Text only | Text with Images

OPNsense Forum

English Forums => 25.7, 25.10 Series => Topic started by: nhendriks on November 16, 2025, 03:31:36 PM

Title: IPv6 on a routed network
Post by: nhendriks on November 16, 2025, 03:31:36 PM
Hi there guys,

I'm running OPNsense as a VM on my Proxmox machine which is running in the datacenter. It uses vmbr0 as a WAN-interface and vmbr1 as a LAN-interface. Proxmox has been assigned static IP-addresses which are assigned by my ISP. VM's in the LAN of OPNsense use interface vmbr1 as well. As the addresses that OPNsense uses are routed towards my Proxmox IP-addresses I need to use those as a far gateway. It doesn't require anything like PPPoE or DHCP or whatever. For IPv4 this works perfectly fine, for IPv6 I just can't wrap my head around on how to get this working. I've been trying for quite a while but somehow it still doesn't work.

So the exact setup: Proxmox is assigned 2a02:898::331:1, to this IP-address 2a02:898:331/48 is routed. The first address should be the static gateway of OPNsense without DHCP or anything (as there is nothing running). I would like to run just a /64 on my OPNsense VM so I could use other /64's for other VM's if I ever want to have these with direct internet exposure. I would like to have 2a02:898:331:1::/64 be used by my router. No need for SLAAC or something on the LAN either as I would just be assigning static IP's to all clients (so they have the same last hextet as the last octet on IPv4, so 10.20.2.53 would become 2a02:898:331:1::53). If SLAAC is needed then that would be fine in addition to the statics I set myself. I'm not running any VLANs or something on both LAN or WAN.

I've had a setup working at some point on the LAN-side but I couldn't get any connections working to the internet. Something about a missing route, but even after adding a default route the issue persisted. After trying some stuff again I messed up and now I've got nothing working anymore.

Anybody got any clue on how to get this working? Would be highly appreciated!
Title: Re: IPv6 on a routed network
Post by: Maurice on November 16, 2025, 04:55:06 PM
If you use 2a02:898:331:1::/64 for the OPNsense LAN, you'll need a static route on the Proxmox host which routes this prefix to the OPNsense WAN address.

Cheers
Maurice
Title: Re: IPv6 on a routed network
Post by: nhendriks on November 16, 2025, 05:24:11 PM
Quote from: Maurice on November 16, 2025, 04:55:06 PMIf you use 2a02:898:331:1::/64 for the OPNsense LAN, you'll need a static route on the Proxmox host which routes this prefix to the OPNsense WAN address.
That should be done already, I've routed the entire /48 to vmbr0 and if I create a random VM, assign a static V6-address from that /48 and connect it to vmbr0 it works just fine. Not sure if that should mean it should work on OPNsense as well of course.
Title: Re: IPv6 on a routed network
Post by: Maurice on November 16, 2025, 07:37:13 PM
This only works for addresses which are on-link on vmbr0. This doesn't apply to the /64 used in the OPNsense LAN, hence Proxmox must explicitly route it to the OPNsense WAN address.
Title: Re: IPv6 on a routed network
Post by: nhendriks on November 19, 2025, 07:36:01 PM
Ah fair enough. Not quite sure what to do though, guess I'm a bit out of my league here.

My /etc/network/interfaces file looks like this but I still can't ping from the OPNsense VM itself :(. As expected I can ping VM's from OPNsense and I can ping OPNsense from my VM's (both LAN and WAN interface addresses). Going out of the network isn't working and I have no clue why.
Code Select
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual

iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual
#iDRAC - DO NOT USE

auto vmbr0
iface vmbr0 inet static
        address $someIPv4-address
        gateway $someIPv4-address
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        post-up sysctl net.ipv6.conf.all.forwarding=1
        post-up ip route add $someIPv4-address dev vmbr0
        post-up ip route add $someIPv4-address dev vmbr0
#        post-up /user/sbin/ip route add 2a02:898:331::1/128 via 2a02:898::331:1/128 dev vmbr0
        post-up /usr/sbin/ip route add 2a02:898:331::/48 dev vmbr0
        pre-down ip route add $someIPv4-address dev vmbr0
        pre-down ip route add $someIPv4-address dev vmbr0
        pre-down /usr/sbin/ip route add 2a02:898:331::/48 dev vmbr0
#WAN

iface vmbr0 inet6 static
        address 2a02:898::331:1/64
        gateway 2a02:898:0:00::1

iface idrac inet manual

auto vmbr1
iface vmbr1 inet manual
        bridge-ports eno2
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
        post-up /user/sbin/ip route add 2a02:898:331:1::/64 via 2a02:898:331::1/64 dev vmbr1
#LAN
Title: Re: IPv6 on a routed network
Post by: Maurice on November 19, 2025, 10:58:19 PM
Quote from: Maurice on November 16, 2025, 04:55:06 PMIf you use 2a02:898:331:1::/64 for the OPNsense LAN, you'll need a static route on the Proxmox host which routes this prefix to the OPNsense WAN address.

You added the route to vmbr1 (the LAN bridge). You need to add it to vmbr0 (the WAN bridge).
Title: Re: IPv6 on a routed network
Post by: nhendriks on November 20, 2025, 12:56:26 AM
Hmm, changed it and now I can ping 2a02:898:331::1 and 2a02:898:331:1:: from my Proxmox machine but no other even though ICMPv6 is allowed from all sources, still can't ping towards the the internet from my OPNsense machine or any of my VMs. Still complaining about routes not existing :(
Text only | Text with Images