Archive > 20.7 Legacy Series

Updates not working / plugins list empty - ipv6 issues

<< < (2/2)

debacler:
OK, having toggled prefer ipv6 (presently off) and the firewall advanced enable ipv6 (presently on) it started working again. No faith that it will survive a reboot, but working as expected at the moment. IPV6 pings are working again from the firewall to outside hosts. FYI, never saw these being blocked in the firewall log even when it wasn't working. Was also able to update bogon lists, which also failed previously.

Is there any relevant information I can gather to diagnose and hopefully find a permanent fix? I am all but certain things are going to go belly up again the next reboot.

PLR:
Hi, I have exactly the same problem.

I have built a two member carp firewall cluster on VMware 7.0 and OPNsense 20.7.0
Everything seems working fine functionally, but when I wanted to add the VMware tools package I could only get the package list updated on the master member but on the Standby member it times out waiting for the update.
Cannot see and packages available
I have the same settings on the two cluster members but only the master works.  I think I have tried all the permutations re IPv6 on off in system general the fw advanced settings.  No joy.
With one fw cluster members working and one not working,  I still cannot find anything to help with why the same settings on both gives a different result.
Also same DNS and same other settings as far as I can tell.

attached are two screens from the consoles, one Member OK the other not

Drocona:
Hello,

I'm not sure why nobody replied to this thread with a solution. Even though this thread is over a year old, it came up as top result on Google when trying to find a solution for this problem.
I recently started with OPNsense to try it for WireGuard VPN and ran into the same updating problem and also not having a plugin list. Also seeing exactly the same with the enabling/disabling IPv6.

After doing a quick search and not finding anything, I figured to go troubleshoot myself as it must be something stupid I missed with IPv6 since disabling/enabling it temporarily fixes it.
One of the main drivers of IPv6 connectivity is ICMP and after taking a look at my firewall rules, guess what, there is no IPv6 ICMP rule by default.
Since ICMP is required for correct IPv6 connectivity, and it's being blocked, no chance it will work, hence no updates, no ping, no plugins.

Add the following rule to the Floating rule base to solve the problem (for OPNsense and all clients you may have connected on IPv6 in the future, for clients don't forget the internal interface too!):
PASS, Interface: WAN, Direction: ANY, TCP/IP: IPv6, Protocol: ICMP, Type: ANY, Source: ANY, Destination: ANY

That should do it, hope it helps for everyone being frustrated in the future (as more and more people get IPv6)

Greelan:
That’s odd because in my experience OPNsense adds relevant ICMPv6 floating rules itself when IPv6 is enabled. Wouldn’t be particularly useful if it didn’t

Drocona:
I can see a list of auto-generated IPv6, however, the destinations only seem to be link-local addresses.
As soon as I disable the firewall rule I've added myself I lose IPv6 connectivity to all non link-local IPv6 addresses from OPNsense and lose updating+plugin capabilities.

Navigation

[0] Message Index

[*] Previous page