Archive > 21.1 Legacy Series

NPTv6 only working one way

(1/1)

FingerlessGloves:
Hi Guys,

Anyone seen or got this issue, I believe its started since OPNsense 21.1 NPTv6 is only working in one direction.

I can ping6 and connect to IPv6 resources on a VM to the internet.
If I connect from the internet to the VM on the NPT address, traffic doesn't return.

Now I can see in the firewall logs traffic coming in and replying on the VM and then back out the WAN again, but the source IP for the traffic leaving the WAN is "fd37:c611:72fb:80::10", should this of been translated too "2001:41d0:800:aa:aa:aa:aa:aa" because it is "2001:41d0:800:aa:aa:aa:aa:aa" when the ping originates from the VM not the external host.

VM IP: fd37:c611:72fb:80::10/64
NPT Rule:    2001:41d0:800:aa:aa:aa:aa:aa/128 -> fd37:c611:72fb:80::10/128
WAN IP: 2001:41d0:800:aa::1/64
 




Is this a bug?

Jonny

leifnel:
This started in 20.7.6

https://www.facebook.com/groups/1827180887561143/permalink/2927844414161446

I have a vmware server at OVH.
On this I have an opnSense firewall.
Due to the somewhat strange handling of IPv6 at OVH, I have assigned the public addresses
2001:0DB8::201/128
2001:0DB8::202/128
2001:0DB8::203/128
2001:0DB8::204/128 to the public interface.
Then NPTv6 Nats
2001:0DB8::/65 to fd30::/65.
The internal hosts have the adresses
fd30::201
fd30::202
fd30::203
fd30::204
This works in Opnsense 20.7.5, is broken in current version, but already in 20.7.6.

FingerlessGloves:
Could be 20.7.6, I wasn't monitoring IPv6...

I'm running 21.1.5 currently and still not working. Funnily enough I too are getting the issue at OVH.

leifnel, do you have a backup of your firewall when you was running 20.7.5? or have you already reverted back?

leifnel:
This is spooky.
Can't remember when it started working again, but 21.7.5 works, 21.7.6 doesn't ?!?

Navigation

[0] Message Index