1
Virtual private networks / Re: Wireguard Mullvad IPv6 selective routing
« on: November 01, 2021, 04:27:52 pm »The steps for adding IPv6 are here:
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#configuring-ipv6
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
The steps for adding IPv6 are here:
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#configuring-ipv6
2
21.7 Legacy Series / Re: IPV6, prefix delegation and 2 LAN subnets
« on: October 09, 2021, 03:19:31 pm »First, what size prefix are you getting from the ISP? If only a /64, stop right there. You will need something larger, typically a /56 or /60.
If the larger prefix, then for your LAN2 interface you will still track the WAN, but set it for IPv6 Prefix ID = 1.
3
21.1 Legacy Series / Re: Blocking unwanted IPv6 RAs from devices on LAN
« on: June 19, 2021, 05:33:42 pm »One possibility is to set the OPNsense RA priority to "high". The default is "normal" which is "medium" ... the same as the rouge RA. A higher priority RA from OPNsense may very well my keep AnyConnect from flipping as it does now due to receiving multiple RA's of the same priority.
4
21.1 Legacy Series / Re: Blocking unwanted IPv6 RAs from devices on LAN
« on: June 19, 2021, 04:17:26 pm »
Since the "rouge" RA's are already on the LAN, OPNsense can't do anything about it. The source device sends them out and everybody is going to see them.
What you would need is a feature like RA Guard on the wireless or the wired switched LAN depending on the device attachment.
Perhaps AnyConnect has a feature to only trust specific source RA's or something along that line?
What you would need is a feature like RA Guard on the wireless or the wired switched LAN depending on the device attachment.
Perhaps AnyConnect has a feature to only trust specific source RA's or something along that line?
5
21.1 Legacy Series / Re: IPv6 not working
« on: May 18, 2021, 03:20:58 am »On the client side, IPv6 is enabled DHCP.
See this thread: https://forum.opnsense.org/index.php?topic=22936.msg109141#msg109141
Good chance you are hitting the bug referenced. Only fix is a reboot.
6
21.1 Legacy Series / Re: Opnsense not receiving updated WAN from modem DHCP
« on: May 13, 2021, 01:30:25 am »Well my system has been running fairly well so far; only one random disconnection but I was able to release/renew DHCP and get back up and running.
Thanks again for your help!
Excellent! Happy it's working.
7
21.1 Legacy Series / Re: Opnsense not receiving updated WAN from modem DHCP
« on: May 11, 2021, 05:09:27 pm »
Sounds like a plan! 
To keep it clean, remove the spoofing config on the OPNsense WAN.
To keep it clean, remove the spoofing config on the OPNsense WAN.
8
21.1 Legacy Series / Re: Opnsense not receiving updated WAN from modem DHCP
« on: May 11, 2021, 04:35:18 pm »
The graphic looks right, but the details in the tutorial are wrong. The tutorial shows all ports also living in VLAN 1 (attached graphic). That needs to be stripped out of Port 2.
You have already seen the impact of that error by making it work (for a while) by cloning the TP's MAC. That ain't right, having the same MAC on two device in the same VLAN will always present "random" problems.
You have already seen the impact of that error by making it work (for a while) by cloning the TP's MAC. That ain't right, having the same MAC on two device in the same VLAN will always present "random" problems.
9
21.1 Legacy Series / Re: Opnsense not receiving updated WAN from modem DHCP
« on: May 11, 2021, 03:49:41 am »
Remove VLAN 1 from Port 2. The port to the cable modem needs to be isolated.
A cable modem will only provide an address to the first MAC it sees. Since you have a managed switch, it can be seeing the MAC of the switch management IP first So, if the TP-Link works as I expect it to, removing VLAN 1 from the CM port will make the problem go away. Make the change and reboot everything.
EDIT: Also, remove the spoofing.
A cable modem will only provide an address to the first MAC it sees. Since you have a managed switch, it can be seeing the MAC of the switch management IP first So, if the TP-Link works as I expect it to, removing VLAN 1 from the CM port will make the problem go away. Make the change and reboot everything.
EDIT: Also, remove the spoofing.
10
21.1 Legacy Series / Re: [21.1.5] IPv6 unstable with DHCPv6 and RA "Managed"
« on: May 04, 2021, 02:49:18 pm »Possibly related to this?:
DHCPv6 server intermittently unresponsive, not responding to solicits
https://github.com/opnsense/core/issues/4691
11
21.1 Legacy Series / Re: Recurrent DHCPREQUEST Message in General Log
« on: April 27, 2021, 05:07:53 am »I bet you are on Cox. They use 172.19.x.x for their DHCP servers and self-install Walled Garden function.
Is this new service?
If you are having any issues, like DHCP not renewing, you will need to allow DHCP for the RFC1918 space.
12
21.1 Legacy Series / Re: My OPNSense cant route IPv6
« on: March 15, 2021, 01:52:00 am »OPNsense will still autoconfigure a WAN address and prefix using SLAAC. You can't disable that, can you (I seriously don't know)?
OPNsense should only autoconfigure if the A-flag is set in the Router Advertisment from the ISP router.
To fix this problem of the same prefix appearing on the WAN via SLAAC, and on the LAN from DHCP-PD, you need need to unset the RA's A-flag on the ISP router. Then on OPNsense set the WAN to "Request only an IPv6 prefix".
So, what config settings are available on the ISP router. It may appear as a "Managed" option like OPNsense does.
This sound logical?
Ramblings: Not sure if the RA on-link L-flag would confuse OPNsense as it would be informed that the prefix was "on the wire" (WAN), but see if the above is available and it may just work. Also, if the prefix still existed on the ISP router interface, I don't think it would route properly to OPNsense. Got'a be some piece of the the ISP router configuration we're not seeing.
13
General Discussion / Re: IPv6 questions
« on: March 11, 2021, 02:34:53 pm »
There seems to be some misunderstanding of DHCPv6, Prefix Delegation and routing.
1) Setting OPNsense WAN to DHCPv6 and requesting a /48 isn't going to do anything productive if the draytek isn't capable of serving PD. I suspect it is only able to provide host addresses. Please verify.
2) The concept of setting the WAN to DHCPv6-PD then configuring a static address on the LAN makes no sense from a configuration perspective. Bit of a contradiction.
3) The core connectivity problem is probably due to the draytek not having a route to the LAN 2A02:x:x:1000::1/64. It would have to point to the OPNsense WAN interface (next hop route). If the draytek is not capable of IPv6 static routes, then there will be no return traffic.
4) Setting static IPv6 address with an ISP that provides addressing via PD --- If your address space never changes, then you can get away with it, but if it does you will forever be redoing everything.
1) Setting OPNsense WAN to DHCPv6 and requesting a /48 isn't going to do anything productive if the draytek isn't capable of serving PD. I suspect it is only able to provide host addresses. Please verify.
2) The concept of setting the WAN to DHCPv6-PD then configuring a static address on the LAN makes no sense from a configuration perspective. Bit of a contradiction.
3) The core connectivity problem is probably due to the draytek not having a route to the LAN 2A02:x:x:1000::1/64. It would have to point to the OPNsense WAN interface (next hop route). If the draytek is not capable of IPv6 static routes, then there will be no return traffic.
4) Setting static IPv6 address with an ISP that provides addressing via PD --- If your address space never changes, then you can get away with it, but if it does you will forever be redoing everything.
14
21.1 Legacy Series / Re: Backups To Google broken ?
« on: March 04, 2021, 06:54:51 pm »Just to mention it ... There will only be a "daily backup" if something has changed in the configuration (one that you made). If you didn't make a change on a given day, you will not see a new backup.
15
General Discussion / Re: Voip IAX Trunk - Reset States
« on: February 24, 2021, 06:44:52 pm »It's both IAX and SIP (IAX inter Office) and SIP for the main lines - without the forwards we end up with one way Audio.
I was referring to the IAX2 trunking protocol ( https://www.voip-info.org/iax/ ). This works differently than SIP. Some providers still offer IAX2 trunks.
Pages: [1] 2