IPv6 Tunnel Broker ???

Started by dipol0, October 06, 2023, 12:17:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 06, 2023, 12:17:23 PM
Hi all.
I set it up according to the manuals:

1. https://wiki.opnsense.org/manual/how-tos/ipv6_tunnelbroker.html
2. https://docs.netgate.com/pfsense/en/latest/recipes/ipv6-tunnel-broker.html

Versions OPNsense 23.7.5-amd64
FreeBSD 13.2-RELEASE-p3

Connection to ISP via PPPoE. Pings from outside are enabled.

Q: On the LAN, clients do not receive ipv6. Where to dig?

The tunnel itself seems to rise, and from the machine where the OPNSense is installed, Google pings via ipv6:
[/url ]

Filewall rules for:
Firewall->Rules->TunnelBroker
[url=https://postimg.cc/w18k3q5r]
Firewall->Rules->LAN

Firewall->Rules->WAN


RA Settings:


DHCPv6:


Gateways:


Info page IF - tunnel broker:
October 06, 2023, 10:27:50 PM #1
Your screenshots look similar to mine. I use Unmanaged (SLAAC only) instead of Assisted (SLAAC + DHCPv6) but that's a matter of preference and shouldn't make a difference.

When you say "clients do not receive ipv6", do you mean they don't get IPv6 addresses assigned? Double-check RADVD and DHCPDv6 services are running in System-Diagnostics-Services. Also, double-check client NIC configuration- is IPv6 enabled as a protocol?

Also- you did not share screenshot of LAN Interface Configuration/Overview. Make sure it is configured with and has a static IPv6 address in the /64 you need your clients to receive addresses in.

Hope that helps!
October 07, 2023, 12:56:42 AM #2 Last Edit: October 07, 2023, 02:09:52 AM by dipol0
Quote from: TrustedComputer on October 06, 2023, 10:27:50 PM
Your screenshots look similar to mine. I use Unmanaged (SLAAC only) instead of Assisted (SLAAC + DHCPv6) but that's a matter of preference and shouldn't make a difference.

When you say "clients do not receive ipv6", do you mean they don't get IPv6 addresses assigned? Double-check RADVD and DHCPDv6 services are running in System-Diagnostics-Services. Also, double-check client NIC configuration- is IPv6 enabled as a protocol?

Also- you did not share screenshot of LAN Interface Configuration/Overview. Make sure it is configured with and has a static IPv6 address in the /64 you need your clients to receive addresses in.

Hope that helps!

LAN - Interfaces


LAN - Overview


Services:


+ i set FW-rule for enable IPv6 ICMP ECHO on TunBrok IF and i can it (use external online services for ping)

When i configure GIF IF i use "Client IPv6 address" for ping:


Clients can get IPv6 (its supported and enbled). But cant obtain it from OPNSense.

Looks like firewall rules blocks or some like that. But i not profi )) If you can share yours Firewall rules need for TunBroker?

Tnx
October 08, 2023, 08:27:50 PM #3
Very strange. I really dont know whats happens.

in confs:
1
ISP -- WAN (pppoe)*OPNSense ---(DHCP) --- clients      dont dorking.

i try
2
ISP -- WAN (pppoe)*OPNSense MASTER --- (DHCP)---- WAN(DHC) OPNSense Slave --- clients
and it look worked

3.
control i install pfSense directly and it worked
ISP -- WAN (pppoe)*pfSense ---(DHCP) --- clients

but i not planing go to pfSense fully and cant have 2 machines with OPNsense. i plaing with MTUs for tunnel on opnsense but not/
Print
Go Up Pages1
User actions