OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: sxpcph on July 11, 2017, 05:49:33 pm
-
Hello!
Having finally got the opportunity to work with IPv6 over a backup DSL connection provided by a consumer grade router from my ISP, I have tried for a couple of days to make my OPNsense hand out some IPv6 addresses to its LAN and Guest interfaces but without any luck.
The router has its own /128 address on its WAN and it hands out a /48 through DHCPv6 to its own LAN interface and I would like to run with these public addresses internally as well.
My goal is to have OPNsense hand out a /64 or less to both its LAN and Guest interface but right now I would like to concentrate on just getting it to work on my LAN. I have tried to illustrate my setup below.
ISP
| /48
DSL router (/128)
| /48
OPNsense
| /64
LAN
The router has some IPv6 options, being stateless / stateful and address handout can be done through DHCPv6 / Router Advertisement / Both and RADVD is enabled. If I connect a laptop to the router's LAN then it gets an IPv6 address and can use it just fine and passes the various web-based IPv6 tests.
I have enabled DHCPv6 on OPNsense WAN with PD size set to 64 and no hint and track interface on LAN to WAN with prefix 0.
The status on my Dashboard is that WAN has got an IPv6 address from the router but my LAN has only got its static IPv4. Another laptop I have connected to OPNsense LAN gets an IPv4 address from OPNsense but not IPv6.
The system logs tells me: opnsense: /usr/local/etc/rc.filter_configure: Could not find IPv6 gateway for interface(wan).
What am I missing here?
I have also tried to set a static IPv6 address on both WAN and LAN and fiddled with DHCPv6 but cannot get this to work either, however this is likely due to my still limited amount of knowledge on how to properly route IPv6.
When my router gets an x:y:z:: /48 address then what is best practice to use for OPNsense?
The router hands out x:y:z:0:: /64 to a laptop on its LAN.
I would figure an OPNsense static WAN address "has" to be in this range as well?
And from that point onwards I can configure my LAN with x:y:z:0:1:: /80 and Guest with x:y:z:0:2:: /80
Or I might be terribly mistaken.
Any help will be much appreciated as I am wearing myself out by not being able to make this work.
-
Please have a look here https://forum.opnsense.org/index.php?topic=5069.45
You need stateful DHCPv6 on the router and it must give out Prefixes as well as addresses. WAN must get an IPv6 address, LAN then gets the prefix.
Cheers,
Franco
-
Hi,
is there an option on the router to specify the prefix size that it can hand out? I am not sure if it's sufficient for OPNsense to get an address with /64 ... I would try /62 or /60 ...
Best regards,
Jochen
-
Hello both of you and thank you for your replies.
I had forgot to turn on notifications so I only just discovered your updates after I had come back from holiday this week, my apologies for that.
I have attached a screenshot of the IPv6 configuration on the DSL router, a Zyxel VMG3925-B10B provided by my ISP. Here I have switched it to stateful and broken my /48 into a /56 as suggested by you.
However the result now is that my WAN interface no longer gets an IPv6 address and neither does a laptop hooked into the router's LAN interface along with OPN. I am obviously doing something wrong, but what?
Also, following the thread Space (Jochen) made about his challenges and you linked to, I have tried to replicate it but without any luck.
-
Hi,
are you using the most current OPNsense version (17.1.11) which fixed the issue for me ... show us your configuration on OPNsense on the WAN interface please ...
Best regards,
Space
-
You should leave your IPv6 subnets containing hosts at /64. That is the standard
Bart...
-
Current router LAN configuration:
IPv6 address: 2a05:f6c7:1927:0:baec:a3ff:fe09:8c48
Link-local: fe80::baec:a3ff:fe09:8c48
DHCP enabled
DHCPv6 configuration
Stateful
RA & DHCPv6
Start address: 2a05:f6c7:1927:1::
End address: 2a05:f6c7:1927:1::ffff
DNS 1: 2001:4860:4860::8844 (Google)
DNS 2: 2001:4860:4860::8888 (Google)
Attached below are some screenshots of my OPNsense configuration. It is version 17.1.11 a fresh install without any services running and the only plugin is os-vmware for VMware overview.