OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: ldnunes on April 03, 2019, 10:37:46 pm

Title: IPv6 to VLANs don't work
Post by: ldnunes on April 03, 2019, 10:37:46 pm

I'm having some problems regarding distributing IPv6 to multiple VLANs. After making my WAN interface receive the IP6 address and prefix from my ISP's modem using SLAAC I've made the VLANs track the WAN interface. The hosts in the networks receive the IPs and prefix, but can't receive any inbound packet, as the Neighbor Discovery protocol from the modem to the WAN interface don't work past the WAN interface since it uses link-local for the requests.

I've managed to make it work by creating a bridge between the WAN and one of the VLANs networks, but that would expose the hosts of that network since it puts them at the same physical network of the WAN without the OPNSense firewall.

Any help is appreciated.

Title: Re: IPv6 to VLANs don't work
Post by: lrosenman on April 04, 2019, 12:46:47 am

see also: https://forum.opnsense.org/index.php?topic=12307.0

Title: Re: IPv6 to VLANs don't work
Post by: lrosenman on April 04, 2019, 01:41:18 am

I'm also having issues with just a straight interface :(

Is there any doc/tests/etc on MULTIPLE interface(s) getting DHCPv6-PD prefixes?

I'm *OBVIOUSLY* either missing something or this is busted.

Title: Re: IPv6 to VLANs don't work
Post by: lrosenman on April 04, 2019, 04:13:45 am

I did some playing, and I think(!) there's a bug in how we build dhcp6c.conf....

I replaced the one that OPNSense generated with:

Code: [Select]

interface ngeth0 {
  send ia-pd 0; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_opt3_script.sh"; # we'd like some nameservers please
};
id-assoc pd 0 {
  prefix ::/60 infinity;
  prefix-interface em0 {
    sla-id 0;
    sla-len 4;
  };
  prefix-interface em1 {
   sla-id 1;
   sla-len 4;
  };
  prefix-interface em0.100 {
   sla-id 2;
   sla-len 4;
  };
};

and I get IPv6 addresses on all 3 interfaces, up, down, etc.

Basically, for a track interface, we should add the prefix-interface stanzas for each interface in the tracking group, and then *RESTART* dhcp6c on the interface that's being tracked.

this article: https://major.io/2015/09/11/time-warner-road-runner-linux-and-large-ipv6-subnets/ gives a real good overview (based on linux, but the dhcp6c stuff is the same)

Title: Re: IPv6 to VLANs don't work
Post by: va176thunderbolt on April 04, 2019, 08:01:43 pm

I'm on Charter and have my Opnsense box configured to do PD to 4 different internal lans. I didn't "figure out" the restarting the dhcpc process for the wan interface, and handled it with rebooting the box.

Title: Re: IPv6 to VLANs don't work
Post by: lrosenman on April 04, 2019, 08:17:16 pm

when I added a new interface with track WAN, OPNSense didn't even re-write the dhcp6c_opt3.conf file....

Ugh.

Title: Re: IPv6 to VLANs don't work
Post by: lrosenman on April 05, 2019, 12:37:27 pm

@Franco: Should I file a GitHub issue on this?

What I'm seeing is:
1) have an existing tracking interface setup on LAN tracking WAN
2) add another interface tracking WAN

expected behavior:
rewrite /var/etc/dhcp6c_<wan name>.conf with both interfaces in prefix-interface stanzas
*RESTART* dhcp6c for the <wan name> interface

Current behavior:
nothing changes, and dhcp6c doesn't assign a prefix to the new interface.