Hi everyone,
I'm trying to set up IPv6 on my OPNsense router, but my ISP only provides a single /64 prefix — no prefix delegation (PD), no additional subnets.
My goal is to have all devices in my LAN receive globally routable IPv6 addresses directly from that /64, without using NAT. So far, I can get IPv6 on the WAN interface, but I'm not sure how to properly extend that to the LAN side with just a single /64.
From what I understand, I may need to use something like NDP proxying or bridging, since I can't split the /64 further. Is there a best practice for this kind of setup in OPNsense?
Has anyone done something similar? I'd really appreciate any guidance, configuration examples, or tips.
Thanks in advance!
Is that /64 static at least?
Unfortunately it isn't.
The WAN interface does not need a GUA. Depending on how you receive that /64 from your ISP configure it on LAN only. The default gateway for WAN can be link local.
I'm actually not sure if Dnsmasq supports this already. ISC DHCPv6/RADVD automation (interface tracking) is insisting on a /63 to do anything but likely going away in the current form or at least it's not going to be available by default anymore since ISC DHCP is moving to a plugin. So we should find a solution for this. Roadmap ticket is as follows, but it doesn't have a lot of information yet.
https://github.com/opnsense/core/issues/9155
Cheers,
Franco
If there is no Prefix Delegation at all, this is currently the only solution I can think of:
https://docs.opnsense.org/manual/ndproxy.html
But passing a dynamic GUA through like this is not possible since the plugin is standalone and does not hook into any runtime settings, or can change them. Only static configuration works like that right now.
I tried this by having the interface aquire the prefix with with
[Interfaces > WAN2] (my ISP only gives be IPv4. Dual Stack isn't possible, so I got a second Internet connection from a different ISP offering IPv6)
IPv6 Configuration Type: DHCPv6
IPv6 Configuration Type: DHCPv6
→ DHCPv6 Client Configuration:
- Prefix Delegation Size: 64
- Request only the prefix: (x)
- Send prefix hint: (x)
→ IPv6 Configuration Type: Track Interface
- Track IPv6 Interface: WAN
→ Router Advertisements: Stateless
- Advertise Default Gateway (x)
- DNS: 2001:4860:4860::8888
When I go to Interfaces/Overview I can see a GUA
https://pasteboard.co/1jDfrwGykfYS.png
For some reason though I'm getting "undefined" under Gateway
https://pasteboard.co/grOL6YoUCCaw.png
Edit: For some reason embedding the screenshots didn't work, so I'll just leave the hyperlinks
Edit2: For some reason it's almost impossible to get a prefix higher than /64 in my country without paying a premium. Even getting IPv6 itself is hard.
Quote from: Monviech (Cedrik) on October 06, 2025, 03:13:55 PMIf there is no Prefix Delegation at all, this is currently the only solution I can think of:
https://docs.opnsense.org/manual/ndproxy.html
But passing a dynamic GUA through like this is not possible since the plugin is standalone and does not hook into any runtime settings, or can change them. Only static configuration works like that right now.
I heard of this plugin, but what are the other downsides to using it? I read it really isn't stable (apparently).
Probably I can use a script that automatically edits the config when my IP changes
@Cedrik: there is a single /64 prefix delegation here I suspect. In theory it's possible to give it to a single LAN, but the code likely does not play well with it and is due to be replaced.
Cheers,
Franco