Hi all,
Work to include IPv6 support for the Captive Portal system has finished, if you'd like to give it a spin:
# opnsense-patch https://github.com/opnsense/core/commit/497ed54fe18c
The patch requires the 26.1.4 or 26.1.5 version and a reboot to take effect.
Some important notes:
- A new checkbox called "roaming" has been added and is enabled by default. This option allows the portal to sync/administrate IPv4/IPv6 client aliases. This option is required for maximum compatibility with IPv6, since multiple IPs are more common for IPv6.
- Hostwatch (Interfaces: Neighbors: Automatic Discovery) must be enabled for the administration of IPv6 addresses, as the output of NDP can be rather slow in some setups.
- A hostname must be configured for each zone wanting to do IPv6 (a certificate isn't required). Where IPv4 zone networks are usually static, IPv6 may be tracked through Identity Association or other means, in which case the portal cannot reliably guess which IPv6 address should be used for redirection. Instead, this is delegated to DNS. This also means that the proper DNS records must be available. For any default setup using Unbound, these can be synthesized with the DNS64 option in Services: Unbound DNS: General.
- The primary IP used by the client to log in to the portal will be allowed by the firewall as soon as they log in. All other IP addresses associated with this client are synchronized after the fact, meaning there can be a slight delay until these IP addresses are allowed by the firewall.
Thanks in advance if you'd like to test this, and a special mention to Alex Goodkind for his initial work and helpful testing.
Cheers,
Stephan