OPNsense Forum
Archive => 20.7 Legacy Series => Topic started by: Bytechanger on May 02, 2020, 04:39:43 pm
-
Hi,
I activate IPv6. I´ve set my LAN to PrefixID 0 and other VLAN to PrefixID 1.
But my computer in LAN get´s a lease from DHCP with IPv6 from VLAN !
PrefixLength is /60
LAN ::e300::
VLAN :: e301::
What is going wrong?
Greets
Byte
-
What is going wrong?
Probably nothing wrong at all. ;)
LAN is getting the subnet(-ID) ::e301::, which seems to be Prefix-ID 0.
VLAN with Prefix ID 1 is getting the subnet :: e300::
The association of Prefix-ID and subnet depends on how your'e counting and where you start. Just don't rely on any predictable relation between subnet-ID and prefix-ID, it depends on implementation.
e.g. my parent router delegates the prefixes from the end of its range: /60 with ID 0xf results in ...ff::/64, also does a /61 with IDs 0x0 to 0x7 result in ...f8:: to ...ff::/64 networks.
Things start getting interesting when leases expire with multiple routers and the subnet-IDs switch e.g. from ef:: to ff::, while the prefix-IDs were not touched.
-
No,
you can see vlan adress on interface ipv6 adress.
And now al, ipv6 is given to one vlan! And my devices are not in this vlan.
You can see this also in leases of ipv6. There is only one id and also shown one, false, interface!!
Crazy
Greers
Byte
-
Oh, I´ve seen something strange:
when I look at /var/dhcpd/etc/dhcpdv6.conf
when I use 2 tracking interfaces for ipv6
two times subnet6 xx:xx:xx:8b00::/60 {
subnet6 xx:xx:xx:8b00::/60 {
range6 xx:xx:xx:8b00::xxx xx:xx:xxx:8b00::xxx;
option dhcp6.name-servers xxx;
prefix6 xx:xx:xx:8b08:: xx:xx:xx:8b0c::/63;
}
subnet6 xx:xx:xx:8b00::/60 {
range6 2003:c7:746:8b01::1000 xx:xx:xxx:8b01::2000;
option dhcp6.name-servers xx:xx:xx:8b01:xx:xx:xx:5672;
prefix6 xx:xx:xx:8b08:: xx:xx:xx:8b0c::/63;
}
It seems, the second entry for subnet6 has wrong headline!!
Must there not be 08b01 ??
When I change it and restart dhcpv6 the wrong one is set!
On one Interface Tracking IPv6 it seems to work, but when I use more, it gives wrong IP-Ranges and config-File looks strange...
It seems, that DHCPv6 only take first used TrackInterface and insert this adress in every subnet?!?!
Additional question: where can I set/delete static leases (mac->ip) like dhcpv4?
it seems, that is a little different from ipv4
BUG??
Greets
Byte
-
OK, this is odd. If It's a bug, then I'm out.
Does it work as expected with the production release? In general tracking works fine with multiple VLANs and also with delegating subnets to routers on LAN side with the production release.
Can you try smaller subnets? Perhaps the /60 are interleaving because there is no /59 available for delegation?
Are you delegating parts of the prefix to routers on LAN or VLAN? Are those delegated networks too large?
I'd expect smaller subnets
subnet6 xx:xx:xx:8b00::/64
subnet6 xx:xx:xx:8b01::/64
in /var/dhcpd/etc/dhcpdv6.conf for "normal" v*LANs.
Which subnet and "Available prefix delegation size" does the GUI show at -> Services: DHCPv6: [LAN]?
There is no MAC for IPv6. The easiest way to add a static mapping is finding the ID/IPv6 at -> Services: DHCPv6: Leases -> and add it from there. With a dynamic prefix just use a "::123" for the IP and DHCP will add the correct prefix.
-
Hi,
first question:
On my OPNSense Service->DHCPv6 there is only Relay and Leases, nothing else (e.g. [LAN],[VLAN1], etc.).
Is this different to you??
DHCPv6 Configuration is in Interfaces->[LAN]->Track Interface...
And second:
No, my OPNSense is directly over PPOE on VigorModem on Telekom with /56 aviable.
But I only need 3-5 Subnet.
So I decide to choose /60.
Actually I test with 2 subnet.
[LAN] -> IPv6 Prefix ID 0x0
[VLAN1]->IPv6 Prefix ID 0x1.
There are no subnet delegated!
Only one router (OPNSense) with DHCP and gateway.
The interfaces get the RIGHT ipv6 Adress vom DHCPv6.
But all others in network gets right ipv4 but ipv6 from ONE subnet (I think its last/first configured).
And as you see, the automatic generated /var/dhcpd/etc/dhcpdv6.conf from OPNSense looks wrong...
So I did not know, what I am doing wrong.
There is not much things, you could enter wrong.
When I use only one subnet [LAN] all works fine.
I don´t know, if its a bug. But I think, when it´s one, many people before me had seen this....
So it could be my fault, but I don´t know, what I had to do to correct it....
Greets
Byte
-
OK, see now OPNSense Service->DHCPv6->LAN
I clicked Allow manual adjustment of DHCPv6 and Router Advertisements on Interface...
I test and write here now...
Greets
Byte
-
OK, with:
Interfaces: [WAN]
Prefix delegation size: 60
Send IPv6 prefix hint: on/off -> Does this make a difference?
then i'd expect at:
Services: DHCPv6: [LAN] and [VLAN]
Subnet mask: 64 bits
Available prefix delegation size: 61
with the Subnet/Prefix 00:: and 01:: for prefix-IDs of 0x0 and 0x1.
Could you test with Prefix-IDs of 0x2 and 0x3 for the LAN and VLAN interfaces?
In that case we want to see
2001:db8:a:8b00::/60 requested by WAN
2001:db8:a:8b02::/64 is assigned to LAN
2001:db8:a:8b03::/64 is assigned to VLAN
2001:db8:a:8b08::/61 available for delegation.
Does any 2001:db8:a:8b00:: appear in this case?
-
[Edit]
Disregard, I misunderstood.
[/Edit]
-
Hi,
OK, I choose Interface->WAN->Prefix delegation size "60" because I only need 5-6 subnet for me.
When I change my setup and OPNSense is behind another router, I can´t get size "56".
Please say me, wich size I should choose.
On Interface I choose
Interfaces->
[LAN]->Track Interface->IPv6 Interface WAN
-> IPv6 Prefix ID 0x0 (so I think, its only an ID)
-> allow manual adjustment of DHCPv6 and Router Advertisements checked
[Kamera]->Track Interface->IPv6 Interface WAN
-> IPv6 Prefix ID 0x1
-> allow manual adjustment of DHCPv6 and Router Advertisements checked
[Gast]->Track Interface->IPv6 Interface WAN
-> IPv6 Prefix ID 0x2
-> allow manual adjustment of DHCPv6 and Router Advertisements checked
Overview->
[LAN] -> IPv6 address xxx:xx:xxx:8b00:xxx:xxxx:fe92:8584 / 60
[Kamera]-> IPv6 address xxx:xx:xxx:8b01:xxx:xxxx:fe92:8584 / 60
[Gast] ->IPv6 address xxx:xx:xxx:8b02:xxx:xxxx:fe92:8584 / 60
Service->DHCPv6
[LAN]->
Subnet xxxx:xx:xxx:8b00::
Subnet mask 60 bits
Current LAN IPv6 prefix xxxx:xx:xxx:8b00::
Available prefix delegation size 61
Available range 2003:c7:746:8b00:: - 2003:c7:746:8b0f:ffff:ffff:ffff:ffff
Range: xxxx:xx:xxx:8b00:: - xxxx:xx:xxx:8b00:ffff:ffff:ffff:ffff
[Kamera]->
Subnet xxxx:xx:xxx:8b00::
Subnet mask 60 bits
Current LAN IPv6 prefix xxxx:xx:xxx:8b01::
Available prefix delegation size 61
Available range 2003:c7:746:8b00:: - 2003:c7:746:8b0f:ffff:ffff:ffff:ffff
Range: xxxx:xx:xxx:8b01:: - xxxx:xx:xxx:8b01:ffff:ffff:ffff:ffff
[Gast]->
Subnet xxxx:xx:xxx:8b00::
Subnet mask 60 bits
Current LAN IPv6 prefix xxxx:xx:xxx:8b02::
Available prefix delegation size 61
Available range 2003:c7:746:8b00:: - 2003:c7:746:8b0f:ffff:ffff:ffff:ffff
Range: xxxx:xx:xxx:8b02:: - xxxx:xx:xxx:8b02:ffff:ffff:ffff:ffff
As you see, there is ALWAYS Subnet 8b00 for ALL Interfaces set...?!
And you see, that I try to set the Interfaces Range to 8b00, 8b01b, 8b02, ...
Now my PC in [LAN] gets an IP from [Gast] wich is shown in Leases Interface [Gast]?!?!
Need help please...
Greets
Byte
-
OK, I choose Interface->WAN->Prefix delegation size "60" because I only need 5-6 subnet for me.
When I change my setup and OPNSense is behind another router, I can´t get size "56".
Please say me, wich size I should choose.
/60 on WAN is a reasonable choice.
Available prefix delegation size of 61 is fine, that's what we expect.
Available dhcp ranges is the same /60 in all cases. Thats bad.
I wonder how you managed getting a /60 on the LAN-side? It's supposed to be /64 for a single LAN-Net, i.e. Subnet mask 64 bits.
[LAN] -> IPv6 address xxx:xx:xxx:8b00:xxx:xxxx:fe92:8584 / 60
[Kamera]-> IPv6 address xxx:xx:xxx:8b01:xxx:xxxx:fe92:8584 / 60
[Gast] ->IPv6 address xxx:xx:xxx:8b02:xxx:xxxx:fe92:8584 / 60
Those should be /64 and everything is fine.
We need to get the 2001:db8:a:8b00::/60 into /64-Networks.
Did you try using different Prefix-IDs? Currently you're using 0x0 to 0x2 (or 0x6). Try setting LAN to prefix-ID 0x8, we expect the LAN to become 2001:db8:a:8b08::/64.
-
Speculation: You might always get a /56 from your ISP, even if you only request a /60. This might somehow confuse OPNsense (which could indeed be considered a bug).
What happens if you request a /56? Does that fix it?
Cheers
Maurice
-
Hi,
I try, but it seems to work!
I set it now Prefix size to 56.
I get a dynamic ipv6, how can I set the Range?
I try to set it
::1 to :ffff:ffff:ffff:fff
but this is wrong...
Greets
Byte
-
Bingo. So just request a /56 and make sure to keep all your prefix IDs in the 0x0 to 0xF range. Then you won't have to change them if you need to switch to /60 in the future.
You might want to consider opening an issue on GitHub, but one could argue that not selecting the prefix length which the upstream router actually delegates is unsupported. Some kind of error message or other hint would be nice though.
I get a dynamic ipv6, how can I set the Range?
You mean the DHCPv6 range? You can specify any range you'd like. Since you probably won't need quintillions of addresses, something like ::1 to ::ff should do.
-
Thanks. I will test.
But actually I have one device (NAS) with 2 LAN (each VLAN) that doesn´t get any ipv6 Adress.
I don´t know why, before my settings, it works (but with wrong ipv6-adresses).
Any ideas?
Greets
Byte
-
My PC [LAN] get a IPv6-Address, but shows "no internet connection". And internet site test to ipv6 failed.
On PC field "IPv6-Gateway" is empty! So there is no ipv6 Gateway set (router itself).
When I set it manualy to Interface IPv6, it works.
But why it isn´t set automatically?
my actual settings:
Interfaces->
[LAN] IPv6 address xxx:xx:xxx:8000:201:2eff:fe92:8584 / 64
[Kamera] IPv6 address xxx:xx:xxx:8001:201:2eff:fe92:8584 / 64
[Gast] IPv6 address xxx:xx:xxx:8002:201:2eff:fe92:8584 / 64
Service->DHCPv6
[LAN]
Subnet xxxx:xx:xxx:8000::
Subnet mask 64 bits
Current LAN IPv6 prefix xxxx:xx:xxx:8000::
Available prefix delegation size 57
Available range xxxx:xx:xxx:8000:: - xxxx:xx:xxx:8000:ffff:ffff:ffff:ffff
Prefix subnet will be prefixed to the available range.
Range: ::1000 to ::2000
[Kamera]
Subnet xxxx:xx:xxx:8000::
Subnet mask 64 bits
Current LAN IPv6 prefix xxxx:xx:xxx:8001::
Available prefix delegation size 57
Available range xxxx:xx:xxx:8001:: - xxxx:xx:xxx:8001:ffff:ffff:ffff:ffff
Prefix subnet will be prefixed to the available range.
Range: ::1000 to ::2000
[Gast]
Subnet xxxx:xx:xxx:8002::
Subnet mask 64 bits
Current LAN IPv6 prefix xxxx:xx:xxx:8002::
Available prefix delegation size 57
Available range xxxx:xx:xxx:8002:: - xxxx:xx:xxx:8002:ffff:ffff:ffff:ffff
Prefix subnet will be prefixed to the available range.
Range: ::1000 to ::2000
Greets
Byte
-
Did you properly configure Router Advertisements? You have to do that manually if you allow manual adjustment of DHCPv6 and Router Advertisements in the interface settings. Or just disable that if you want to use the automatic settings.
-
Hi,
thanks for anwerting.
found it.
Can you tell me, how it is filled best for me?
Greets
Byte
-
OK, thanks for the best help.
It seems, that it works now!
Thank you.
Greets
Byte