Help with IPv6

[Taomyn]

Moreover you seem not to have set a domain name in your general config.

If you mean under "System: Settings: General", then yes I do have my domain there, otherwise where do you mean?

[bringha]

Yes, this is what I meant - however, for what reasons ever, this setting did not find its way into your ipv6 config (radvd.conf).

Can you somehow check whether your ISP is really sending you a prefix or an IPv6 address only?

And still - your configuration contains values which are only accessible when using extended config options.

The line

Code Select Expand


id-assoc na 0 { };


indicates that you have used extended config options for your WAN interface (having ticked non temporary address assignment). You should consequently use Basic!

Perhaps it is best to start the entire ipv6 config once again from scratch

Br br

[Taomyn]

Yeah I probably used "Advanced" weeks ago, but since then I've never gone back to it having seen all the negative reports about it.

So how do I reset all the IPv6 settings? I did this through the GUI weeks ago when I first tried this out and found that enabling IPv6 with manual IPs for my LANs caused most of my local devices to stop working (because their IPv6 traffic was blocked). So I removed IPv6 from them and also from my WAN. If that's not clearing my settings then I'm not sure how else to do it.

[bringha]

I would simply try to copy your radvd.conf and your dhcp6c_wan.conf to a backup and empty the file and then reconfigure WAN interface and LAN interfaces again.

don't forget to save and then confirm the settings (this are 2 steps), WAN first and then the LANs. Check the config files afterwards again.

Then reboot.

If then again you don't have a prefix, then I would assume that your ISP is not sending one (or your modem config prevents ...)

Br br

[Taomyn]

Ok, well that will have to wait until the weekend now, if I have time as I have to work.


I'll see if I can contact my ISP again and hopefully get someone that understands these things.


Oh, and I don't use a modem - VLAN'd PPPoE connection to my fibre box, via an Ethernet cable.

[bringha]

Oh ..yesl - the fibre box needs to connect to your ISP provider - its then indeed a (fibre) cable modem  ;)

[Taomyn]

I've made some progress having looked at another thread here about IPv6 but I'm still a little stumped.


If I set the WAN to the following as per the other thread:

Code Select Expand



IPv6 Configuration Type: DHCPv6
Configuration Mode: Basic
Use IPv4 connectivity: yes
Request only a IPv6 prefix: yes
Directly send SOLICIT: yes
DHCPv6 Prefix Delegation size: 56
Send IPv6 prefix hint: yes



With this both my LAN interfaces get an IPv6 address, although I discovered that an ID of "0" does not work even though that's what the help-hint says, so I set them to "1" and "2".


However, the WAN no longer has an IPv6 address. Tweaking the WAN settings in any way I either end up with no IPv6 addresses, or just the WAN gets an IPv6 and neither LAN gets one. Even after waiting several minutes or rebooting the firewall.


I did see this in the system log when the WAN did not get an address:

Code Select Expand


May 6 14:38:26 opnsense: /usr/local/etc/rc.newwanipv6: rc.newwanipv6: Informational is starting pppoe0.
May 6 14:38:25 opnsense: /usr/local/etc/rc.newwanipv6: rc.newwanipv6: Failed to detect IPv6 for WAN[wan]
May 6 14:38:24 opnsense: /usr/local/etc/rc.newwanipv6: rc.newwanipv6: Informational is starting pppoe0.
May 6 14:38:23 opnsense: /usr/local/etc/rc.newwanipv6: rc.newwanipv6: Failed to detect IPv6 for WAN[wan]


So in the end, I currently have IPv6 addresses or the LAN interfaces but nothing on the WAN interface. Any idea how I can sort that out?

[djGrrr]

Code Select Expand


Request only a IPv6 prefix: yes


So in the end, I currently have IPv6 addresses or the LAN interfaces but nothing on the WAN interface. Any idea how I can sort that out?

If you want an IPv6 address on the WAN, then you must disable "Request only a IPv6 prefix" as the purpose of this option is to not request an address, only a prefix.

[Taomyn]

If you want an IPv6 address on the WAN, then you must disable "Request only a IPv6 prefix" as the purpose of this option is to not request an address, only a prefix.

This part:

Tweaking the WAN settings in any way I either end up with no IPv6 addresses, or just the WAN gets an IPv6 and neither LAN gets one.

[djGrrr]

Does the WAN even need an address? The delegated prefixes should be routed by your ISP via the link-local address on your WAN. Are you getting an IPv6 default gateway?

BTW, there are at least 16 different combinations of the basic options (assuming you know the correct prefix size from the ISP), are you sure you tried every combination?

[Taomyn]

Does the WAN even need an address? The delegated prefixes should be routed by your ISP via the link-local address on your WAN. Are you getting an IPv6 default gateway?

BTW, there are at least 16 different combinations of the basic options (assuming you know the correct prefix size from the ISP), are you sure you tried every combination?

How would I connect to VPN (or other service running on the firewall) via IPv6 if my WAN does not have an IP?


Yeah, cycled through all the combinations, for a few even tried different prefixes and none gave me an IP on both WAN and LANs

[djGrrr]

Do you remember which combination(s) gave you an address on the WAN but no delegated prefixes? I think that is where you'd need to start to figure out exactly how to get both address and prefix.

Also, who is your ISP?

[djGrrr]

I will also note that in my own testing, with OPNsense as the DHCPv6 server, and another OPNsense being the client, that the client seems to start completely ignoring the server responses after a few reconfigurations of WAN, even with settings that previously worked perfectly fine. So you may need to reboot after every reconfiguration if you truely want to test which configurations work and which don't.

I have been trying to narrow down why this happens but so far have not had any luck.

[franco]

So you may need to reboot after every reconfiguration if you truely want to test which configurations work and which don't.

It sounds funny but I've seen this too. First boot is perfect, afterwards reconfigure takes a up to a minute or it fails. Next reboot is perfect again.

What I've also seen is that although LAN is tracking, reloading LAN doesn't have any effect other than removing the IPv6, so you always want to reload WAN or better yet use the console option 11 to fully cycle the interface configuration.


Cheers,
Franco

[Taomyn]

This

Even after waiting several minutes or rebooting the firewall.