Messages

currently i have the ipv6 setup to get the info from wan (i've made another post about changing this to static, as not fully up on configuring ipv6 like ipv4 - post is https://forum.opnsense.org/index.php?topic=28718.0)

Hi,

Currently I'm with Zen and have my IPv6 configured to track wan and setup a dhcpv6 with some values

I'm now looking at setting up to use static addressing (got static details from zen)

I've gone through the online docs but some bits threw me off as the info didn't match the screenshots

So I've written down roughly what I need to do (i've changed all my ipv6 details I got from Zen)

Info from Zen
ND Prefix: 1234:1235:1234:89a::/64
PD Prefix: 1234:1234:1234::/48

Need to manually configure wan as
Ipv6 address   1234:1235:1234:89a:4262:31ff:fe03:db00/64
Ipv6 DP      1234:1234:1234::/48
Ipv6 Gateway   1234:1235:1234:89a::1

Lan Interface:
Ipv6 Configuration Type = Static IPv6
Ipv6 Address: 1234:1234:1234:0:4:3:2:1 (or should this be the ND Prefix)
Prefix: 64 bits

DHCPv6 Server
Enable
Subnet: 1234:1234:1234
Available Range
From: 1234:1234:1234:: to 1234:1234:1234:0:ffff:ffff:ffff
Range
From 1234:1234:1234::0000:0000:0000:0001
To: 1234:1234:1234:0000:ffff:ffff:ffff

If I'm not using subrouters and just opnsense along with no vlans, do I need to configure the prefix delegation range.

Has what I gathered correct and if setting static ipv6 on wan must I drop the connection to configure this first as if I try setting the one I get automatically it says already in use.

thanks in advance for any guidance on this

Thanks for the reply

Is it causing issues?  You could limit their bandwidth and then downloads take even longer.  I wanted to limit my xbox some time ago and the best way would have been to limit it in the switch, but due to lack of documentation and unresponsiveness in their forum, it remained impossible to do with the EdgeSwitches from Ubiquity I have.  I only know that the switch can do it, not how to make it so.

It can if multiple users are using the internet (use multiple xbox's, nintendo switches, shield/apple tv's and Sky Q, but yeh I could restrict the port speed via my switches or setup qos for the relevant ports on the switches. We do a lot of streaming/online gaming in our family

I don't see how you could reasonably do it.  It seems you would need to specify IPv6 addresses for your devices in the rules, and when you don't have an IPv6 network statically assigned to you, you'd have to keep changing the addresses in the rules according to the addresses your devices happen to currently have all the time.

However, that I don't see it doesn't mean anything.  I can only say that internet without static addresses sucks much worse with IPv6 than it does with IPv4, and I don't understand why anyone is giving out dynamic IPv6 addresses at all, rather than static ones.  It should be illegal to give out dynamic IPv6 networks.

I have a static IPv4 and IPv6 from my provider, and set IPv6 to track the WAN interface and use DHCPv6 Server for IPv6 assignment - not sure how to setup IPv6 for static (which I'm not sure is why I can't use ZenArmour) - tried following the help settings for configuring Zen IPv6 but got stuck (looks like uses different ranges in the instructions which was confusing me), so just left with from wan.

But some devices will use IPv6 over IPv4 which is why I would like to get QOS working on it

thanks for the reply

it's reporting my latency was over 60ms and not good for online gaming, but there doesn't seem to be an issue when doing online gaming.

Only thing we do notice is that if xbox or pc is downloading they hog the bandwidth, rather than qos kicking in across the devices and can only assume that this is because they using IPv6.

So is there a way to get QOS working for both IPv4 and IPv6

I had similar issues and to get switch working I had to split the wifi bands, so the 5ghz was seperate from the 2.4ghz and setup on the 5ghz.

I created an alias for the switches and set it to the mac addresses, so when ip renewed they still worked.

I then created an outbound rule under NAT and set the source/destination ports to udp/* and the source to the switch alias

now get B rating for the switches and allows multiplayer over internet

Hi,

I'm on a 310/50 Gfast connection and trying to setup QOS, so have followed the tutorial and also this post - https://forum.opnsense.org/index.php?PHPSESSID=l6ksdi82278q8t3n3a1j8ucvda&topic=7423.0

On following that post and performing a test using the bufferbloat site, it always says my latency is not brilliant.

I've set the download pipe as follows
Bandwidth: 275 Mbit/s
Scheduler: FlowQueue-CoDel
(FQ-)Codel ECN: Enabled

Upload pipe, used same settings but with 45 for the bandwidth

Queues
Download/Upload
Weight: 100
Mask: source
(FQ-)CoDel ECN enabled

Rules
Interface: WAN
Protocol: ip
Source: Ipv4 - Destination: Any (upload rule)
Source: Any - Destination: IPv4 (download rule)
Target: Points to the relevant queues

How do I get these rules to also work with IPv6 addresses and to also improve the latency, etc

thanks in advance

when you enable sensi it doesn't allow the restart of dhcpv6 and when set to bypass it still prevents dhcpv6 from running

it also prevents nettime from working

See Attachment.

Whenever is install the Sensei repository PlugIn it orphans all of my other PlugIns. The sensei plug in never appears. I have to delete the Sensei PlugIn and then the other plugins return to normal.

Anyone else have this problem?

go to firmware, status then choose check updates and it will resolve that issue, but yes I had the same when I installed Sensei today, it reported all my currrent plugins were orphaned, rechecked for updates resolved the problem

I've installed Zenarmour (Sensei) on my OpnSense 22.1.8_1-amd64 system and immediately after activating I lose ipv6 addressing on my lan.

The dashboard reports that dhcpv6 server has stopped and can't be restarted.

IPv6 is working on my WAN, just now not accross my lan network.

If I disable Sensei and reboot Opnsense i have no issues and dhcpv6 and npt are working again

Does Sensei actually work with users who use ipv6 or is it something we should not use

cheers

so once got all in place

do i just need to create firewall rules to block to certain locations?

Hi,

I'm following the instructions to set this up using the latest version of OpnSense but when go to maxmind to create the licence key, how do i know which version to configure for.

I've looked on OpnSense and can't see any details regarding the version number

I currently use Ipv6 on Zen and and whenever they have maintenance and connection is severed, when it comes back up the IPv6 does not work, even though radvd and dhcpd6 are both showing as running. I can recycle radvd but still no IPv6 connection and if I then try recycling dhcpd6 it then shows that it's stopped.

Dropping the connection and then reconnecting doesn't always solve the problem and in the end I have perform a full reboot of the opnsense box.

If I switched to manual dhcpv6 settings and configured opnsense to hand out ip's to clients will I have the same issues, if not how hard is it to configure the ipv6 settings for this so all network devices can get an ipv6 address

Thanks

I've set them both to restart on a daily basis, so will monitor and see how it performs

swap is currently at about 40% use been reporting now for nearly 6 days

I installed Maltrail and noticed after about 3 days it stops working and recording information. At first I thought it might be down to the connection dropping but this is not the case.

I've tried stopping and restarting the sensor and server, but it then takes a while for it to start again

Is there a way to get this to stop both sensors and server every night and restart it

update: found can restart sensor through cron, is there any point on restarting the server as well if it on the same machine?

thanks

I recently upgraded to 21.7 and if I try to make a change on the administration page and save it, i get the following error

The following input errors were detected:
Certificate Web GUI SSL certificate is not intended for server use.

Even if I try switching to HTTP connection I get the same error. I've never installed a certificate and use the defaults applied when installing the system.

When looking at the certificate it says CA: Yes, Server: No and the dates for validity is mar 2019 to mar 2020

Does opnsense not update its certificate, is this the cause of the problem and if so how do i update it?