No IPv6 address is received from ISP

Started by eitch, November 25, 2024, 12:06:05 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
November 27, 2024, 11:18:47 AM #15
I was under the impression an intrusion detection on WAN makes the most sense. I guess i am wrong here? Shouldn't packets be blocked as early as possible? But sure, LAN also sends packets which can be defined as bad and thus need to be blocked.
November 28, 2024, 08:54:55 AM #16
I´m facing the same problem. I was running IPv6 for over one year with any problem. Yesterday, after a reboot (without any config change, last update was a week ago without any reboot), IPv6 is not working anymore. My CheckMK is read on IPv6-Checks. After reboot IPv6 is working for some minutes and then it´s not working anymore.

Fun fact: I don´t have suricata activated. In which log did you find the problem?

I see IPv6 is assigned on the interfaces correctly. Even on my clients, I see the correct IPv6, but it doesn´t get through. Browsing wieistmeineip.de only gives me back my IPv4.

Any idea what it could be?
November 28, 2024, 09:35:37 AM #17
Oh my... well i don't know what i should say... All my ideas on what could be the issue were negated in the end. Perhaps you can view the diffs/changes of your configs and find something that did change? Are you using a different ISP? I think i also once had the wrong prefix configured, which certainly also caused issues.
November 28, 2024, 09:46:48 AM #18 Last Edit: November 28, 2024, 09:48:40 AM by Monviech (Cedrik)
To link the issues together:

https://github.com/opnsense/core/issues/8091
https://github.com/opnsense/core/issues/8091#issuecomment-2500992558


Regarding running suricata on WAN, that is not best practice.

If there is a NAT happening, Suricata is better suited on interfaces after the NAT.
Hardware:
DEC740
November 28, 2024, 10:05:37 AM #19
Ok, thanks for the information. I've put suricata on the LAN and VLAN interfaces
November 28, 2024, 11:14:36 AM #20
And don't forget to adjust HOME_NET in advanced Suricata settings if you have a different "privat" range.


Cheers,
Franco
November 28, 2024, 11:50:07 AM #21
Hey,

I only use one ISP and have the issue, even if suricata is not enabled:

November 28, 2024, 12:57:21 PM #22
Quote from: franco on November 28, 2024, 11:14:36 AM
And don't forget to adjust HOME_NET in advanced Suricata settings if you have a different "privat" range.

Right, but what about IPv6?
November 29, 2024, 09:22:35 AM #23
Even if suricata is not enabled on my firewall, I had to change the interface from WAN to something different and after a reboot the problem went away and IPv6 is working. This is strage behaviour, because when a plugin is not activated it should not pay attention to its settings.
November 29, 2024, 09:40:05 AM #24
Quote from: eitch on November 28, 2024, 12:57:21 PM
Quote from: franco on November 28, 2024, 11:14:36 AM
And don't forget to adjust HOME_NET in advanced Suricata settings if you have a different "privat" range.

Right, but what about IPv6?

Good question. As far as I know HOME_NET only has IPv4 default ranges and I don't know how IPv6 is supposed to be handled here.


Cheers,
Franco
November 29, 2024, 09:41:20 AM #25
Quote from: groove21 on November 29, 2024, 09:22:35 AM
Even if suricata is not enabled on my firewall, I had to change the interface from WAN to something different and after a reboot the problem went away and IPv6 is working. This is strage behaviour, because when a plugin is not activated it should not pay attention to its settings.

I think to start with you should not be cross-posting issues that you already know are not relevant here because when the service isn't used it can't be the same problem?


Cheers,
Franco
November 29, 2024, 10:27:23 AM #26
I think "Home networks" is only important if there is some sort of NAT involved.

E.g., if you would do NAT66 from GUA to ULA, you would put your ULAs there too. But for GUAs its not important since nothing gets translated.
Hardware:
DEC740
November 29, 2024, 01:17:22 PM #27
Quote from: Monviech (Cedrik) on November 28, 2024, 09:46:48 AM
Regarding running suricata on WAN, that is not best practice.

If there is a NAT happening, Suricata is better suited on interfaces after the NAT.

While I get that running Suricata on WAN is not best practice, how is it supposed to find any intrusions happening on the firewall itself? In that case, there would only be traffic directed outside. On the other interfaces, suricata could only see malicious internal agents.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
November 29, 2024, 01:18:34 PM #28
I wonder the exact same thing
November 29, 2024, 02:04:37 PM #29
This begs the question how such an intrusion would look like. Since the suricata ruleset is open source, the ruleset can be avoided by bad actors because they are not dumb either.

If you get targeted by more than bots you need other mechanisms like syslogs and you have to spend time to look at the evaluation of these logs each day.

Its not like turning on IDS/IPS is a switch on and forget thing. Its just a filter with very big holes to sift out some more common attacks. But not any targeted attacks that want to actually harm you and have effort and money involved.
Hardware:
DEC740
Print
Go Up Pages 1 2 3
User actions