I replied to an old(ish) feature request topic, but maybe that was not the smartest thing to do so I'll post it as a question here as well.
Is it possible to setup Router Advertisement so it announces more than 1 prefix (or subnet) to the clients on that interface?
I get a prefix from my ISP and would like to announce that using Track Interface (WAN). No issue there.
Next to that, I would also like to announce a ULA prefix.
Why the ULA addresses? I need something predictable/"fixed" for my Active Directory.
At home, I don't get a fixed IP nor fixed prefix.
At work, I do, but we will probably change ISPs in the not so distant future.
ULA addresses would make sure I can still reach all machines even when the GUA prefix changes.
Is that not what Advertise Routes is for in Services->Router Advertisements->LAN is for?
That does add an additional route to the client, but does not give the extra ipv6 adresses in the new subnet.
OK.. I'll go take a look and see what's needed.
It DOES work, but only if:
1. I add a virtual IP for the interface (I added fddd:999:999:92::1/64)
2. I reboot OPNsense
Just the reboot is not enough, it's the virtual IP that does the trick.
--
EDIT: If that was how it was supposed to work, then that was not clear to me, sorry...
--
EDIT2: The virtual IP causes another undesired effect. After a reboot, the client no longer gets a GUA address, only the additional ULA.
A bit more details:
In my test setup I have 2 VLAN interface (91 and 92), each with a single client.
For VLAN91 I have configured Track Interface (WAN) and so the client originally got a GUA adress only. ipv6 connectivity works as expected.
For VLAN92 I have configured a static ipv6 (fddd:888:888:92::1) and RA announces this prefix.
That works as expected: ipv6 connectivity but only on my own network, and no internet.
Later on I added
* the "advertise routes" setting: fddd:999:999:91::/64 for VLAN91 and fddd:999:999:92::/64 for VLAN92
* virtual IP fddd:999:999:91::1/64 for VLAN91 and fddd:999:999:92::1/64 for VLAN92
and rebooted the firewall.
For VLAN92 I now get:
* 4 ULA addresses, 2 for both subnets (that includes a temp one for both subnets)
* routes for both subnets
That works as I had expected
For VLAN91 I now get:
* 2 ULA addresses (including 1 temp)
* no more GUA addresses
This looks a bit like a known bug (over here or at pfSense) where virtual IP + Track Interface don't work nicely together. That had something to do with the order of the ipv6 addresses in ifconfig on the concerning interface, IIRC.
If required I can try to find that bug report on Monday.
No worries.. You have it sorted. It was not something I have done before so I was about to start delving, you've saved me from that. :)
Sorry to disappoint, I have just edited my post while you were adding your reply above.
It's going a bit off-topic, but is a cause of the requirement of that Virtual IP.
Of course, if we continue in this topic, then it may better get a new name, or I open a new one for it next week?
I think the best option here is to raise it on Github as an issue. I am uncertain as to whether a VIP is meant to be able to do this or not, and heads better in the VIP area than mine will pick it up if it's raised as an issue.