I am a newbie when it comes to IPv6 and have my opensense setup to just use ipv4 right now. I know my isp supports v6 as when i have their router setup they have a v6 address. I was wondering if any one had a simple guide to setting it up and dhcp for v6 on opnsense. I got kinda confused on how some of the guide describe it. Thanks.
One note is i know i got the WAN connected as I turned on dhcpv6 and it gets an address.
There is exhaustive documentation on how to do this (https://docs.opnsense.org/manual/ipv6.html), what is it that you do not understand or what does not work?
If you are looking for a quick guide fo a specific ISP, then how about telling which it is? If your WAN already has an IPv6 address, just follow the docs on how to get IPv6 on the local interfaces, too.
Sorry for the lack of info. I am on Xfinity / Comcast internet. I figured out how to setup DHCPv6 on the WAN interface and get an address with the prefix of /60 per the guide i found just a minute ago for xfinity. But for some reason i can not pring from the router out. Forgive me as I am disabled and a little slow to pick up some stuff but had been doing ipv4 for a very long time so that i understand, but for some reason ipv6 baffles me. I read the wiki but could not get the ping to work.
Here is the guide i found and was working off of
https://homenetworkguy.com/how-to/configure-ipv6-opnsense-with-isp-such-as-comcast-xfinity/
There are two separate IPv6 addresses which you can get via DHCPv6 (as a client!) from your ISP that matter:
1. The IA_NA, which is the (/128) IPv6 for the WAN interface, which you can probably see from the dashboard. This may or may not exists, according to what your ISP allows. It is not needed per se, but it is easier when it exists. If that one exists, you should be able to ping from the OpnSense itself. If it does not work, you probably failed to set the IPv6 firewall routes from the guide.
2. The IA_PD, which usually is a /56 prefix (in your guide, it is only /60), from which the LAN interfaces can get routable IPv6 addresses (this can also be ssen on the dashboard). If you have no WAN IPv6, you can use those IPv6 GUAs to ping outside, as well. These prefixes can then be used to be distributed via DHCPv6 (as a server!) or (easier) SLAAC to to LAN clients, which can then also use IPv6.
Thanks for the help. I did mess up the icmp rules. I made a typo and copy and pasted it. So now they are fixed and working!!
Now my only issue I am having is my Codol rules for buffer bloat seems to not work on ipv6. Any ideas how to make it work for v6?
In theory, the traffic shaping rules should already work if you specify IPv4/IPv4 for them.
That being said, I would refrain from using them, as:
a. I found them to break IPv6 traffic completely with one of my ISPs (https://forum.opnsense.org/index.php?topic=32912.0). I never found what causes this.
b. I also had strange effects on how traffic from the OpnSense itself seems to get shaped. This caused massive performance degradations with HAproxy (https://forum.opnsense.org/index.php?topic=23339.msg197189#msg197189).