Hi there!
I'm trying to follow the instructions outlined in the manual (https://docs.opnsense.org/manual/ndproxy.html) to configure NDProxy with an ISP that only delegates a /64 over an ONT CPE through PPPoE (the link is encapsulated with a VLAN tag and the ONT only has 1000Base-T connectivity for end-user devices).
At the moment, the LAN interface is able to connect over IPv6 successfully (same as the firewall), though I'm not yet sure what would be the proper way to implement this solution in my network given I segregate traffic using VLANs (four for the time being).
I assume that if I were to track the LAN interface (as it's untagged/VLAN ID 1) from any of the VLAN interfaces, the problem would solve itself.
However, I'm unable to select it in the list of trackable interfaces, and attempting to do the same with the WAN interface forces me to choose a prefix ID of 0, which given I'm on a /64 returns me to square one.
Is there perhaps something else I'm missing?
Thanks in advance!
			
			
			
				You cannot split a /64 further or SLAAC breaks.
If you get only a single /64 prefix you can use ndproxy for one internal LAN and thats it.
			
			
			
				Quote from: Monviech (Cedrik) on April 17, 2025, 06:36:07 AMYou cannot split a /64 further or SLAAC breaks.
If you get only a single /64 prefix you can use ndproxy for one internal LAN and thats it.
Hmm, perhaps I misunderstood the purpose of the tool then in the first place.
Before ndproxy was available, I already had IPv6 working on the LAN interface by following a similar method (WAN asks for a PPPoE link over IPv4 with PAP credentials to my ISP and requests a prefix to be assigned, ISP hands it out to the WAN interface and I track the assignment on the LAN interface).
However, neither SLAAC, DHCPv6 nor Router Advertisements proved difficult to get working under the previous conditions (regardless of if it was done using OPNSense, OpenWRT, or even Windows at some point).
So if everything supposedly worked as-is before I tried to integrate ndproxy into the network, does that mean I didn't need to in the first place, or did I actually have missing functionality and just never noticed?
			
 
			
			
				You dont need it if the provider has a route to you.
Its for setups where you only get an address via slaac without a route from the provider.
I should adjust the documentation a bit sometime.
			
			
			
				Quote from: Monviech (Cedrik) on April 17, 2025, 07:12:41 PMYou dont need it if the provider has a route to you.
Its for setups where you only get an address via slaac without a route from the provider.
I should adjust the documentation a bit sometime.
Huh, funny that.
On the one hand I find it worryingly scary that such a scenario is probable enough to warrant development of a tool to handle it (why would anyone provide a networking protocol without the ability to natively route traffic‽), but on the other I find it great that you were able to facilitate a solution in the first place.
So I guess I'm back to square one in matters of subnetting IPv6. In any case, thanks for the prompt response! Now to figure out how to wrangle this with my ISP.