In my quest to get DSLite working on OpnSense, I am trying to save the settings for a new GIF interface. However, there seems to be something wrong with the UI, because when I enter the settings, I get the following error in the logs:
<13>1 2024-04-23T21:19:35+09:00 opnSense.localdomain.com opnsense-devel 53233 - [meta sequenceId="43"] /usr/local/etc/rc.newwanipv6: Device gif0 missing required local address, skipping now.
Steps to reproduce:
- Interfaces > Other Types > GIF > New
- Enter all values: parent type = WAN, GIF remote = IPv6 address of AFTR endpoint, GIF tunnel local = 192.0.0.2, GIF tunnel remote = 192.0.0.1, subnet /29, click "disable ingress filtering" (apparently needed for my ISP)
- hit Save - get the above error in the logs.
However, setting it up manually works fine:
ifconfig gif0 inet6 tunnel 2001:f74:xxx:xxx:xxx:xxx:xxx:xxx 2001:f60:0:200::1:1 mtu 1300 -accept_rtadv ifdisabled
ifconfig gif0 inet 192.0.0.2 192.0.0.1 netmask 255.255.255.248
route add default -interface gif0
Is there any way to save this GIF config so that it survives a reboot?
I am on OPNsense 24.1.6-amd64. Tried the dev tree and same effect.
My guess is since 192.0.0.0/29 is not a valid private network subnet the GUI validator is ignoring it.
You should be using valid RFC1918 addresses for your tunnel local addresses, eg: 192.168.x.x, 172.16.x.x etc.
There's really no good reason to use address from public IP space for internal network when there are plenty you can pick from RFC1918.
Actually, 192.0.0.1/2 are required per RFC 6333 (DSLite) - these aren't arbitrary IPs, and the /29 subnet is also required per the same RFC :(