Text only | Text with Images

OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: aringking on May 04, 2021, 07:01:04 AM

Title: [Solved] ipv6 gateway address does not lie within subnets
Post by: aringking on May 04, 2021, 07:01:04 AM
OPNsense 21.1.5-amd64
FreeBSD 12.1-RELEASE-p16-HBSD
OpenSSL 1.1.1k 25 Mar 2021

setting up opnsense in the cloud, i have both static ipv4 and ipv6 addresses.

interfaces/wan
static ipv4
static ipv6
ipv4 upstream gateway is set to provided ipv4 gateway address
upv6 upstream gateway is set to auto-detect

ping6 udp connect no route to host

system/routes/status
there is no default gateway for ipv6

i tried adding a gateway in system/gateways/single with the provided ipv6 gateway address with checks on upstream gateway and far gateway.

the error message is:
the gateway address does not lie within one of the chosen interface's ipv6 subnets.

what did i miss or did wrong?

thanks
Title: Re: ipv6 gateway address does not lie within subnets
Post by: Patrick M. Hausen on May 04, 2021, 11:00:23 AM
Impossible to tell without you telling us your configured static IPv6 address and prefix length and your gateway address that you are trying to configure.
Title: Re: ipv6 gateway address does not lie within subnets
Post by: Maurice on May 04, 2021, 08:07:03 PM
For static IPv6 interfaces, dynamic configuration of the upstream gateway address is not supported. Might be worth a feature request.

When configuring the gateway statically, you should use its link-local address. If your hoster only provides you with the gateway's GUA, you might be able to find out the link-local address by temporarily switching the interface to SLAAC and checking the routing table (or do a packet capture and look for Router Advertisements).

If you really have to use the gateway's GUA and it is not in the WAN subnet, the only workaround that comes to mind is expanding the WAN subnet. "Far Gateway" is indeed not supported for IPv6 gateways.

Cheers

Maurice
Title: Re: ipv6 gateway address does not lie within subnets
Post by: franco on May 04, 2021, 09:09:39 PM
You can just extend the subnet on the WAN side until the gateway is included. It doesn't have side effects as far as we know.


Cheers,
Franco
Title: Re: ipv6 gateway address does not lie within subnets
Post by: Maurice on May 04, 2021, 11:11:55 PM
Extending to a /64 or so, okay. But if you'd have to go all the way to a /40 or so (yes, I've encountered that), probably not a good idea. You might lose access to neighbouring subnets. Which could probably be worked around by route-to $gateway or static routes, but that seems all a bit hackish. I'd only consider this if link-local is not possible for some reason.

Cheers

Maurice
Title: Re: ipv6 gateway address does not lie within subnets
Post by: Patrick M. Hausen on May 04, 2021, 11:27:44 PM
Quote from: Maurice on May 04, 2021, 11:11:55 PM
Extending to a /64 or so, okay.
Of course. My first suspicion was that the OP might have configured a longer prefix than /64 ...
Title: Re: ipv6 gateway address does not lie within subnets
Post by: aringking on May 05, 2021, 08:21:54 AM
the opnsense ipv6 mask was set to /128.

so i changed it to /64 and it's ok now.

thanks for all the mindshare. :)
Text only | Text with Images