Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
No IPv6 WAN GUA for igc0 on one site
« previous
next »
Print
Pages: [
1
]
Author
Topic: No IPv6 WAN GUA for igc0 on one site (Read 218 times)
Skreabengt
Newbie
Posts: 16
Karma: 1
No IPv6 WAN GUA for igc0 on one site
«
on:
November 16, 2024, 11:07:38 am »
I have 3 OPNsense routers on different sites where 2 out of 3 get a WAN IPv6 address on igc0. All three are on dual stack with native IPv6 and all are having a working prefix delegation and internet access.
One router is missing WAN IPv6 address on igc0. The router with the missing WAN IPv6 share the same ISP as one of the routers that has a WAN IPv6 address on igc0, but they are in different WAN network/regions.
I can't find any differences in the interface settings for IPv6 on the OPNsense routers that should prevent igc0 on one of them from having a WAN IPv6. The one with missing GUA was previously on HE tunnelbroker, but is since some months native IPv6. We also recently swapped ISP, but the problem prevail with both ISP's.
I suppose the relay agents on internet transfer the Advertise and Confirm messages with the leases relatively untampered from the ISP's DHCPv6-server to the DHCPv6-client in the OPNsense router? So losing WAN IPv6 in transfer doesn't make sense, right?
I have been in contact with the ISP several times, and they can't find any differences between the DHCPv6 settings for the two sites where I am using them that should prevent a WAN IPv6 on one of the sites.
The problematic site has a manually configured link-local address on the gateway fe80::ff, whereas the two working routers have autoconfigured. All three have autoconfigured link-local addresses on igc0 above the GUA.
I don't know if the link-local address on the gateway could be important or if any residuals from the tunnelbroker settings, not shown in the OPNsense GUI could prevent a IPv6 address from attaching to igc0?
Any thoughts or ideas are appreciated!
Logged
dseven
Sr. Member
Posts: 315
Karma: 33
Re: No IPv6 WAN GUA for igc0 on one site
«
Reply #1 on:
November 16, 2024, 11:27:40 am »
The obvious thing to check here would be the "Request prefix only" option under "DHCPv6 client configuration" for your WAN interface. Assuming that's not selected, I'd probably be doing packet captures to see what your client is receiving......
Logged
Skreabengt
Newbie
Posts: 16
Karma: 1
Re: No IPv6 WAN GUA for igc0 on one site
«
Reply #2 on:
November 16, 2024, 11:34:53 am »
No it's not selected, "Request prefix only" is not ticked on any of the routers.
How can I do packet captures? Is it difficult to setup?
Logged
dseven
Sr. Member
Posts: 315
Karma: 33
Re: No IPv6 WAN GUA for igc0 on one site
«
Reply #3 on:
November 16, 2024, 11:55:38 am »
I'd just use tcpdump in a shell to write PCAP files, then scp those to my desktop to analyse with Wireshark.
BTW, your WAN GUAs may be from SLAAC rather than DHCPc6, so you may need to look at RA too...
Logged
Skreabengt
Newbie
Posts: 16
Karma: 1
Re: No IPv6 WAN GUA for igc0 on one site
«
Reply #4 on:
November 16, 2024, 12:22:08 pm »
Okey, thank you!
Now I have something that I can delve into. I have not done this before, it will likely take some time to figure out, but packet capture and Wireshark sounds very useful, and a must to learn.
Looking at the IPv6 WAN Address on the other working router from the same ISP, it definately looks DHCPv6 provided, so I doubt SLAAC.
Logged
Skreabengt
Newbie
Posts: 16
Karma: 1
Re: No IPv6 WAN GUA for igc0 on one site
«
Reply #5 on:
November 16, 2024, 01:08:53 pm »
It was actually quite simple to setup Packet Capture in OPNsense directly in Diagnostics under WAN Interfaces.
When I limit the capture to IPv6 on port 546 and UDP only, filtering out all except DHCPv6 communitation in one direction.
Then I can see that there is no message with IA_NA or IA_ADDR from the ISP's DHCPv6 server on the failing router and only IA_PD. There is two messages in row each 15 minutes. On the router with an IPv6 address on WAN, there is four messages each 15 minutes and both IA_NA, IA_ADDR and IA_PD. I'm not sure whether this is a two or four message conversation, but I believe it should be two for renew.
I think what I am seening is a renewing request and a reply, I can see that there is no request for IA_NA and IA_ADDR, so preliminary it points towards an error in the router.
I will swap to port 547 after a while and filter for outgoing messages from the DHCPv6 client instead, if that looks the same it will isolate the problem.
Logged
Skreabengt
Newbie
Posts: 16
Karma: 1
Re: No IPv6 WAN GUA for igc0 on one site
«
Reply #6 on:
November 16, 2024, 01:57:43 pm »
After a while I see a Solicit message to all All_DHCP_Relay_Agents_and_Servers ff02::1:2 requesting an IA-NA with option-request DNS-server DNS-search-list, which is replied by a server with the same MAC-address as replies from a server in messages on the other router.
The answer is "status-code NoAddrsAvail" so it is not the router, but pointing towards the DHCPv6 server at the ISP that for some reason doesn't hand out any IPv6 address to my WAN-interface.
Thanks a lot
dseven
for the help!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
No IPv6 WAN GUA for igc0 on one site