So maybe I am overlooking or not getting something, but has the default behavior changed since version 26?
Take it with a grain of salt, I am no expert.
Here is how I think the defaults used to work:
- A new Interface with the "Track Interface" option got RA set to unmanaged.
- A new Interface with the "Track Interface" option got no DHCPv6 enabled.
Here is how I think the defaults work now:
- A new Interface with the "Track Interface" option has no RA enabled by default.
- Not only do new interfaces have DHCPv6 enabled (::1000 to ::2000) it even retroactively enabled DHCPv6 for all old interfaces that did not have DHCPv6 enabled before?
These are the points I don't understand:
- Why is unmanaged RA no longer enabled by default?
- Why is DHCPv6 enabled by default?
- Why do old interfaces get DHCPv6 retroactively enabled (which does probably not even do anything, since RA is unchanged to "unmanaged")?
"Track Interface" is legacy now - what you probably want is now called "Identity Association". See: https://docs.opnsense.org/manual/interfaces.html
AFAIR the IPv6 changes were referenced in the 26.1 release notes, also.
Quotethe "Track interface" IPv6 mode now has a sibling called "Identity Association" which does the same except it is not automatically starting ISC-DHCPv6 and Radvd router advertisements to allow better interoperability with Kea and Dnsmasq setups.
AFAIK Track interface did also not automatically start ISC-DHCPv6 back in the days. This makes it sound like it did.
So enabling it retroactively seems a little bit strange IMHO.
What I also don't quite understand is this part.
QuoteDnsmasq is now the default for DHCPv4 and DHCPv6 as well as RA out of the box. One thing that the upstream software cannot cover is prefix delegation so that is no longer offered by default. Use another DHCPv6 server in this case.
We are not talking about prefix delegation on the WAN, right?
Are we talking about the "Assign prefix ID"?
Maybe I am putting the chart before the horse :)
I currently have this for each VLAN:
On the interface -> Static IPv4 and Track Interface for IPv6 and Assign prefix ID with the number of the VLAN, so for example 10.
ISC DHCPv4 -> Does DHCPv4
RA -> Since I did not even enable the manual config on the interface, it is totally default. So SLAAC and nothing else.
Unbound as DNS.
How would that setup look with none legacy stuff like Kea or Dnsmasq?
"Track interface" and ISC/Radvd defaults haven't changed at all.
Cheers,
Franco
In automatic mode ("Allow manual adjustment of DHCPv6 and Router Advertisements" not enabled), ISC DHCPv6 has always been active and RAs have always been set to assisted. This is not new.
Quote from: JamesFrisch on Today at 02:40:59 PMWe are not talking about prefix delegation on the WAN, right?
No, this is about downstream prefix delegation - OPNsense delegating prefixes to DHCPv6 clients in the LAN. Dnsmasq doesn't support this at all, Kea only with static prefixes.
Cheers
Maurice
Ohh, my bad, than I probably misremembered.
QuoteOPNsense delegating prefixes to DHCPv6 clients in the LAN. Dnsmasq doesn't support this at all, Kea only with static prefixes.
So if I wan't to have multiple VLANs with different assigned prefixes, I need Kea.
Or basically my current setting can be replaced by switching from track interface to Identity Association and from switching from ICE to Kea.
Ohh, my bad, than I probably misremembered.
QuoteOPNsense delegating prefixes to DHCPv6 clients in the LAN. Dnsmasq doesn't support this at all, Kea only with static prefixes.
So if I wan't to have multiple VLANs with different assigned prefixes, I need Kea.
Or basically my current setting can be replaced by switching from track interface to Identity Association and from switching from ICE to Kea? Is that accurate?