Hello,
as my WAN connection is unfortunately a VDSL connection with a daily reconnect, I stumble into the following issue: At each reconnect, I get assigned a new prefix which is then distributed to the network clients as well.
But only this new prefix seems to be part of the definition of "LAN Net", therefore all connections using the addresses based on the old prefix are blocked by the default deny rule.
Is this actually intended behavior? Linux clients seem to always use the latest prefix but MacOS and iPhone e.g. do not and are consequently blocked from reaching "the internet". Local addresses such as the virtual IP of OPNsense are still reachable.
How could I circumvent this issue without allowing IPv6 traffic from any to any on the LAN Interface?
Edit: The firewall rules were probably the wrong lead as that should be the correct behavior. Only the deprecation did not work as expected?!
AdvDeprecatePrefix = on seems to have helped. Shouldn't that be the default configuration?
Maybe it's also just a coincidence...
Edit: No, it didn't. My Apple devices still do not get the deprecation and continue to use the old IPs.
Why?