Heyy,
my virtual IP setting causes the in virtual IP configured IP to get advertised. That's a problem because the virtualIP I set isn't intended for that use.
In "Services: Router Advertisements" under the "Source Address" field, the only option is "Automatic". Not very helpful.
And help is appreciated!
The report is relatively vague. What Virtual IP are you setting it to? It can't be a link local otherwise it would show up in the list? In order to do ULA addressing for clients radvd needs to pick up the VIP subnet in order for clients to connect... I don't see a problem at first glance.
Cheers,
Franco
Hi Franco,
sorry for being uncertain.
I set the following address in virtualIP: 2a02:FFFF:1d:5200::e/64
I use it to reach the HAProxy on the OPNsense. It works.
However when I restart radvd after adding the VirtualIP, it gets announced to the clients in the 2a02:FFFF:1d:5200/64 subnet. That's the thing I'd like to prevent.
Enable "Deny service binding" in the VIP's settings.
Cheers,
Franco
I enabled the option. Now the RAs are correct, but Internet stiill does not work :/
If I remove the VirtualIP, it directly works again.
Wireguard with IPv6 configured also breaks RA.
root@matrix-synapse:~# ip -6 neigh
2a02:XXXX:1d:5200::f:3 dev eth0 FAILED
fe80::7e2b:e1ff:fe13:982e dev eth0 lladdr 7c:2b:e1:13:98:2e router STALE
2a02:XXXX:1d:5200:7e2b:e1ff:fe13:982e dev eth0 lladdr 7c:2b:e1:13:98:2e router STALE
2a02:XXXX:1d:5200::f:4 dev eth0 FAILED
2a02:XXXX:1d:5200::e dev eth0 FAILED
2a02:XXXX:1d:5200::e -> Virtual IP with deny service binding configured
2a02:XXXX:1d:5200::f:4 -> Wireguard Endpoint IP
2a02:XXXX:1d:5200::f:3 -> Wireguard Endpoint IP
I don't think you can have the same network on wireguard and eth0.