Hi all,
I finally got OPNSense to see my ISP IPv6, I had to change from IPoE back to PPPoE (ISP dramas).
OPNSense can ping IPv6 just fine but the clients cannot:
ping -6 2001:4860:4860::8888
From fe80::7e5a:1cff:fe48:1c50%eno1 icmp_seq=1 Destination unreachable: Beyond scope of source address
https://docs.opnsense.org/manual/radvd.html
Done that: If "Track Interface (legacy)" is used, an existing disabled entry will also deactivate advertisements on that interface. Alternatively, switch to "Identity association" for full manual configuration if needed."
Dnsmasq is disabled and not being used, and RA is not selected either
My PC network does show the 2400: IP under the DNS6 so it is seeing something.
ISC DHCPv6 service is disabled
Services > Router Advertisements:
- Interface: LAN
- Mode: Managed
- Minimum interval: 200(default)
- Maximum interval: 600(default)
Interfaces > LAN
- IPv6 Configuration Type: Identity association
- Track IPv6 Interface > Parent interface: WAN
Interfaces > WAN
- IPv4 type: PPPoE
- IPv6 type: DHCPv6 (As instructed by the ISP)
OPNSense:
netstat -rn
Internet6:
Destination Gateway Flags Netif Expire
default fe80::2293:39ff:fef6:75e3%pppoe0 UGS pppoe0
ping6 -c 3 2001:4860:4860::8888
16 bytes from 2001:4860:4860::8888, icmp_seq=0 hlim=121 time=2.030 ms
16 bytes from 2001:4860:4860::8888, icmp_seq=1 hlim=121 time=1.957 ms
16 bytes from 2001:4860:4860::8888, icmp_seq=2 hlim=121 time=1.952 ms
I am running Unbound Recursive, no major changes other than "Register Mappings"
Thank you
It does not work like that (you already noticed, didn't you?).
Like with IPv4, there is two sides:
- WAN
- LAN
On WAN, you have to use whatever means it takes to get a WAN IP, often DHCPv4 and DHCPv6 as a client.
On LAN, you use DHCPv4 and (probably DHCPv6) as server. ALternatively, you can use SLAAC (RA) instead for IPv6.
You did neither: ISC DHCPv6, DNSmasq, RAdvd, all disabled. So how would clients get what they need. You must have IPv6 supplied to your LAN, otherwise it will not work.
There is a guide on how to do this via DNSmasq only in the official docs, instead, I prefer to do it like this (https://forum.opnsense.org/index.php?topic=45822.0).
Quote from: meyergru on February 12, 2026, 10:14:05 AMIt does not work like that (you already noticed, didn't you?).
Like with IPv4, there is two sides:
- WAN
- LAN
On WAN, you have to use whatever means it takes to get a WAN IP, often DHCPv4 and DHCPv6 as a client.
On LAN, you use DHCPv4 and (probably DHCPv6) as server. ALternatively, you can use SLAAC (RA) instead for IPv6.
You did neither: ISC DHCPv6, DNSmasq, RAdvd, all disabled. So how would clients get what they need. You must have IPv6 supplied to your LAN, otherwise it will not work.
There is a guide on how to do this via DNSmasq only in the official docs, instead, I prefer to do it like this (https://forum.opnsense.org/index.php?topic=45822.0).
There seems to be a misunderstanding, let's try again :)
- ISC DHCPv6 is disabled, IPv6 tracking doesn't need that
- LAN IPv6 is tracking WAN so the clients will get IPv6 automatically. No need for DHCPv6 server in here. Clients do receive ISPv6 DNS automatically already
- Services > Router Advertisement: It is up and running. I don't don't need DNSmasq for that
- The above only works if you follow the documentation "Identity Association" instead of "Track Interface(legacy)" : https://docs.opnsense.org/manual/radvd.html
That is the main purpose of having LAN IPv6 > Tracks WAN > RA > Clients get out: things happen dynamically.
You should not have to set up a DHCPv6 server/pool manually and all, it must be fully dynamic.
Services > Router Advertisements:
Interface: LAN
Mode: *Unmanaged*
Correct: RA mode must be unmanaged for SLAAC. I only saw "RA is not selected either", so you use RADVD.
Quote from: Boxer on February 12, 2026, 02:25:52 PMServices > Router Advertisements:
Interface: LAN
Mode: *Unmanaged*
Thank you so much for that.
As soon as I changed that, my PC got an IPv6 so did all the clients and I can ping IPv6 IPs now without a DHCPv6 server.
IPv6 gateway does show down, I guess that is because of the PPPoE.
What matter is that is all works, I guess I am officially running dual-stack haha
Thanks a lot.