OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: almodovaris on December 19, 2022, 11:40:06 pm

Title: force LAN IPv6 suffix
Post by: almodovaris on December 19, 2022, 11:40:06 pm

I have the LAN have a v6/t6 (track WAN) IPv6 address. It has /62 suffix.

How do I force a /64 suffix for LAN only? I want to keep the track WAN option.

Title: Re: force LAN IPv6 suffix
Post by: WN1X on December 19, 2022, 11:57:25 pm

What size prefix are you getting on the WAN?

Title: Re: force LAN IPv6 suffix
Post by: almodovaris on December 19, 2022, 11:58:32 pm

WAN has /64 alotted to it, but the IPv6-PD is /60.

Title: Re: force LAN IPv6 suffix
Post by: almodovaris on December 20, 2022, 12:30:03 am

I fixed it with a hack. I have applied Step 3 from https://docs.opnsense.org/manual/how-tos/ipv6_dsl.html

Title: Re: force LAN IPv6 suffix
Post by: franco on December 20, 2022, 11:08:45 am

Why is that a hack. I don't understand.


Cheers,
Franco

Title: Re: force LAN IPv6 suffix
Post by: almodovaris on December 20, 2022, 11:41:59 am

The WAN used to have public /64 IPs. It no longer haves them. Now it's a private /64. And it fixed the /62 into a /64 range for LAN.

Title: Re: force LAN IPv6 suffix
Post by: Patrick M. Hausen on December 20, 2022, 11:54:51 am

You cannot have a /62 on LAN. If DTAG delegates you a /62 the intention is to use up to 4 separate /64s. All boradcast interfaces have /64 in IPv6. Always.

Title: Re: force LAN IPv6 suffix
Post by: franco on December 20, 2022, 12:38:56 pm

Yes, it just sounds like it wasn't configured properly, hence me doubting the "hack" part of the fix.


Cheers,
Franco

Title: Re: force LAN IPv6 suffix
Post by: almodovaris on December 21, 2022, 09:13:38 am

Then I would like to have a checkbox to force a /64, nothing else.

If it matters, I have the internet provider Ziggo from the Netherlands. It behaves pretty much like FLETS from Japan.

Title: Re: force LAN IPv6 suffix
Post by: Patrick M. Hausen on December 21, 2022, 09:16:30 am

No, no, no  :)

If your provider delegates you a /62 you must ask for a /62. If they delegate a /56 you must ask for a /56.
It's only that the assignment to any local interface will always be a /64 because there are no other prefix lengths on local interfaces in IPv6. It's always /64.

HTH,
Patrick

Title: Re: force LAN IPv6 suffix
Post by: almodovaris on December 22, 2022, 02:11:32 am

In OpenWRT I have a /60 on the LAN. And it works.

Title: Re: force LAN IPv6 suffix
Post by: franco on December 22, 2022, 09:13:05 am

I still don't understand. Sure, /60 works in some ways, but only if the WAN gets a PD like /56. So what are we comparing? And how does this translate to discussing /62 vs. /64? It sounds like the OPNsense is behind the OpenWRT. The description of the problem leaves out the setup that is at play here..

And to reiterate. Track interface NEVER assigns anything other than /64.


Cheers,
Franco

Title: Re: force LAN IPv6 suffix
Post by: almodovaris on December 22, 2022, 12:17:06 pm

Oh, boy. Track WAN assigns to LAN /62 in one location (behind OpenWRT) and /60 at another house (immediately behind Ziggo modem/router, that is in its DMZ).

In both cases a public /64 gets assigned to WAN.

Title: Re: force LAN IPv6 suffix
Post by: franco on December 22, 2022, 12:36:18 pm

Nevermind, going to pass on this.


Cheers,
Franco