Why do you set "Request only an IPv6 prefix Checked "? Is that required by your ISP? Do you know what mechanism is used to get the ipv6 address of the gateway?
It would be good to know if your delegated ipv6 prefix is static or not. Maybe, try comparing it over a few days with a few WAN restarts in between?
When your ipv6 connectivity is functioning, could you share the first 8 hex digits of your WAN ipv6 address (no more than 8 since otherwise it might identify you). You can find it on the OPNsense Da.shboard
For the record here are my config details which are somewhat similar to yours, though I need to use pppoe and obtain my ipv6 prefix/address through dhcpv6 over the pppoe. I too have LANs based on vlan's over a lagg. Here are some details:
WANside interfaces: WAN->pppoe->vlan->(interface on igc)
interface on igc uses MAC spoofing and has Promiscuos mode set. It has no ipv4 or ipv6 configuration.
vlan is required by my ISP
pppoe is required by my ISP
WAN: promiscuos mode unset and has DHCPv6 client configuration as follows: Request only an ipv6 prefix: No (otherwise the WAN has no ipv6 address of its own) Prefix delegation size: 48 Send ipv6 prefix hint: yes Use ipv4 connectivity (required by my ISP - i.e. ipv6 trafic travels down the same pppoe connection as the ipv4.
LANside interfaces: LAN->vlan->underLAN->lagg (lacp) ->(a pair of igc interfaces)
underLAN has Promiscuos mode set and sets a MAC address. It has no ipv4 or ipv6 configuration.
LAN has promiscuos mode unset. Static ipv4 and tracks the WAN interface for ipv6.
My ipv6 prefix is static and so will only change when I change ISP. The WAN ipv6 address is also static.
I tried almost all the how-to's under the Sun including OPNsense's own WireGuard Road Warrior Setup. Followed all the instruction to the point. But, no way. It won't work.
Is there a bug with WireGuard implementation? If yes, it is OK with me as I will devote my time to other tasks.
Problem is WG client cannot handshake. It sends data but receives nothing from OPNsense WG instance. It looks like OPNsense doesn't send any data outside to WG client. If WG client (phone) joins the local network, handshake happens.
LAN IP : 192.168.2.0/24 OPNsense: 192.168.2.1 WG Tunnel: 10.10.100.1/24 Client: 10.10.100.2/32 Allowed IPs: 0.0.0.0/0,::/0 Public IP is static.
Attached is the relevant screenshots: 'VPN | WireGuard | Status' and Android Phone WG Client config.
« Last post by Saarbremer onToday at 09:14:01 am »
Please specify your intended setup:
IPv4: WAN usually has DHCP, static configuration could also be possible but less common. All local interfaces have IP addresses from different IP subnets, usually something like 10.0.0.1, 10.0.1.1, ... At least Outbound NAT needs to be enabled and a firewall configuration according to your requirements.
What did you do?
IPv6: The same, but LAN interfaces in case of DHCP usually have Track Interface to deal with delegated prefixes (and some more configuration specialities according to your ISP).
Ich habe meine Sensen auf Port z.B. 6666 gesetzt, http redirect ausgestellt und dem adguard bei der Einrichtung auch einen eigenen Port gegeben, z.B. 6667. Damit kann ich über https + port die Sense WebGui und http + port den adguard erreichen.
Das Modem war eigentlich nur zum testen da, aber ihr habt natürlich Recht, die Gateway-IP ist 'ne Private... Das hab ich wohl übersehen. Habs jetzt mit der unveränderten Konfig wieder ins Produktivnetz gehängt und funktioniert einwandfrei.