ipv6 LAN no connectivity

Started by mebert, October 16, 2025, 12:14:01 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 16, 2025, 12:14:01 AM
I am running OPNsense 25.1.12 and trying to get ipv6 working. I am unable to ping my router (or anything else) from machines on the local network.

Setup and information:
WAN set to DHCPv6. LAN set to Track Interface with parent interface WAN.
router can ping -6 google.com successfully.

Router has LAN ip of 2604:5500:7032:1234:2e0:67ff:fe2c:69a5/56
Local machine has IP of 2604:5500:7032:1234::1986

packet capture of LAN interface shows packets from local machine: Neighbor Solicitation for 2604:5500:7032:1234:2e0:67ff:fe2c:69a5
so i dont think its a firewall issue

any idea why ipv6 isn't working on my LAN? how can i troubleshoot this?

October 16, 2025, 12:19:35 AM #1
Quote from: mebert on October 16, 2025, 12:14:01 AMRouter has LAN ip of 2604:5500:7032:1234:2e0:67ff:fe2c:69a5/56

That's wrong - all broadcast interfaces are /64 in IPv6. You get a /56 from your ISP for up to 256 VLANs or other networks, not for a single interface.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 16, 2025, 01:19:56 AM #2 Last Edit: October 16, 2025, 01:36:23 AM by mebert
I see that in interfaces>overview, under the "IPv6" column, WAN has a value of
2604:5500:7032:0:2e0:67ff:fe2c:69a4/64
2604:5500:7032::7a1/128
fe80::2e0:67ff:fe2c:69a4/64

 and LAN has a value of
2604:5500:7032:1234:2e0:67ff:fe2c:69a5/56
fe80::2e0:67ff:fe2c:69a5/64

is the issue the 64-56 mismatch between WAN and LAN?
October 16, 2025, 01:34:51 AM #3
quote is not edit
October 16, 2025, 01:45:50 AM #4
Oh. 2604:5500:7032:0:2e0:67ff:fe2c:69a4/64
is NOT 2604:5500:7032:1234::/64 so everything with 604:5500:7032:1234 prefix isnt being routed correctly.

October 16, 2025, 08:42:22 AM #5 Last Edit: October 16, 2025, 08:44:16 AM by meyergru
That should not be the problem.

First, Patrick is right: Any local IPv6 subnet should be /64 in order for SLAAC to work.

Second, the prefixes are different in your case, because of the use of IA_NA for the WAN IPv6 (which is a /128), but IA_PD, which is a /56 prefix that must be split up into several /64 addresses for each (V)LAN.

You can also check "Request prefix only" on your WAN and omit IA_NA for the WAN to use one of the IA_PD prefixes as well. In that case, WAN and LAN both use a /64 IPv6 within the same /56 prefix.

Where everything gets routed is determined by your IPv6 gateway, which should be provided by the ISP. Both variants should work, but I prefer the latter.

I refer you to look at this to better understand this.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
October 17, 2025, 09:40:58 AM #6
Thank you for linking that guide. The addresses shown in the web UI aren't very clear on what they are :/.

I did a packet capture and found that ISP was giving me a /56 during DHCPv6.
changed my WAN DHCPv6 settings to:
 Prefix delegation size: 56
request prefix only: off
send prefix hint: on
optional prefix id: blank
optional interface id: blank

And followed the guide for router advertisements setup.
After restarting my local system, SLAAC worked and I could ping internally and externally.

Print
Go Up Pages1
User actions