![]() Similar rules are defined for WAN, so I had a quite oben IPv6 net allowing all between OPNsense-LAN and Fritzbox-LAN aka OPNsense-WAN. Just to be sure I also added the same rule for "out" on LAN in case I need to secure the way back and log it. I added a logging IPv6 rule allowing all in via LAN, I named it "Default allow LAN IPv6 to any rule" and it allows any IPv6 protocol from everywhere to eveywhere in LAN, so more or less opening up the firewall. Then I thought I have it, restarted the firewall and after the boot it did not work out again or was behaving differently again, while it was working fine before I rebooted.īeside many changes in the setup and some reboots I focussed closer on the firewall log. I also had sometimes the impression that I made changes, which did not really have an effect or immediate impact. Today I stopped experimenting and turned IPv6 of again on LAN so far as many website did not work with IPv6 not being correctly routed into the web. I then restored everything from a working backup, did the steps again and got another behaviour. Right after this it worked out of the box, but I was never able to reproduce this step. So activated the option " Disable force gateway" on 'Firewall -> Settings -> Advanced' which leads to the route table to be used/evaluated. įirst there was no chance for the OPNsense to ping the FB, but then I read somewhere else that OPNsense is usually not following the entries in the routing table but enforces a GW per IF. Last time I destroyed and reset me setup again when we had the Cloudfare aka transit provider issue in the internet as I first thought it was me here at home - bad timing. So why does the behaviour flip so much? When it works it usually works really long. I'm annoyed as I cannot find a pattern for "sometimes" and my setup is fairly common with all I googled so far. WAN interface by pressing safe/apply without any changes and then it worked - sometimes. I would swear, I did not change the setup, I either rebooted or I only "refreshed" an interface, like e.g. Then OPNsense cannot ping the FB via fe80 addr and then it works out of sudden. Now we come to the problem, sometimes I can ping the web and sometimes and I can only ping the OPNsense firewall from my computer. This looked OK so far and as far as I can evaluate. So this works fine and all clients within the OPNsense LAN got IPv6 addresses from the first subnet assigned. With this setup, LAN got a decent IPv6 assigned from the FB as well as the /60. Setup a Firewall rule to allow all ICMPv6 travel IN from WAN as well as for LAN (to cover all IPv6 ping and MTU-size requirements etc.).Left the "IPv6 Prefix ID" unchanged at 0.Under "Track IPv6 Interface" I set the value "WAN" for parameter "IPv6 Interface".Deactivated "Block private networks" as well as "Block bogon networks" on LAN IF (as the LAN behind the FB obviously falls under these rules).On the LAN interface (bce1) I defined "IPv6 Configuration Type" as "Track Interface".Prefix delegation size -> 60 (As I got a /56 and I just wanted to have "some" (4 Bytes aka 16) subnets available on OPNsense (some more I can experiment on another router later).Set within the basic "DHCPv6 client configuration":.Set "IPv6 Configuration Type" on WAN (bce0) IF to DHCPv6.This means, what I did so far - beside the FB setup as explained before: This forced me now to get deeper into IPv6 again so I also activated IPv6 within OPNsense according to common descriptions and examples in the web. I know I'm double NATted within IPv4 (with CGNAT I guess even three times, but who cares.). Within the FB IPv6 setup I activated " DNS-Server und IPv6-Präfix (IA_PD) zuweisen" aka allowing it to share (parts of) the /56 via DHCPv6 further on with other routers in the LAN.īehind the FB I've my OPNsense ( OPNsense 20.7.1-amd64) running, where all my clients are, so I'm routing from my computer (Ubuntu 20.04 Linux) via OPNsense via FB into the Web. So I got a common /56 to use on my own, which is assigned towards my FB. Since some days my f***** provider forced me silently behind a Carrier Gate NAT but added - at least - a public IPv6 within the same change now. I'm connected via FTTH behind a FritzBox (FB) and running IPv4 fine. I have a problem getting IPv6 up and running in a stable way.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |