OPNsense Forum

English Forums => General Discussion => Topic started by: up100 on October 11, 2020, 02:38:14 pm

Title: How to configure IPv6
Post by: up100 on October 11, 2020, 02:38:14 pm

Hello,

My ISP providing all static IP’s (IPv4 & IPv6). I’m fine with IPv4. But struggling with IPv6.
ISP provided  /126 IP addresses for the WAN IP and gateway.
WAN IP’s configured & working fine.

But I’m not sure how should I go with IPv6 with LAN.

They provided /48 prefix.
As example they provided  2101:bf40:5001:: /48
I prefer to use DHCPv6 since I can find which IP’s assigned and if require I can assign IP addresses.
Prefer to have a subnet for virtual  LAB machines

At the moment assigned 2101:bf40:5001:: /48 to the LAN interface and assigned 64 subnet to for DHCPv6 range. But I’m not sure this is the correct way.
I assigned 2101:bf40:5001::1 /48 that worked as well.


What IP addresses should I configure for LAN interface?
If I’m planing to subnet /56 what IP should assign to LAN interface?

Could I use another subnet for VPN?

Title: Re: How to configure IPv6
Post by: bartjsmit on October 11, 2020, 07:00:35 pm

Pick a /64 for your LAN. With a /48 you have about 65 thousand to choose from  ;)

 e.g. 2010:bf40:5001:1::/64 and set your firewall LAN interface to a static IP in that /64, e.g. 2010:bf40:5001:1::1

Finally add RADVD from Services, Router Advertisements and set it to Unmanaged, High. You can add IPv6 DNS if you want your LAN clients to use it.

Give it a few minutes and from a client browse to https://ifconfig.co or http://www.kame.net and confirm you have been assigned a routable IPv6 address.

Bart...

Title: Re: How to configure IPv6
Post by: mihak on October 16, 2020, 12:58:50 am

IPv6 addressing is structured differently than IPv4. Check this deck (https://www.slideshare.net/advvalentine/about-ipv6) on the SlideShare, especially slides 6, 7 and 16.


In a nutshell, you should never use any mask smaller than /64 for each of your networks (meaning no numbers higher than /64), as EUI-64 and SLAAC require 8 bytes to squeeze MAC address into IPv6 address for auto-generated unique address. The most generous ISPs might give you /32, but the most typical ISP assignment is /48 which gives you full two bytes (16 bits) for your networking segmentation.
So, your IPv6 address will be:
6 bytes assigned from ISP + 2 bytes for your networking needs + 8 bytes for host ID.


I hope that makes sense?