Hi,
When configure the IPv6 network access via PPPoE to my ISP, I am able to obtain an GUA IPv6 address (/64) on LAN interface. The /64 public GUA prefix do advertise to my Windows configure the IPv6 only network. The Windows OS have a unique GUA IPv6 too. It can access to IPv6 internet too, so far so good.
Next, I try ULA IPv6. I configure a virtual IP on the LAN interface with ULA IPv6 fd01:2:3:4::1/64. Restart the radvd service, the Windows can has both GUA and ULA address.
Can OPNsense configure to advertise only ULA to the Windows client only?
I suspect not, unless there is a manual way through config files. But curious - what is your use case for this?
I am trying NPTv6. As the windows IPv6 client received both GUA and ULA address, I couldn't confirm if IPv6 traffic was evaluated against NPT rule defined in OPNsense.
My next use case is I have configure a IPv6 load balance multi WAN. I have 3 WAN connections. All 3 WAN offered only /64 IPv6 GUA. I think the only option for internal host to utilize the IPv6 multi wan is via ULA.
Yes, you can do local ULA only + NAT or NPTv6 (just like IPv4).
How would a NAT rule look like for ULA? E.g. fd00::
Internal Networks (possibly fc00::/7) to Any NAT Outgoing on WAN for IPv6, pretty much.
But geez, why persist with NAT on IPv6 unless it is really necessary?
Because it is really necessary. There are two main cases:
- You don't have a static IPv6 prefix but still want to do clustering.
- You have a static IPv6 prefix, but want to do multi-wan (you can do NPTv6 in that case).
God knows I tried, but with poor IPv6 support from clients for environments with more than one next-hop, it's not possible to go GUA.
Any modifications to Router advertisement? At the moment it is unmanaged. Dhcpv6?
Is there a reason to construct ipv6 subnets for different interfaces?