English Forums > Zenarmor (Sensei)

Zenarmor & IPv6: Bad Combo (At least on ATT Fiber/US)

(1/5) > >>

lrosenman:
I finally got to the bottom of my IPv6 all of a sudden NOT working from my LAN.  If I turn OFF the Zenarmor Packet Engine it works as it's supposed to. if I turn ON the Packet Engine, my IPv6 doesn't work any more.

I filed a bug report from the UI, but wanted to post here as well.

athurdent:
Other than turning off Zenarmor, how did you verify it’s actually caused by that? Do your clients have a global IPv6? Which NIC? Did you try passive operation or native/emulated netmap?
I never had a problem with my IPv6 tests a few weeks back. Held off on using it until DHCPv6 in OPNsense gets fixed though.

lrosenman:
I have global IPv6 addresses from ATT, and with Zenarmor on, I can't get past the OPNSense router.  A ping gets nothing.  Turn off Zenarmor and it works fine.

EM nics
using NETMAP, AFAIK (Protectli FW6b HW).


--- Code: ---em0@pci0:1:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82583V Gigabit Network Connection'
    class      = network
    subclass   = ethernet
em1@pci0:2:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82583V Gigabit Network Connection'
    class      = network
    subclass   = ethernet
em2@pci0:3:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82583V Gigabit Network Connection'
    class      = network
    subclass   = ethernet
em3@pci0:4:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82583V Gigabit Network Connection'
    class      = network
    subclass   = ethernet
em4@pci0:5:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82583V Gigabit Network Connection'
    class      = network
    subclass   = ethernet
em5@pci0:6:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82583V Gigabit Network Connection'
    class      = network
    subclass   = ethernet

--- End code ---


--- Code: ---root@home-fw:~ # dmesg|grep -i netmap
000.000054 [4344] netmap_init               netmap: loaded module
em0: netmap queues/slots: TX 1/1024, RX 1/1024
em1: netmap queues/slots: TX 1/1024, RX 1/1024
em2: netmap queues/slots: TX 1/1024, RX 1/1024
em3: netmap queues/slots: TX 1/1024, RX 1/1024
em4: netmap queues/slots: TX 1/1024, RX 1/1024
em5: netmap queues/slots: TX 1/1024, RX 1/1024
root@home-fw:~ #

--- End code ---

athurdent:
What do Zenarmor‘s logs show for that IP you try to ping? Your policy configuration might simply block it.

lrosenman:
nothing in the logs.

Navigation

[0] Message Index

[#] Next page

Go to full version