17.7 Refuses to Update Through Web Interface (But Slowly Updates from Console)

[nivek1612]

I switched from pfSense without issues as did other members of team rebellion

Maybe if you share your dhcp6 lan settings here someone will be spot a config error for you

[rajl]

I switched from pfSense without issues as did other members of team rebellion

Maybe if you share your dhcp6 lan settings here someone will be spot a config error for you

"Team Rebellion" -- I like that, and it's part of the reason for my trialing of OPNSense.  However, it's been quite the learning experience.  Some things are much better than PFSense, but other areas definitely lack feature parity.

I'm going to dig into it some more when I have the time.  As I recall, my ISP in particular has issues with IPv6 not playing nice with PFSense and I was one of the few that got it to work.  But I wasn't sure how.  So this may not even be OPNSense's fault (although I think it is as the WAN is being assigned a valid IPV6 address from the /64 subnet assigned to me).

For this issue, I think my best bet will be to compare my PFSense config to my OPNSense config and see what's missing (if anything).  If I can't figure it out, I will post a more specific post to the community for help.

[rajl]

Ok, the problem remains and, upon further investigation, I don't think it's my fault.

I can confirm that IPv6 works on my WAN interface as it is assigned a valid IPv6 address of 2600:1700:fc0:8640:xxxx:xxxx:xxxx:xxxx.  When I do an IPv6 Ping to the sites like Google, the ping test succeeds.  When I try to update firmware from the web interface and I have the option "prefer IPv4 over IPv6" enabled, the system works.  However, when I do not have this option checked, updates from the web interface fail even though I have a working IPv6 on my WAN. 

What am I doing wrong?

[franco]

So will

# pkg update -f

stall for you?


Cheers,
Franco

[rajl]

So will

# pkg update -f

stall for you?


Cheers,
Franco

Nope.  That works just fine. 

[franco]

Hmm, that would easily conclude there is nothing wrong with your install.

Help me understand where lies the problem in your IPv6 experience instead. I must be missing something.


Thanks,
Franco

[rajl]

I'm definitely having IPv6 problems on the LAN side of my firewall.  But that I would suspect is a different issue from this.

My network is configured like this:

ONT -> ISP Gateway -> OPNSense Router -> LAN

The ONT is optical network terminal where the fiber terminates and is converted to an ethernet cable.

The ISP Gateway is one of those "all-in-one" modem/router boxes that they force upon you.  Unfortunately, it does not support bridge mode, but only provides for a pseudo-bridge called "IP-Passthrough" where the public WAN of the Gateway is assigned to your router.  The gateway then runs a NAT table that passes almost all traffic received on the public IP to your router.  What is not passed is unclear.  The ISP currently offers a native IPv6 implementation, which assigns each customer a /64 block.  When in IP-Passthrough mode, the /64 block is assigned to the OPNSense router to do with as it pleases.

For the WAN interface, I can demonstrate that (1) a publicly routable IPv6 address is assigned and (2) that I can ping the public internet (e.g., ping6 www.google.com) using IPv6.  Further, some LAN clients are able to use IPv6 just fine, but others can't use it at all. 

I also have not changed any of the options on my interface related to IPv6.  I have DHCPv6 as my configuration type, I have 64 as my prefix delegation size, and all other fields are empty.

Any of that information help?