[SOLVED]: IPv6 connectivity issue with DHCPv6, OPNsense 25.7.10

Started by hfvk, December 19, 2025, 07:12:08 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 19, 2025, 07:12:08 PM Last Edit: December 19, 2025, 09:05:54 PM by hfvk
Hi! I'm having the following issue with IPv6.

My OPNsense box is acting as firewall and router between WAN/LAN with the following setup:
Code Select

TOPOLOGY
Internet -- WAN|opnsense|LAN -- LAN network

WAN igb0 IPv4 DHCP
WAN igb0 IPv6 DHCPv6

LAN em0 IPv4 static KEA DHCP serving the IPv4 LAN network (192.168.xx.yy/24)
LAN em0 IPv6 Track interface ISC DHCPv6 running on the interface

OPNsense addresses:
WAN ipv6 address is zzz/128
LAN ipv6 address is yyy/56

Router advertisement daemon enabled
pf enabled for both IPv4 and IPv6


Problems and steps to reproduce:
1. When I reboot the OPNsense box, WAN and LAN interfaces get the IPv4 and IPv6 addresses. Also, client in the LAN network get their IPv4 and IPv6 addresses correctly.
2. OPNsense box has both IPv4 and IPv6 connectivity to the internet. However, LAN clients can connect only using IPv4 trough the OPNsense box. IPv6 to the internet does not work.
3. When I disable IPv6 for LAN and immediately enable it back to "Track interface", LAN clients can connect to the internet using both IPv4 and IPv6 through the OPNsense box.
4. Both IPv4 and IPv6 connections remain stable until next time I reboot the system.

Restarting DHCP servers or router advertisement daemon doesn't help. So far the only way to get the IPv6 connectivity seems to be temporarily disabling IPv6 and then enabling it again.

Would anybody have any idea what might be wrong with my setup? What additional information you would need to help narrowing down the issue?

I started testing IPv6 with OPNsense 25.7.9 which was also the first time I observed the issue.

Now I am running OPNsense 25.7.10-amd64 and the issue is the same.
December 19, 2025, 07:33:54 PM #1
Quote from: hfvk on December 19, 2025, 07:12:08 PMProblems and steps to reproduce:
1. When I reboot the OPNsense box, WAN and LAN interfaces get the IPv4 and IPv6 addresses. Also, client in the LAN network get their IPv4 and IPv6 addresses correctly.
2. OPNsense box has both IPv4 and IPv6 connectivity to the internet. However, LAN clients can connect only using IPv4 trough the OPNsense box. IPv6 to the internet does not work.
3. When I disable IPv6 for LAN and immediately enable it back to "Track interface", LAN clients can connect to the internet using both IPv4 and IPv6 through the OPNsense box.
4. Both IPv4 and IPv6 connections remain stable until next time I reboot the system.

Just realized that I had a typo. Here are the correct steps to reproduce:
Problems and steps to reproduce:
1. When I reboot the OPNsense box, WAN and LAN interfaces get the IPv4 and IPv6 addresses. Also, client in the LAN network get their IPv4 and IPv6 addresses correctly.
2. OPNsense box has both IPv4 and IPv6 connectivity to the internet. However, LAN clients can connect only using IPv4 trough the OPNsense box. IPv6 to the internet does not work.
3. When I disable IPv6 for LAN WAN and immediately enable it back to "Track interface" DHCPv6, LAN clients can connect to the internet using both IPv4 and IPv6 through the OPNsense box.
4. Both IPv4 and IPv6 connections remain stable until next time I reboot the system.
December 19, 2025, 07:40:45 PM #2
Quote from: hfvk on December 19, 2025, 07:12:08 PMWAN ipv6 address is zzz/128
LAN ipv6 address is yyy/56
LAN should be a /64. If it's showing /56, the prefix delegation size probably isn't configured correctly (Interfaces / WAN / DHCPv6 client configuration). This needs to be set to the prefix length actually delegated by your ISP.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
December 19, 2025, 08:52:06 PM #3
Quote from: Maurice on December 19, 2025, 07:40:45 PM
Quote from: hfvk on December 19, 2025, 07:12:08 PMWAN ipv6 address is zzz/128
LAN ipv6 address is yyy/56
LAN should be a /64. If it's showing /56, the prefix delegation size probably isn't configured correctly (Interfaces / WAN / DHCPv6 client configuration). This needs to be set to the prefix length actually delegated by your ISP.

Cheers
Maurice

Thanks for the hint. I checked that Interfaces / WAN / DHCPv6 client configuration has 64 as prefix delegation size.
December 19, 2025, 09:07:23 PM #4
I changed Interfaces / WAN / DHCPv6 client configuration prefix delegation size from 64 to 56 and now I got:
WAN ipv6 address zzz/128
LAN ipv6 address yyy/64

Also, the IPv6 connections are working after reboot without any manual work. Thanks!
Print
Go Up Pages1
User actions