No IPv6 to the internet, works locally

Started by juantxorena, March 05, 2022, 09:13:13 PM

Previous topic - Next topic
Hello everybody,

IPv6 from the local network to the internet suddenly stopped working. I'm not sure exactly when, but probably when I updated to 22.1 some days ago. In the local network, it works as expected.

What works:

- WAN gets an IPv6 address and a prefix
- All the clients of the VLANs get a proper IPv6 address within the subprefix (actually more than one)
- All the clients get an ULA, which I configured using virtual IPs and router advertisements (and that worked before)
- Clients can communicate between each other using IPv6, both with ULAs and GUAs, respecting the firewall rules

What doesn't work:

- Clients cannot communicate with the internet with IPv6, e.g. pinging google.com fails, no message, just 100% packet loss
- However, I can IPv6 ping from the firewall to the outside and it works: Interfaces -> Diagnostics -> Ping, pinging to google.com with MAIN as the source address (that's the main VLAN, where computer, phones, etc are) works
- Running e.g. https://ipv6-test.com/ from any client says there is no IPv6 connectivity

What I've tried:

- Deactivating firewall rules
- Deactivating virtual IPs and ULAs
- Deactivating manual router advertisements
- Changing types of RA (assisted, managed, stateless, etc)
- Restarting multiple times

I suspect opnsense is failing to route properly. I captured the packages in both MAIN and WAN interfaces while trying to ping from my computer to google.com. The pings packets appear in both captures, and it says: [Expert Info (Warning/Sequence): No response seen to ICMPv6 request in frame 3]

Gateways and routes are with the default values.

Thanks for the help.

After reviewing everything and doing more tests with the gateways and routes, nothing. Here's an example of a traceroute from a client to google.com:


traceroute to google.com (2a00:1450:4001:82f::200e), 5 hops max, 80 byte packets
1  firewall.lan (2003:c9:7f3d:4202:2e0:67ff:fe21:15e0)  0.254 ms  0.189 ms  0.215 ms
2  * * *
3  * * *
4  * * *
5  * * *


Here's from the firewall (it eventually reaches the destination)

traceroute6 to google.com (2a00:1450:4001:800::200e) from 2003:c9:7f3d:4202:2e0:67ff:fe21:15e0, 18 hops max, 20 byte packets
1  2003:0:8a01:3800::1  5.464 ms  3.911 ms  4.087 ms
2  2003:0:1807::1  10.928 ms  11.276 ms  11.136 ms
3  2001:4860:1:1:0:cf8:0:22  10.453 ms  10.826 ms  10.484 ms
4  2a00:1450:8019::1  9.749 ms  9.937 ms  9.786 ms
5  2001:4860:0:1::3e8a  12.026 ms  12.434 ms  11.608 ms
...


I'm at loss. Also, I've checked the logs, and that started to happen when I upgraded to 22.1, so I doubt is a coincidence. I've captured some traffic while doing pings, but with the ipv6 thing, I'm not really sure what do I have to look for.

Any help, besides reinstalling and starting from scratch?


This is same as I was experiencing in https://forum.opnsense.org/index.php?topic=26622.0.

Still have not been able to fix it, so I gave up on IPv6 until more people report the same issue.

Running ESXi 7.0, latest update, with a Intel I-350 passed through for the WAN interface, and the VMX interfaces on LAN.

March 07, 2022, 12:12:26 PM #4 Last Edit: March 07, 2022, 12:15:28 PM by gunnarf
When I reboot, OPNsense doesn't add my default route. That is on the box with tunneled ipv6. On the one with native ipv6 I didn't have any issues with routing loss, before the upgrade to 22.x Now I have no routing on the box with native ipv6!

Quote from: Morta on March 06, 2022, 10:33:12 PM
Have the same issue.

What ISP you have?

Deutsche Telekom. I doubt it has anything to do, as I said, it was working before with the same config.

I can confirm that I have the same problem. I have RA enabled and none of the clients get ipv6 addresses assigned. This setup without any modification has worked until the recent upgrade 22.1.1 -> 22.1.2

I am willing to provide any debug information needed.

Quote from: palica on March 08, 2022, 09:00:33 AM
I can confirm that I have the same problem. I have RA enabled and none of the clients get ipv6 addresses assigned. This setup without any modification has worked until the recent upgrade 22.1.1 -> 22.1.2

I am willing to provide any debug information needed.

It's not the same problem. As I said, clients get ipv6 addresses and it works locally, even across vlans, but it's not being routed to the internet.

Itz the same issue my NetworkManger gets a IPV6 but my ip addr not because is not routed.

It's somewhere a patch or a hint to fix this issues with the Radvd/DHCPV6 server?

March 11, 2022, 02:40:56 AM #9 Last Edit: March 11, 2022, 02:48:02 AM by opnuser43
I think I had similar issue after update from 22.1 direct to 22.1.2_1. Yes I skipped 22.1.1
Initially I thought it's my ISP with ipv6 routing issue. I get ipv6 on all local devices just unable to browse the Internet e.g. browser and dns ipv6 lookup failed. No issue with ipv4.

I didnt investiage further and fixed it with delaying the opnsense boot up not sure which work , i just slap both of these in /boot/loader.conf.local
autoboot_delay="60" <--- in second
kern.cam.boot_delay="60000" <--- in millisecond

FYI, I have other devices that need time to boot up, hence I put long delay, if you use these setting please change the value accordingly...

March 20, 2022, 01:00:50 PM #10 Last Edit: March 20, 2022, 01:14:16 PM by zneaks
I fixed my issue, where I was receiving IPv6 addresses but not actually able to reach the internet with IPv6.

Created a new firewall rule on the LAN,

Address: IPv4 + IPv6
Action: Pass
Direction: In
Source: LAN Net
Destination: LAN Address

Rebooted, and clients are now working on IPv6.

Makes me think there was a firewall generation/compatibility issue with 21.7 -> 22.1, as I'm using my config from 21.7 and experiencing this issue.