OPNsense Forum

English Forums => General Discussion => Topic started by: zxurian on April 06, 2021, 11:42:21 pm

Title: Looking for help with IPv6 to figure out what I did wrong
Post by: zxurian on April 06, 2021, 11:42:21 pm
Hey everyone,

Just came over from pfsense as this community & codebase seems much better for stability & my homelab tinkering.

That being said, can someone check me on my settings for DHCP & DNS? After I installed fresh (running on a fitlet2), I was getting some weird resolution errors and not all connections were working from machines behind opnsense. Web requests loaded fine, but not all application requests were working. I _think_ it has something to do with IPv6 & IPv6 DNS, but don't know enough to isolate & resolve. My knowledge of IPv6 is _very_ loose and based only on what I know if IPv4. I'm running internal network off of a Server 2019 AD acting as DNS & DHCP for homelab purposes as well. It's been working fine with pfsense for a few years, so I know it's some configuration that I'm missing with opnsense.

OPNSense is installed on fitlet2 acting as gateway & firewall.
IPv4: static, 10.0.0.1
IPv6: (no settings touched, default opnsense values)
Unbound DNS: enabled and acting as recursive resolver
- Override for AD domain set to forward to 10.0.0.51
DHCPv4: unchecked option for "Enabled DHCP server on this LAN interface"

Windows AD server acting as DNS & DHCP
IPv4: static, 10.0.0.51
IPv6: through control panel, set to obtain via DHCP. (I haven't done any work with IPv6 yet, so no idea what to even set to static)
DNS forwarding is set to forward queries to 10.0.0.1, but I don't know what IPv6 value to use to forward IPv6 DNS queries.

DHCP resolution with IPv4 is working as intended, new machines are getting an IPv4 from AD, gateway set to 10.0.0.1, & DNS set to 10.0.0.51. DNS lookups (using nslookup) hit AD first, then get forwarded to opnsense when outside of AD domain.

DHCP resolution with IPv6 is where I think I screwed something up. On a W10 client machine, I have the following (IPv6 x'd out as I don't know which is "public" and which isn't)

Code: [Select]
Ethernet adapter Aquantia 5G:

   Connection-specific DNS Suffix  . : ad.theverse.network
   Description . . . . . . . . . . . : Marvell AQC111C 5GbE connection
   Physical Address. . . . . . . . . : 04-D9-F5-60-DF-4F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : xxxxx1(Preferred)
   IPv6 Address. . . . . . . . . . . : xxxxx2(Deprecated)
   Lease Obtained. . . . . . . . . . : Tuesday, April 6, 2021 01:15:01
   Lease Expires . . . . . . . . . . : Tuesday, April 6, 2021 12:00:01
   Temporary IPv6 Address. . . . . . : xxxxx3(Preferred)
   Temporary IPv6 Address. . . . . . : xxxxx4(Deprecated)
   Temporary IPv6 Address. . . . . . : xxxxx5(Deprecated)
   IPv6 Address. . . . . . . . . . . : xxxxx6(Deprecated)
   Link-local IPv6 Address . . . . . : xxxxx7(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.94(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, April 5, 2021 15:37:45
   Lease Expires . . . . . . . . . . : Tuesday, April 13, 2021 15:37:44
   Default Gateway . . . . . . . . . : xxxxxx8
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.51
   DHCPv6 IAID . . . . . . . . . . . : 302307829
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-94-1A-5E-04-D9-F5-60-DF-4E
   DNS Servers . . . . . . . . . . . : xxxxx9
                                       10.0.0.51
                                       10.0.0.1
                                       xxxxx9
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       ad.mydomain.com
                                       ad.mydomain.com

I couldn't find a way to turn off DHCP for IPv6 in OPNSense (if that's even something I need to do). I know I have a lot to read up on regarding IPv6, but what settings should I set on OPNSense ot make sure that I'm not screwing up routing or DNS within my network. (My head says not to have two DHCP servers on the same subnet, but I know that's IPv4 thinking and doesn't necessarily apply to IPv6)
Title: Re: Looking for help with IPv6 to figure out what I did wrong
Post by: wallaby501 on August 02, 2021, 09:39:32 pm
What is set for ipv6 in Server 2019?

Also, your "fe80:xxxxx" addresses are the private ones. And if you wanted ipv6 disabled entirely, you can do so under Firewall-Settings-Advanced if you don't plan on using it (and prefer not to for whatever reason.)