Multi-WAN NPTv6 seems to be dropping incoming packets after 24.1->24.7 upgrade

[deadman]

I have a V6 Multi-WAN setup that was working fine on 24.1 but stopped working when I recently upgraded to 24.7.

Technically there is only one WAN, but I was running IPv6 via the HE.net tunnel before my ISP started supporting v6 using 6rd. To minimize any network address changes, I set up NPTv6 to translate HE.net prefixes to my ISP's and configure a gateway group prioritizing my ISP's connection.

Code: [Select]

WAN 6rd prefix: 2400:xxxx:xxxx:xxxx::/64
WAN HE.net prefix: 2001:yyyy:yyyy::/48

LAN prefix: 2001:yyyy:yyyy:zzzz::/64

NPTv6
Internal: 2001:yyyy:yyyy:zzzz::/64
External: 2400:xxxx:xxxx:xxxx::/64

After upgrading to 24.7, IPv6 works fine on OPNsense itself. I can ping both local and global IPv6 addresses no problem. Local machines can ping OPNsense and other local machines, but global addresses receive no reply.

I did a packet capture and I see the ping response reaching OPNsense via the WAN interface, but there is no response emitted from OPNsense (address translated or not) via LAN (or any interface for that matter).

Code: [Select]

E.g. Pinging 2606:4700:4700::1111

Ping:
Local Machine (2001:yyyy:yyyy:zzzz::4) --(LAN)--> OPNsense (2001:yyyy:yyyy:zzzz::1)
OPNsense (2400:xxxx:xxxx:xxxx::4) --(WAN)--> Target (2606:4700:4700::1111)

Reply:
Target (2606:4700:4700::1111) --(WAN)--> OPNsense (2400:xxxx:xxxx:xxxx::4)
(Nothing thereafter)

I thought it might be a firewall rule, but searching through the firewall logs, nothing is blocked. So the packet has just... disappeared?

Can anyone point to where I should look into to figure out where the packet is dropped?