[SOLVED] IPv6 traffic not routed properly

Started by Dddsbxr, March 12, 2023, 08:39:24 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 12, 2023, 08:39:24 AM Last Edit: March 12, 2023, 08:56:27 AM by Dddsbxr
Hello everyone,

`netstat -r` shows the correct IPv6 default gateway, but traffic is not routed. The gateway is reachable and works(tested with a different, not-OPNsene device).

Code Select
Internet6:
Destination        Gateway            Flags     Netif Expire
default            fd42:42:42::1      UGS         wg1 <---- gateway in the VPN network
localhost          link#6             UHS         lo0
fc00:4::/64        link#2             U          igc1
router             link#2             UHS         lo0
fd42:42:42::/64    link#9             U           wg1 <---- the VPN network
fd42:42:42::4      link#9             UHS         lo0
fe80::%igc0/64     link#1             U          igc0
...

I checked the firewall logs, the ping attempts went through.

ping from client in `fc00:4::/64`:
Code Select
λ ~/ ping -6 google.com
PING google.com(fra24s05-in-x0e.1e100.net (2a00:1450:4001:828::200e)) 56 data bytes
From router.dorm (fc00:4::1) icmp_seq=1 Destination unreachable: No route
From router.dorm (fc00:4::1) icmp_seq=2 Destination unreachable: No route
From router.dorm (fc00:4::1) icmp_seq=3 Destination unreachable: No route
...

ping from the OPNsense router:
Code Select
root@router:~ # ping -v -6 google.com
PING6(56=40+8+8 bytes) fd42:42:42::4 --> 2a00:1450:4001:828::200e
ping: sendmsg: Capabilities insufficient
ping6: wrote google.com 16 chars, ret=-1
64 bytes from fd42:42:42::4: No Route to Destination
Vr TC  Flow Plen Nxt Hlim
6 00 00000 0010  3a   40
fd42:42:42::4->2a00:1450:4001:828::200e
ICMP6: type = 128, code = 0

for completeness:
Code Select
root@router:~ # ping -v -6 fd42:42:42::1
PING6(56=40+8+8 bytes) fd42:42:42::4 --> fd42:42:42::1
16 bytes from fd42:42:42::1, icmp_seq=0 hlim=64 dst=fd42:42:42::4%9 time=10.504 ms

λ ~/ ping -6 fd42:42:42::1
PING fd42:42:42::1(fd42:42:42::1) 56 data bytes
64 bytes from fd42:42:42::1: icmp_seq=1 ttl=63 time=10.8 ms


I am a bit at a loss, based on my testing it has to be the router not routing. But how does that make sense, the gateway is set. Would really appreciate any ideas/insights on what I could have missed here. Thanks in advance :)

Best regards
Hannes

EDIT: My WireGuard endpoint config didn't have `::/0` in allowed IPs, adding that solved it.
Print
Go Up Pages1
User actions