-
Notifications
You must be signed in to change notification settings - Fork 700
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Impossibility to use IPv6 since 23.X #6435
Comments
When I check the file
|
Alright, this is OK know for those two errors. EDIT : I still have the log
|
Also, when I go to
The only error I saw here is in sequence |
Okay, new step. |
Jumping in here, I also see these logs since the last update:
I have both ipv4 and ipv6 on WAN. IPv6 Configuration Type is set to [edit]
I still see
, but I do get a IPv6 address. Also, my DHCPv6 Server isn't starting, and clicking on the start in the Dashboard leads to the following log:
|
@Sieboldianus Is it possible for you to ping6 your firewall from outside in the same subnet ? |
@RomyxBaps I'm sorry what is this? A random static IPv6 address manually assigned?
@Sieboldianus cross-posting really doesn't help on topics "IPv6 is broken [no proper report attached]". As such this ticket will remain in community support state and I would recommend using the forum for such questions. Cheers, |
@fichtner It's a false ipv6, barrely it can be |
You can use XXX if you want but if you scrub it like you did it will make it appear it's working as intended (no connection). Ifconfig output matters, your configuration matters, "22.7 works but 23.1 doesn't" is the least effective way of asking for help. |
Which configuration file do i need to put ?
What is very weird, is when a save the configuration WAN, the IPv6 works but only for nearly 5minutes and after the connection is "lost" and only ipv4 works. |
Is this a static setup? /56 looks wrong and should be /64. Also, what is your router pointing to when it works vs. when it stops working?
|
Yes it's a static IP from a subnet i have. The command |
Can you dump a listing of your state files?
I suppose you do have a gateway set up for this and it's a GUA (hence why you need the /56). A link-local gateway would probably help. Cheers, |
Here is the output of the command :
Here is the result for
Thank you for helping me ! |
The GUA router is also prefixed with |
Yes, my gateway is like this :
How can i set the "link-local router" ? |
Since the setup is static it takes external knowledge to know which link-local address the router has on the WAN interface. Is that gateway under your control or from the ISP? Cheers, |
The gateway is under my control yes. |
Then you can look up the link-local IP on the gateway box with ifconfig on the interface attached to the OPNsense WAN on the other end. Typically, an alias is set there like Cheers, |
The link local on the machine that hold the IPv6 gateway ? Or on the OPNsense ?
The gateway is |
The link-local address from the gateway machine on the interface that is connected to the OPNsense. |
Oh hmm sorry i didn't understood wel. |
Perhaps you can ask them about link-local IP of 2001:XXXX:XXXX:bbff:ffff:ffff:ffff:ff7f gateway address. Honestly, I'm a little surprised a static setup stops working "dynamically". Something must be going on, but there was no indication that was the case on the OPNsense. We could be missing something of course, but I don't know what it could be. |
I'm at the same point, i did a lot of test but none works. |
I think it's more of a configuration issue. If the default gateway is missing but it's created as a gateway it should automatically use it (unless gateway monitoring thinks it's down and tries to switch away from it to a different gateway entry, perhaps an invalid one for a VPN). |
What is weird is i can ping6 from the firewall to outside of it. But when i try to do a ping on the same subnet from a different VM to the firewall, i have |
I can't be of much help with this extended debugging in community scope. The typical way to debug is to check wiring, IPv4 connectivity, packet capture for IPv6 on the ICMPv6 messages to see if they are coming in (and being replied to, perhaps wrong interface). Make sure you have the latest version and a clean reboot. Cheers, |
I have the latest version and i reboot multiple times. I will try to disable all the vpn (openvpn and wireguard) on it to force to answer on a single interface but it's weard that it's working 5 minutes and disconnect after. It make me think of this topic on the forum https://forum.opnsense.org/index.php?topic=32263.45. |
My IPv6 works again - after a complete reboot. The last update did not require/automatically reboot. Before rebooting, I observed a lot of state violation for DNS IPVs on LAN egress, which looked really strange and did not make sense:
Now, after reboot, these are gone and https://internet.nl/connection/ shows all green lights:
However, my general log is still spammed with these log entries:
On the weekend I will have more time for a proper debug and reporting. Looks like this community forum posts describes my issue: |
A faulty host gateway address is hardly a connectivity issue and without any sort of information what could be the source of the host address this is impossible to comment on. |
@Sieboldianus Regarding |
Ah, yes, that fixed it for me! Thank you so much! Strange - this behavior must have been introduced recently, because I neither remember seing this |
I’ve added a warning/error for this recently. Functionally this doesn’t matter. It always did the right thing. But thanks for the PR which aligns the call path correctly. Cheers, |
Hi, |
After 7 years of using IPv6 i got to the point where 23.3.5 update messed it and after spending two days debuging it, I am still not able to make it work correctly. In the process I was able to only make it worse. While the router itself gets IPv6 and can use it, that is no longer true for the LAN. I am using Zen Internet in UK for which we also happen to have our own documentation at https://docs.opnsense.org/manual/how-tos/IPv6_ZenUK.html but sadly naone of them seem to be working. The dynamic/simple one does not not enable LAN clients to get a proper IPv6 address and the static/advanced one does seem to make them get an IPv6 address but that one is not routed to WAN so no IPv6 internet. Update, after a decade of using opnsense, I created a stick with openwrt and booted from it just to see if the dhcp based network config it would work, my hopens being low. My surprise was that it got both ipv4/6 config from the FTTP converter and gave full IPv6 support to all devices from my LAN. I guess I might even install it on the ssd later but for now I will survive with it on memory, I don't really need logs. https://test-ipv6.com/ reports 100%. |
this is plauging me too and im sick of it will this even be addressed i am considering leaving opnsense myself... |
If we all quit who will fix it? 😊 |
This issue has been automatically timed-out (after 180 days of inactivity). For more information about the policies for this repository, If someone wants to step up and work on this issue, |
@ssbarnea I noticed this issue on my setup as well. previously had IPv6 working now it only works on the OPNsense host itself. clients get IPv6 IPs from both DHCPv6/SLAAC but can't go outbound to the internet. Spent an entire day without luck either. |
Hello, |
23.7.4 |
Instead of using a closed ticket without giving additional helpful information I’d rather see individual new ones. At least half of the reports these days are ISP troubleshooting cases. |
@fichtner sorry, I’ll open a new one. |
Hello,
Important notices
Our forum is located at https://forum.opnsense.org , please consider joining discussions there in stead of using GitHub for these matters.
Before you ask a new question, we ask you kindly to acknowledge the following:
I have a problem to contact my OpnSense with IPv6 since i upgrade from 22.7 to 23.X.
The connection worked normally since the upgrade.
Here is my route :
When i'm trying to ping6 i have this error :
When i add a default gateway, here is the errors :
And from the outside it's the same thing, it's impossible to contact the server on IPv6 :
I have an Ipv4 and IPv6 with the good gateways on my WAN interface.
I've just few firewall rules, and in it, the client has all the right on the server.
Also, i read the forums and this topic talk about the same problem i have : https://forum.opnsense.org/index.php?topic=32263.45
I tried the patch and i've got this output :
Regards
The text was updated successfully, but these errors were encountered: