Hello,
I get the internet via wifi. My ubiquiti nanostation is connected as a bridged mode via wifi at my brother's wifi connection then nanostation goes the internet through ethernet port to OPNsense then to my laptop.
If I remove the ethernet cable from OPNsense, then I connected the ethernet cable directly to my laptop the IPV6 works fine. So I thing the problem is from OPNsense.
I post some photos with settings.
Interfaces: [LAN] Track Interface
Interfaces: [WAN] SLAAC
A SLAAC WAN can only provide IPv6 connectivity for OPNsense itself, not for devices in its LANs. You'll need DHCPv6 Prefix Delegation for this, which also needs to be supported by the upstream router.
Cheers
Maurice
Quote from: Maurice on February 13, 2024, 07:40:40 PM
A SLAAC WAN can only provide IPv6 connectivity for OPNsense itself, not for devices in its LANs. You'll need DHCPv6 Prefix Delegation for this, which also needs to be supported by the upstream router.
Cheers
Maurice
Thank you for replying
I changed from SLAAC to DHCPv6, with no luck. DHCPv6 Server not restarting...
Does the upstream DHCPv6 server (= your brother's router) support Prefix Delegation and is it configured correctly?
Quote from: Maurice on February 13, 2024, 08:54:21 PM
Does the upstream DHCPv6 server (= your brother's router) support Prefix Delegation and is it configured correctly?
I don't have access in his router. As I said If I take the ethernet cable then connected directly to my laptop. I have ipv6 connection.
So I thing the answer in you question is Yes . but as I said I don't have access on his router to see the settings.
If you connect your laptop directly to the WLAN bridge, no Prefix Delegation is required - the laptop gets an IPv6 address from your brother's router.
But if you connect the OPNsense WAN to the WLAN bridge and your laptop to the OPNsense LAN, Prefix Delegation is required so OPNsense can provide an IPv6 address to your laptop.
If Prefix Delegation isn't set up on the other router and you don't have access to it, this unfortunately won't work.
If you're desperate, you could configure IPv6 outbound NAT in OPNsense.
Quote from: Maurice on February 13, 2024, 09:25:02 PM
If you connect your laptop directly to the WLAN bridge, no Prefix Delegation is required - the laptop gets an IPv6 address from your brother's router.
But if you connect the OPNsense WAN to the WLAN bridge and your laptop to the OPNsense LAN, Prefix Delegation is required so OPNsense can provide an IPv6 address to your laptop.
If Prefix Delegation isn't set up on the other router and you don't have access to it, this unfortunately won't work.
If you're desperate, you could configure IPv6 outbound NAT in OPNsense.
Would you like to help me, what are the next steps to configure IPv6 outbound NAT in OPNsense ?
- configure the OPNsense LAN interface with a static IPv6 address, like 2001:db8::1/64
- set the Router Advertisements mode to "Unmanaged"
- enable hybrid outbound NAT rule generation
- create an IPv6 outbound NAT rule for the WAN interface
Quote from: Maurice on February 13, 2024, 10:11:24 PM
- configure the OPNsense LAN interface with a static IPv6 address, like 2001:db8::1/64
- set the Router Advertisements mode to "Unmanaged"
- enable hybrid outbound NAT rule generation
- create an IPv6 outbound NAT rule for the WAN interface
I did it --> 2001:db8::1/64
I dit --> - set the Router Advertisements mode to "Unmanaged"
What I have to put inside outbound nat rule in wan inteface?? Would you like to show me an example?
The outbound NAT rule should work with default settings, you only need to set the TCP/IP version to IPv6.
Quote from: Maurice on February 13, 2024, 10:44:46 PM
The outbound NAT rule should work with default settings, you only need to set the TCP/IP version to IPv6.
Please look at the photo. Is it correct?
Yes, everything visible in the screenshot is correct.
Quote from: Maurice on February 13, 2024, 11:06:42 PM
Yes, everything visible in the screenshot is correct.
You are GOD! Thank you very much. I solved it.
Do I have to enable "Enable DHCPv6 server on LAN interface" or any other service fro ipv6???
DHCPv6 shouldn't be required, most devices support SLAAC (Router Advertisements "Unmanaged" mode).
my devices (cellphones) every time that connect my network has different ipv6 address. Is there solution to not change this address. I would like to change to static ipv6 ip.
How can I do that?
On IOS go to settings, WLAN, disable "Private Address". Probably very similar for Android.
No way to enforce this on the firewall without configuring the phones as far as I know.
On Android, set the MAC address to "Device" (not "Random").
What you can't disable are privacy extensions. Android (like most systems) generates one SLAAC address based on the MAC address (which makes it essentially static, as long as the prefix doesn't change) and one randomised address. For privacy reasons, only the random address is used for outbound connections.
Quote from: Maurice on February 19, 2024, 10:14:38 PM
On Android, set the MAC address to "Device" (not "Random").
What you can't disable are privacy extensions. Android (like most systems) generates one SLAAC address based on the MAC address (which makes it essentially static, as long as the prefix doesn't change) and one randomised address. For privacy reasons, only the random address is used for outbound connections.
on my Xiaomi redmi cellphone there is no option to do that!