nop,wscale 7], length 0
--- End code ---
verbose:
--- Code: ---14:17:36.967342 IP6 (flowlabel 0xc305c, hlim 64, next-header TCP (6) payload length: 40) remote-ipv6::2.39466 > ipv6-of-device2:e03a.80: Flags [S], cksum 0xe30d (incorrect -> 0xeca7), seq 2577571887, win 28800, options [mss 1440,sackOK,TS val 2624952138 ecr 0,nop,wscale 7], length 0
--- End code ---
johnsmi:
--- Quote from: jimpd on January 03, 2020, 05:12:25 pm ---Kindersicherung
--- End quote ---
This is broken in the current FritzOS
You need to disable "Kindersicherung" entirely.
I had the same problem. AVM is aware of this.
--- Quote from: AVM-Support ---Das Problem ist uns bekannt und wird in einem kommenden Update gefixt.
Workaround:
Kindersicherung komplett abschalten, das geht nur indirekt. Dazu alle Einschränkungen in der Kindersicherung abschalten, dann werden die Kindersicherungs-Module nicht geladen:
- Alle Einschränkungen im Standard-Profil "Alle anderen Geräte" entfernen.
- Alle Einschränkungen im Gast-Profil "Alle Geräte im Gastnetz" entfernen.
- Alle Geräte auf Standard-Profil setzen.
Das Problem sollte sich damit lösen lassen.
--- End quote ---
I removed all the stuff i don't need from my FritzBox and IPv6 runs fine.
jimpd:
This issue is probably fixed with new Fritz!OS 7.20
- **Behoben** Geräte, die an einen nachgelagerten Router via IPv6-Präfixdelegation angebunden sind, bekamen bei aktiver Kindersicherung keine IPv6-Internetverbindung
- **Behoben** Geräte, die an einen nachgelagerten Router via IPv4 Static Routes angebunden sind, bekamen bei aktiver Kindersicherung keine IPv4-Internetverbindung
https://ftp.avm.de/fritzbox/fritzbox-7590/deutschland/fritz.os/info_de.txt
I will report back once my FritzBox received the 7.20 update too
Navigation
[0] Message Index
[*] Previous page
Go to full version