ipv6 works, but pinging ipv6.google.com from the firewall doesn't...?

Started by 5SpeedFun, May 20, 2020, 12:03:52 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 20, 2020, 12:03:52 AM
Hi all,

My opnsense box is a VM with emulated em0 interfaces on proxmox ve.  The underlying nic is a SolarFlare 10Gbit/s card.

My WAN interface is configured as ipv4 (static) and dhcpv6 and on the same vlan as my comcast modem. 

Options I'm using on wan:


Enable Interface
Prevent interface Removal
Device em0
Block Private networks (tried checked & unchecked)
block bogon networks (tried checked & unchecked)
Static IPv4
DHCpv6 (client config - Prefix delegation 59, Send hint, prevent release)


Default route for ipv6 is in routing table

root@edge01:~ # netstat -6 -rn
Routing tables

Internet6:
Destination                       Gateway                       Flags     Netif Expire
default                           fe80::3817:e1ff:fede:dda4%em0 UG          em0
::1                               link#5                        UH          lo0
.
.
.
.


I can ping the default gateway

root@edge01:~ # ping6 fe80::3817:e1ff:fede:dda4%em0
PING6(56=40+8+8 bytes) fe80::901b:98ff:fe43:87f7%em0 --> fe80::3817:e1ff:fede:dda4%em0
16 bytes from fe80::3817:e1ff:fede:dda4%em0, icmp_seq=0 hlim=64 time=6.162 ms
16 bytes from fe80::3817:e1ff:fede:dda4%em0, icmp_seq=1 hlim=64 time=2.904 ms
16 bytes from fe80::3817:e1ff:fede:dda4%em0, icmp_seq=2 hlim=64 time=3.998 ms
16 bytes from fe80::3817:e1ff:fede:dda4%em0, icmp_seq=3 hlim=64 time=2.144 ms
^C
--- fe80::3817:e1ff:fede:dda4%em0 ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.144/3.802/6.162/1.514 ms


I can resolve ipv6.google.com

root@edge01:~ # nslookup
> ipv6.google.com
Server:      127.0.0.1
Address:   127.0.0.1#53

Non-authoritative answer:
ipv6.google.com   canonical name = ipv6.l.google.com.
Name:   ipv6.l.google.com
Address: 2607:f8b0:4009:815::200e


Also:  this is a vm so I have interfaces -> settings -> Hardware CRC/TSo/LRO (all disable hardware offload) checked.  I also have Disable VLAN hardware filtering set as well.

Under Firewall -> Settings -> Advanced
I have "disable reply-to" checked, otherwise I have issues talking to another host on the wan vlan as traffic goes to the default gateway. 

I've also tried settings Firewall -> Advanced -> settings  -> Disable firewall & that didn't work either.

Open to any & all suggestions.  I'm pretty new to OPNSense.
May 20, 2020, 05:37:33 AM #1
Replying to my own post here:

When the box first boots, it can ping ipv6.google.com

root@edge01:~ # ping6 ipv6.google.com
PING6(56=40+8+8 bytes) xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx --> 2607:f8b0:4009:815::200e
16 bytes from 2607:f8b0:4009:815::200e, icmp_seq=0 hlim=54 time=24.459 ms
16 bytes from 2607:f8b0:4009:815::200e, icmp_seq=1 hlim=54 time=25.101 ms
16 bytes from 2607:f8b0:4009:815::200e, icmp_seq=2 hlim=54 time=19.621 ms

(source ip removed...)
May 20, 2020, 02:26:45 PM #2
So with everything else the same, switching from either vtnet or emo (underlay was 10Gbit solarflare with vlans) to igb (with vlans in pfsense) seemed to have fixed the issue.  It's been about 10 hours  I can still ping just fine.

Anyone have any ideas? 
Print
Go Up Pages1
User actions