Hi,
My ISP gives me ONLY IPv4. I paid a VPS then I installed Wireguard VPN on the VPS, then IPv4 and comes to OPNsense's WAN. OPNsense run as Wireguard client. This setup works fine.
The problem is that I cannot get from VPS IPv6 IP to OPNsense's WAN. Wireguard server on the VPS works fine with IPv6, I tested on my linux laptop. I made a wireguard client on my linux laptop then I connected directly to VPS with IPv4 and IPv6.
So I would like to get directly from VPS to OPNsense's Wan then traffic goes to LAN . I read a lot of examples here but I didn't solve it.
VPS gives a IPv6 with /64 subnet but I can get one more with /64 subnet.
I was wonder nobdy here know something for my question? I will try to make simpler. My setup is ISP --> Wireguard server on VPS --> Wireguard client on OPNsense wg0 --> WAN --> LAN
In the past I had IPv6 from ISP but IPV6 cannot pass from OPNsense. The problem is OPNsense.
Actually I would like to setup IPv6 on OPNsense?
maybe this guides can help you getting started:
https://homenetworkguy.com/how-to/set-up-a-fully-functioning-home-network-using-opnsense/ (https://homenetworkguy.com/how-to/set-up-a-fully-functioning-home-network-using-opnsense/)
or ipv6 only: https://homenetworkguy.com/how-to/configure-ipv6-opnsense-with-isp-such-as-comcast-xfinity/ (https://homenetworkguy.com/how-to/configure-ipv6-opnsense-with-isp-such-as-comcast-xfinity/)
his tutorials have helpt me also in the beginning to get things started.
Quote from: RamSense on November 23, 2024, 09:36:35 PM
maybe this guides can help you getting started:
https://homenetworkguy.com/how-to/set-up-a-fully-functioning-home-network-using-opnsense/ (https://homenetworkguy.com/how-to/set-up-a-fully-functioning-home-network-using-opnsense/)
or ipv6 only: https://homenetworkguy.com/how-to/configure-ipv6-opnsense-with-isp-such-as-comcast-xfinity/ (https://homenetworkguy.com/how-to/configure-ipv6-opnsense-with-isp-such-as-comcast-xfinity/)
his tutorials have helpt me also in the beginning to get things started.
I read all of them with no luck.
You cannot delegate a /64 to your LAN, though what you need is NAT for IPv6 using ULAs in LAN (and other interfaces if needed).
Please provide screenshots of you intefaces overview first.
Then you need to enable manual configuration for LAN interface, go to services/router advertisements and select assisted mode for LAN.
Next go to interfaces/virtual IPs and add ULA address for LAN interface, e.g. fd00:10:10:10::1/64.
Then go to firewall/NAT/outbound and select hybrid mode. Add a manual rule with interface = WG network, IP version = v6, source address = fd00:10:10::/64
Make sure your LAN clients gets v6 addresses via SLAAC, e.g. fd00:10:10:10:1234:abcd:a1b2:e3f6
I guess this should work, I only do so for my VPN client networks to give them v6 connectivity without delegeting GUAs (since this is not really static in my case).
Quote from: tiermutter on November 25, 2024, 07:23:04 AM
You cannot delegate a /64 to your LAN, though what you need is NAT for IPv6 using ULAs in LAN (and other interfaces if needed).
Please provide screenshots of you intefaces overview first.
Then you need to enable manual configuration for LAN interface, go to services/router advertisements and select assisted mode for LAN.
Next go to interfaces/virtual IPs and add ULA address for LAN interface, e.g. fd00:10:10:10::1/64.
Then go to firewall/NAT/outbound and select hybrid mode. Add a manual rule with interface = WG network, IP version = v6, source address = fd00:10:10::/64
Make sure your LAN clients gets v6 addresses via SLAAC, e.g. fd00:10:10:10:1234:abcd:a1b2:e3f6
I guess this should work, I only do so for my VPN client networks to give them v6 connectivity without delegeting GUAs (since this is not really static in my case).
there isn't services/router advertisements
my devices connects to user interface not Lan.
Quote from: tiermutter on November 25, 2024, 07:23:04 AM
you need to enable manual configuration for LAN interface,
The do it all for "User" interface ;)
Quote from: tiermutter on November 26, 2024, 08:37:50 PM
The do it all for "User" interface ;)
I said there isn't manual configuration in services
It is in Interface config, not services...
Quote from: tiermutter on November 26, 2024, 08:44:47 PM
It is in Interface config, not services...
I found it Now?
Router Advertisements assisted?
not pinging
All devices gets ipv6 but actually not work
Can anyone help??
Quote from: tiermutter on November 25, 2024, 07:23:04 AM
Then go to firewall/NAT/outbound and select hybrid mode. Add a manual rule with interface = WG network, IP version = v6, source address = fd00:10:10::/64
Done?
Quote from: tiermutter on November 29, 2024, 03:44:55 PM
Quote from: tiermutter on November 25, 2024, 07:23:04 AM
Then go to firewall/NAT/outbound and select hybrid mode. Add a manual rule with interface = WG network, IP version = v6, source address = fd00:10:10::/64
Done?
Yes! I have been attached pictures. Vpn interfaces is wg0
Is anybody here to help me?
I've attached routes from my opnsense
Bump