[SOLVED]: IPv6 connectivity issue with DHCPv6, OPNsense 25.7.10

[hfvk]

Hi! I'm having the following issue with IPv6.

My OPNsense box is acting as firewall and router between WAN/LAN with the following setup:

Code Select Expand


TOPOLOGY
Internet -- WAN|opnsense|LAN -- LAN network

WAN igb0 IPv4 DHCP
WAN igb0 IPv6 DHCPv6

LAN em0 IPv4 static KEA DHCP serving the IPv4 LAN network (192.168.xx.yy/24)
LAN em0 IPv6 Track interface ISC DHCPv6 running on the interface

OPNsense addresses:
WAN ipv6 address is zzz/128
LAN ipv6 address is yyy/56

Router advertisement daemon enabled
pf enabled for both IPv4 and IPv6


Problems and steps to reproduce:
1. When I reboot the OPNsense box, WAN and LAN interfaces get the IPv4 and IPv6 addresses. Also, client in the LAN network get their IPv4 and IPv6 addresses correctly.
2. OPNsense box has both IPv4 and IPv6 connectivity to the internet. However, LAN clients can connect only using IPv4 trough the OPNsense box. IPv6 to the internet does not work.
3. When I disable IPv6 for LAN and immediately enable it back to "Track interface", LAN clients can connect to the internet using both IPv4 and IPv6 through the OPNsense box.
4. Both IPv4 and IPv6 connections remain stable until next time I reboot the system.

Restarting DHCP servers or router advertisement daemon doesn't help. So far the only way to get the IPv6 connectivity seems to be temporarily disabling IPv6 and then enabling it again.

Would anybody have any idea what might be wrong with my setup? What additional information you would need to help narrowing down the issue?

I started testing IPv6 with OPNsense 25.7.9 which was also the first time I observed the issue.

Now I am running OPNsense 25.7.10-amd64 and the issue is the same.

[hfvk]

Problems and steps to reproduce:
1. When I reboot the OPNsense box, WAN and LAN interfaces get the IPv4 and IPv6 addresses. Also, client in the LAN network get their IPv4 and IPv6 addresses correctly.
2. OPNsense box has both IPv4 and IPv6 connectivity to the internet. However, LAN clients can connect only using IPv4 trough the OPNsense box. IPv6 to the internet does not work.
3. When I disable IPv6 for LAN and immediately enable it back to "Track interface", LAN clients can connect to the internet using both IPv4 and IPv6 through the OPNsense box.
4. Both IPv4 and IPv6 connections remain stable until next time I reboot the system.

Just realized that I had a typo. Here are the correct steps to reproduce:
Problems and steps to reproduce:
1. When I reboot the OPNsense box, WAN and LAN interfaces get the IPv4 and IPv6 addresses. Also, client in the LAN network get their IPv4 and IPv6 addresses correctly.
2. OPNsense box has both IPv4 and IPv6 connectivity to the internet. However, LAN clients can connect only using IPv4 trough the OPNsense box. IPv6 to the internet does not work.
3. When I disable IPv6 for LAN WAN and immediately enable it back to "Track interface" DHCPv6, LAN clients can connect to the internet using both IPv4 and IPv6 through the OPNsense box.
4. Both IPv4 and IPv6 connections remain stable until next time I reboot the system.

[Maurice]

WAN ipv6 address is zzz/128
LAN ipv6 address is yyy/56

LAN should be a /64. If it's showing /56, the prefix delegation size probably isn't configured correctly (Interfaces / WAN / DHCPv6 client configuration). This needs to be set to the prefix length actually delegated by your ISP.

Cheers
Maurice

[hfvk]

WAN ipv6 address is zzz/128
LAN ipv6 address is yyy/56

LAN should be a /64. If it's showing /56, the prefix delegation size probably isn't configured correctly (Interfaces / WAN / DHCPv6 client configuration). This needs to be set to the prefix length actually delegated by your ISP.

Cheers
Maurice

Thanks for the hint. I checked that Interfaces / WAN / DHCPv6 client configuration has 64 as prefix delegation size.

[hfvk]

I changed Interfaces / WAN / DHCPv6 client configuration prefix delegation size from 64 to 56 and now I got:
WAN ipv6 address zzz/128
LAN ipv6 address yyy/64

Also, the IPv6 connections are working after reboot without any manual work. Thanks!

[ischilling]

Before I updated to OPNsense 25.7.10 (amd64) everything worked perfect, right after the update and a reboot, the IPv6 problem on the WAN interface appeared on my system as well.. In short words, I get the fixed IPv4 but neither a fixed IPv6 nor my fixed IPv6 /56 network.

I've a fixed IPv6 /56 network and the following settings worked very well before the update, please find my settings in the attached screenshot.

Currently it looks as if the dhcp6c.conf which to my understanding is needed for dhcp6c service isn't existing:

auser@theFirewall:~ # ls -l /usr/local/etc/dhcp6c.conf
ls: /usr/local/etc/dhcp6c.conf: No such file or directory
auser@theFirewall:~ # service dhcp6c onestart
/usr/local/etc/rc.d/dhcp6c: WARNING: /usr/local/etc/dhcp6c.conf is not readable.
/usr/local/etc/rc.d/dhcp6c: WARNING: failed precmd routine for dhcp6c
auser@theFirewall:~ # ps aux | grep dhcp6c
root      824  0.0  0.0  13744    2404  0  S+  00:54    0:00.00 grep dhcp6c
auser@theFirewall:~ # opnsense-version
OPNsense 25.7.10 (amd64)
auser@theFirewall:~ # ls -l /usr/local/opnsense/service/conf/actions.d | grep dhcp
-rw-r--r--  1 root wheel 1052 Dec 18 14:13 actions_dhcpd.conf
-rw-r--r--  1 root wheel 1090 Dec 18 14:13 actions_dhcpd6.conf

As said - everything worked perfect before the update.

[Maurice]

Off topic. This thread was about an incorrect configuration which never worked.

OPNsense is not vanilla FreeBSD. The dhcp6c config is in /var/etc and services are (re)started via the GUI or configctl.

[ischilling]

Before I updated to OPNsense 25.7.10 (amd64) everything worked perfect, right after the update and a reboot, the IPv6 problem on the WAN interface appeared on my system as well.. In short words, I get the fixed IPv4 but neither a fixed IPv6 nor my fixed IPv6 /56 network.

I've a fixed IPv6 /56 network and the following settings worked very well before the update, please find my settings in the attached screenshot.

Currently it looks as if the dhcp6c.conf which to my understanding is needed for dhcp6c service isn't existing:

auser@theFirewall:~ # ls -l /usr/local/etc/dhcp6c.conf
ls: /usr/local/etc/dhcp6c.conf: No such file or directory
auser@theFirewall:~ # service dhcp6c onestart
/usr/local/etc/rc.d/dhcp6c: WARNING: /usr/local/etc/dhcp6c.conf is not readable.
/usr/local/etc/rc.d/dhcp6c: WARNING: failed precmd routine for dhcp6c
auser@theFirewall:~ # ps aux | grep dhcp6c
root      824  0.0  0.0  13744    2404  0  S+  00:54    0:00.00 grep dhcp6c
auser@theFirewall:~ # opnsense-version
OPNsense 25.7.10 (amd64)
auser@theFirewall:~ # ls -l /usr/local/opnsense/service/conf/actions.d | grep dhcp
-rw-r--r--  1 root wheel 1052 Dec 18 14:13 actions_dhcpd.conf
-rw-r--r--  1 root wheel 1090 Dec 18 14:13 actions_dhcpd6.conf

As said - everything worked perfect before the update.

I now installed OPNsense 25.7-amd64 - with NO patch.

Everything works smooth - which from my point of view indicates that something is wrong with the current OPNsense 25.7.10 (amd64) update.

Interestingly - when using a configuration backup I made with OPNsense 25.7.10 (amd64) in OPNsense 25.7-amd64 - the IPv6 issue reappears....

Note:

• igb0 is the WAN interface on my system
• the following is a fresh install - no further settings, except for correct settings for IPv6 on the WAN interface and track interface (0) on the LAN interface
• no Packages are installed in addition

ifconfig igb0 results in on OPNsense 25.7-amd64 (before the update)

Code Select Expand

igb0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: WAN (wan)
        options=4e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether 01:23:45:67:89:00
        inet 000.000.000.000 netmask 0xfffffffc broadcast 000.000.000.000
        inet6 fe80::a236:9fff:fea0:7d54%igb0 prefixlen 64 scopeid 0x3
        inet6 2a02:8109:8000:6a::144b prefixlen 128 pltime 86400 vltime 86400
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

ibg0 is configured (right after the update) to OPNsense 25.7.10 (amd64)

Code Select Expand

igb0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: WAN (wan)
        options=4e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether 01:23:45:67:89:00
        inet 000.000.000.000 netmask 0xfffffffc broadcast 000.000.000.000
        inet6 fe80::0000:0000:0000:0000%igb0 prefixlen 64 scopeid 0x3
        inet6 2a02:0000:0000:00::144b prefixlen 128 pltime 86400 vltime 86400
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

And without further configuration everything is fine and works.

However, as soon as I restore the full configuration from a backup before the update, a well working configuration though, the following happens:

Code Select Expand

igb0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: ZONE0_0_WAN_KD (wan)
        options=48520b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,HWSTATS,MEXTPG>
        ether 01:23:45:67:89:00
        inet 000.000.000.000 netmask 0xfffffffc broadcast 90.187.76.171
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,[b]IFDISABLED[/b],AUTO_LINKLOCAL>

As yo ucan see the IPv6 part of WAN is disabled - with a before well working configuration setting....

Checking the packages (which have been used with this configuration) I had to resolve the missing ones - which I did and I rebooted the system, just in case.

Code Select Expand

igb0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: ZONE0_0_WAN_KD (wan)
        options=48520b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,HWSTATS,MEXTPG>
        ether 01:23:45:67:89:00
        inet 000.000.000.000 netmask 0xfffffffc broadcast 000.000.000.000
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,[b]IFDISABLED[/b],AUTO_LINKLOCAL>

So it seems, one of the installed packages on my system is in combination with OPNsense 25.7.10-amd64, the problem.

I'll update this here as soon as I found out which...

[Patrick M. Hausen]

@ischilling please open a new thread about your problem which has nothing in common with the solved one the OP head. Apart from the fact that the word "IPv6" appears in both.