Cannot route IPv6

Started by LeftyJohnson, May 26, 2023, 08:57:36 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 26, 2023, 08:57:36 PM
Pretty simple setup but after changing ISP I cannot route IPv6 anymore. I have tried various combinations of IPv6 settings without much success. I am much more familiar with IPv4 networking than IPv6 though.

I am getting delegated 2606:83c0:1001:2500::/56 from the ISP so I used the first /64 to setup DHCPv6. All of my devices are on one flat network and they can communicate with each other via IPv6. I have a firewall rule to allow any outbound IPv6 traffic. Ping6 from the router is successful, but if I try to reach the same address from inside the network it fails.


WAN IPv6 info:
QuoteIPv6 link-local   fe80::7e2b:e1ff:fe13:c611/64
IPv6 address   2606:83c0:1c00::cb/128
IPv6 delegated prefix   2606:83c0:1001:2500::/56
IPv6 gateway   auto-detected: fe80::10ff

Route info:
Quoteipv4   default   162.81.16.1   UGS   NaN   1500   igc1   wan
ipv6   default   fe80::10ff%igc1   UG   NaN   1500   igc1   wan
ipv6   2606:83c0:1001:2500::/56   ::1   UGSB   NaN   16384   lo0   Loopback
ipv6   2606:83c0:1001:2500::1   link#1   UHS   NaN   16384   lo0   Loopback


OPNsense 23.1.8    Intel(R) Celeron(R) N5105    16126 MB RAM
May 26, 2023, 09:05:04 PM #1
Are you allowing ICMP6 inbound?
May 26, 2023, 09:18:04 PM #2
I have the automatically generated rules.

QuoteProtocol   Source   Port   Destination   Port   Gateway   Schedule      Description       
     IPv6 IPV6-ICMP   *   *   *   *   *   *   *   IPv6 RFC4890 requirements (ICMP)   
     IPv6 IPV6-ICMP   (self)   *   fe80::/10,ff02::/16   *   *   *   *   IPv6 RFC4890 requirements (ICMP)   
     IPv6 IPV6-ICMP   fe80::/10   *   fe80::/10,ff02::/16   *   *   *   *   IPv6 RFC4890 requirements (ICMP)   
     IPv6 IPV6-ICMP   ff02::/16   *   fe80::/10   *   *   *   *   IPv6 RFC4890 requirements (ICMP)   
     IPv6 IPV6-ICMP   ::   *   ff02::/16   *   *   *   *   IPv6 RFC4890 requirements (ICMP)
May 26, 2023, 09:21:35 PM #3
Add an explicit ICMP6 any any to floating rules. I needed that to get delegation to work properly.
May 26, 2023, 09:51:14 PM #4
I tried each of these floating rules to allow any type of IPV6-ICMP in on the WAN interface to no avail.

QuoteProtocol   Source   Port   Destination   Port   Gateway   Schedule                 
        IPv6 IPV6-ICMP   ! LAN net   *   LAN net   *   *   *   1         
        IPv6 IPV6-ICMP   ! LAN net   *   WAN address   *   *   *   1
        IPv6 IPV6-ICMP   *   *   *   *   *   *   1
May 28, 2023, 01:12:55 AM #5
Turns out I had misclicked the Prefix Delegation size under DHCPv6 client configuration for the WAN interface.

I set it to match the actual /56 delegation size and changed the IPv6 Configuration Type on the LAN interface back to Track Interface and IPv6 routing is working again.
June 02, 2023, 01:35:40 PM #6
i have a similar issue, but i got the /56 static and so i cant activate track interface,
June 02, 2023, 02:25:33 PM #7
Just pick a single /64 for LAN then? The hardest part about static IPv6 setup is getting the ISP gateway address right...


Cheers,
Franco
Print
Go Up Pages1
User actions