Unable to get dpinger to work on WAN ipv6 link local address

[IsaacFL]

Where my gateway LLA fe80::201:5cff:fe76:b846 and my rtr LLA fe80::21f:e1ff:fe10:e676

[mircolino]

Has this issue been resolved in 2.1.8?

[marjohn56]

 I've identified the issue, it's a firewall issue. If you go to firewall->Settings->Advanced and enable 'Disable force gateway' you'll find link-local monitoring works. I've informed Franco of my findings. No, not fixed in 20.1.8, hopefully next release.


p.s. You'll need to re-save the gateway or interface after you've made the change to the firewall setting.

[9numbernine9]

Thanks marjohn56. Is this issue being tracked on a Github issue that we can follow? I seem to still be experiencing this issue on OPNsense 20.7.3, even with the 'Disable Force Gateway' option enabled. (I've re-applied the settings for the Gateway, the WAN interface, and even restarted the entire machine, but the WAN_DHCP6 monitor still reports 'Offline.')

[marjohn56]

What address is in your gateway monitor?

[9numbernine9]

What address is in your gateway monitor?

The WAN_DHCP6 monitor shows that it's monitoring fe80::217:10ff:fe93:7715, which I believe is the default gateway in the routing table in System >> Routes >> Status.

Code Select Expand

ipv6 default fe80::217:10ff:fe93:7715%em0 UG 1571 1500 em0 WAN

[marjohn56]

I'll check this again on my test unit. It will take me a while as I'm busy with another project but I'll take a look and see if that 'fix' is still working. Something may have changed in 20.7.

[marjohn56]

No, you're right, it doesn't work now.. It is being tracked and Franco did a remote onto my systems and was able to see it, so not resolved yet as there are other v6 issues with a higher priority. In the meantime, set a GUA address, Google's DNS server or I use the BBC.

[9numbernine9]

Thanks for confirming marjohn56! I'll use another server like you suggest and await a fix in a future release. :)

[Baumgartl]

Just want to let you know that I've the same issue with 20.7.3 as well.

As mentioned by marjohn56 checking 'Disable automatic rules which force local services to use the assigned interface gateway' under Firewall -> Settings -> Advanced -> Multi-WAN seems to work.

However, it is only working when using my own link-local address as Monitor IP. Pinging any other public IPv6 address does not work.

[rickyricky]

I have two Opnsense routers.  The one on Xfinity does not have this issue.  The one on Spectrum does have the issue.

Is there anything I can do to help or provide additional information?

For now, I've done the cardinal sin of disabling IPv6 on the Spectrum as when the IPv6 routing fails, children yell at me.  Best IPv6 routing notification system I could have implemented. =)

[IsaacFL]

You could try changing the monitor ip to a public DNS instead of the default gateway. I was using resolver2.opendns.com (2620:119:53::53) as my monitor ip and had better results.

I finally switched back to pfSense because of this issue and lack of Avahi for ipv6.

[andreaslink]

Just want to update this topic, I have the same problem here and I have just updated today to OPNsense 20.7.6-amd64 and I'm running this on bare metal, so nothing virtualized. I still cannot ping my link local router GW directly from OPNsense - even though in the firewall it's all green aka allowed.

So I'm currently also not using IPv6 due to this issue, but I really hope with every release to see it fixed :-\. I'm happy to provide an help I'm able to contribute here to get this solved.