1
General Discussion / Static setting of IPv6 block /64
« on: May 25, 2024, 02:17:25 am »
Hello,
I am trying to setup IPv6 for my OPNsense router. I got a /64 IPv6 block from the provider. I would like to statically set IPv6 on the WAN and LAN interfaces and then assign IPv6 to clients connecting to the LAN using DHCPv6.
I received information from the provider that I should use the block xxxx:xxxx:ffff:1121::/64 and that xxxx:xxxx:ffff:1121::1 is the gateway.
I made the following settings:
Configuring the WAN Interface:
1. Log in to the OPNsense web interface.
2. Navigate to Interfaces > Assignments.
3. Click on the name of the WAN interface.
4. In the Static IPv6 Configuration section, fill in the following:
IPv6 Address: xxxx:xxxx:ffff:1121::5
IPv6 Prefix: 64
IPv6 Upstream Gateway: xxxx:xxxx:ffff:1121::1
5. Click Save and then Apply Changes.
Configuring the LAN Interface:
1. Navigate to Interfaces > Assignments.
2. Click on the name of the LAN interface.
3. In the Static IPv6 Configuration section, fill in the following:
IPv6 Address: xxxx:xxxx:ffff:1121::7
IPv6 Prefix: 64
4. Click Save and then Apply Changes.
Setting Up the DHCPv6 Server:
1. Navigate to Services > DHCPv6 > LAN.
2. Check Enable DHCPv6 server on LAN interface.
3. In the Subnet section, fill in:
Range: xxxx:xxxx:ffff:1121::1000 to xxxx:xxxx:ffff:1121::2000
4. Click Save.
Configuring Router Advertisements (RA) on LAN:
1. Navigate to Services > Router Advertisements > LAN.
2. In the Router Mode section, select Managed.
3. Click Save.
The result is that the client receives the correct IPv6 address from the set range. He also gets a route.
But I can't get to the IPv6 address of the LAN or WAN interface.
At the same time, I cannot reach any IPv6 address on the Internet.
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether bc:24:11:a5:dd:6b brd ff:ff:ff:ff:ff:ff
altname enp0s18
inet 172.16.1.39/24 metric 100 brd 172.16.1.255 scope global dynamic ens18
valid_lft 5461sec preferred_lft 5461sec
inet6 xxxx:xxxx:ffff:1121::11f3/128 scope global dynamic noprefixroute
valid_lft 5459sec preferred_lft 2759sec
inet6 fe80::be24:11ff:fea5:dd6b/64 scope link
valid_lft forever preferred_lft forever
ip -6 route
::1 dev lo proto kernel metric 256 pref medium
xxxx:xxxx:ffff:1121::/64 dev ens18 proto ra metric 100 expires 86394sec pref medium
fe80::/64 dev ens18 proto kernel metric 256 pref medium
default via fe80::1c43:adff:fefb:d3a8 dev ens18 proto ra metric 100 expires 1794sec mtu 1500 pref medium
I have all traffic from the LAN net allowed on the firewall.
Where can the problem be?
Thank you for your help.
I am trying to setup IPv6 for my OPNsense router. I got a /64 IPv6 block from the provider. I would like to statically set IPv6 on the WAN and LAN interfaces and then assign IPv6 to clients connecting to the LAN using DHCPv6.
I received information from the provider that I should use the block xxxx:xxxx:ffff:1121::/64 and that xxxx:xxxx:ffff:1121::1 is the gateway.
I made the following settings:
Configuring the WAN Interface:
1. Log in to the OPNsense web interface.
2. Navigate to Interfaces > Assignments.
3. Click on the name of the WAN interface.
4. In the Static IPv6 Configuration section, fill in the following:
IPv6 Address: xxxx:xxxx:ffff:1121::5
IPv6 Prefix: 64
IPv6 Upstream Gateway: xxxx:xxxx:ffff:1121::1
5. Click Save and then Apply Changes.
Configuring the LAN Interface:
1. Navigate to Interfaces > Assignments.
2. Click on the name of the LAN interface.
3. In the Static IPv6 Configuration section, fill in the following:
IPv6 Address: xxxx:xxxx:ffff:1121::7
IPv6 Prefix: 64
4. Click Save and then Apply Changes.
Setting Up the DHCPv6 Server:
1. Navigate to Services > DHCPv6 > LAN.
2. Check Enable DHCPv6 server on LAN interface.
3. In the Subnet section, fill in:
Range: xxxx:xxxx:ffff:1121::1000 to xxxx:xxxx:ffff:1121::2000
4. Click Save.
Configuring Router Advertisements (RA) on LAN:
1. Navigate to Services > Router Advertisements > LAN.
2. In the Router Mode section, select Managed.
3. Click Save.
The result is that the client receives the correct IPv6 address from the set range. He also gets a route.
But I can't get to the IPv6 address of the LAN or WAN interface.
At the same time, I cannot reach any IPv6 address on the Internet.
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether bc:24:11:a5:dd:6b brd ff:ff:ff:ff:ff:ff
altname enp0s18
inet 172.16.1.39/24 metric 100 brd 172.16.1.255 scope global dynamic ens18
valid_lft 5461sec preferred_lft 5461sec
inet6 xxxx:xxxx:ffff:1121::11f3/128 scope global dynamic noprefixroute
valid_lft 5459sec preferred_lft 2759sec
inet6 fe80::be24:11ff:fea5:dd6b/64 scope link
valid_lft forever preferred_lft forever
ip -6 route
::1 dev lo proto kernel metric 256 pref medium
xxxx:xxxx:ffff:1121::/64 dev ens18 proto ra metric 100 expires 86394sec pref medium
fe80::/64 dev ens18 proto kernel metric 256 pref medium
default via fe80::1c43:adff:fefb:d3a8 dev ens18 proto ra metric 100 expires 1794sec mtu 1500 pref medium
I have all traffic from the LAN net allowed on the firewall.
Where can the problem be?
Thank you for your help.