[SOLVED] ipv6 through second router

[marjohn56]

I am trying and failing to get Ipv6 to work through a second router getting a prefix delegation from the primary router.

Let me explain. My primary router has static IPv6 on the WAN and LAN, my ISP gives me a /48 prefix. I delegate /64 prefixes to any router attached to the LAN. Second router gets its prefix all well and good.

Now, any devices attached to the secondary router cannot ping any v6 address on the WAN. I can see the packets going out of the primary router, but the responses appear not to be routed back to the secondary router.

Now, I had this working on pf****, and I am pretty sure I needed to add a route for the delegated prefix manually, however I cannot see a way in the GUI to do this.

Do I need to add a route from the shell or am I losing the plot?

Note:

I was not losing the plot, I've added the route manually and all working. Can I thank myself? :)

For those who may wish to do the same at some time:

route -6 add -net 2xxx:8xxx:6xxx:1::/64 2xxx:8xxx:6xxx:0:eeee:e98b:fc2:d2e9

or

route -6 add -net prefix_range/mask Second_router_WAN_IP

[bartjsmit]

Are you running radvd on both routers? This stuff is meant to be done automagically on IPv6

Bart...

[marjohn56]

Yes..

However it's the route back to the second router that's set manually, all outbound works. The only way I can ever make this type of setup work is by adding a manual route.

[franco]

There may be some bug still hiding in here that was subsequently fixed elsewhere:

https://github.com/opnsense/core/blob/master/src/sbin/prefixes.php

I know there was / is a ticket or a forum post, but I can't find it at the moment.


Cheers,
Franco

[marjohn56]

Thanks Franco, that's a pointer for me to try and trace it.

Which leads us neatly to another question. I'll raise a separate topic on it.

[marjohn56]

There may be some bug still hiding in here that was subsequently fixed elsewhere:

https://github.com/opnsense/core/blob/master/src/sbin/prefixes.php

I know there was / is a ticket or a forum post, but I can't find it at the moment.


Cheers,
Franco

Had a look, nice script but it doesn't appear to do anything. :)

There's an echo for showing a route change, no route add and no exec command or am I being a muppet?

[marjohn56]

Github PR #2077 makes it work.

[nivek1612]

That patch makes the ipv6 route work as well

Wow great patch who wrote it :-)

[marjohn56]

My patch was a hack to prove the issue.

Franco did the proper  permanent fix.

[franco]

The full fix was in https://github.com/opnsense/core/commit/3914236ce for 18.1-RC2 and should also work on 17.7.11. :)

It was sensible to move that code to priv-sep execution. Very nice find overall. Thanks again!


Franco

[marjohn56]

Indeed. :)

How can I move my test unit from RC to dev?

I think there's a bug in my dhcp6 PR and I need to go back to that and test some more.

Is it just the opnsense-update etc?

[franco]

If you have a proper RC, it's now possible from System: Firmware: Settings, release type development and check for updates + update. Although that will only give you the packaged version, like 18.1.r_15, not the latest git changes.

From the console it's still

# opnsense-update -t opnsense-devel

But that's considered "porcelain command" now, the GUI will try to stick to what you configured it to do.

FWIW, the stable RC and development do not differ a lot at this moment, so testing on either type should be similar.


Cheers,
Franco

[marjohn56]

Oops ... Already did it. :)

[nivek1612]

The full fix was in https://github.com/opnsense/core/commit/3914236ce for 18.1-RC2 and should also work on 17.7.11. :)

It was sensible to move that code to priv-sep execution. Very nice find overall. Thanks again!


Franco

Perfect, was bugging me having an extra gateway defined to allow me to test the 18.1. Its been rock solid though (bar a users error  :-[) so i may flip my SSD out of my prod router later (just in case) and do a clean install of a new SDD of 18.1r and go live in prod