Messages

1

18.7 Legacy Series / Re: ipv6: Can I get to anounce more than one prefix/subnet?

« on: August 10, 2018, 06:17:37 pm »

Sorry to disappoint, I have just edited my post while you were adding your reply above.

It's going a bit off-topic, but is a cause of the requirement of that Virtual IP.


Of course, if we continue in this topic, then it may better get a new name, or I open a new one for it next week?

2

18.7 Legacy Series / Re: ipv6: Can I get to anounce more than one prefix/subnet?

« on: August 10, 2018, 06:01:18 pm »

It DOES work, but only if:

1. I add a virtual IP for the interface (I added fddd:999:999:92::1/64)
2. I reboot OPNsense

Just the reboot is not enough, it's the virtual IP that does the trick.

--
EDIT: If that was how it was supposed to work, then that was not clear to me, sorry...

--
EDIT2: The virtual IP causes another undesired effect. After a reboot, the client no longer gets a GUA address, only the additional ULA.

A bit more details:
In my test setup I have 2 VLAN interface (91 and 92), each with a single client.
For VLAN91 I have configured Track Interface (WAN) and so the client originally got a GUA adress only. ipv6 connectivity works as expected.
For VLAN92 I have configured a static ipv6 (fddd:888:888:92::1) and RA announces this prefix.
That works as expected: ipv6 connectivity but only on my own network, and no internet.

Later on I added
* the "advertise routes" setting: fddd:999:999:91::/64 for VLAN91 and fddd:999:999:92::/64 for VLAN92
* virtual IP fddd:999:999:91::1/64 for VLAN91 and fddd:999:999:92::1/64 for VLAN92
and rebooted the firewall.

For VLAN92 I now get:
* 4 ULA addresses, 2 for both subnets (that includes a temp one for both subnets)
* routes for both subnets
That works as I had expected

For VLAN91 I now get:
* 2 ULA addresses (including 1 temp)
* no more GUA addresses

This looks a bit like a known bug (over here or at pfSense) where virtual IP + Track Interface don't work nicely together. That had something to do with the order of the ipv6 addresses in ifconfig on the concerning interface, IIRC.

If required I can try to find that bug report on Monday.

3

18.7 Legacy Series / Re: ipv6: Can I get to anounce more than one prefix/subnet?

« on: August 10, 2018, 05:33:09 pm »

That does add an additional route to the client, but does not give the extra ipv6 adresses in the new subnet.

4

18.7 Legacy Series / ipv6: Can I get to anounce more than one prefix/subnet?

« on: August 10, 2018, 02:32:16 pm »

I replied to an old(ish) feature request topic, but maybe that was not the smartest thing to do so I'll post it as a question here as well.

Is it possible to setup Router Advertisement so it announces more than 1 prefix (or subnet) to the clients on that interface?

I get a prefix from my ISP and would like to announce that using Track Interface (WAN). No issue there.
Next to that, I would also like to announce a ULA prefix.


Why the ULA addresses? I need something predictable/"fixed" for my Active Directory.
At home, I don't get a fixed IP nor fixed prefix.
At work, I do, but we will probably change ISPs in the not so distant future.

ULA addresses would make sure I can still reach all machines even when the GUA prefix changes.

5

General Discussion / Re: [Feature request] radvd multiple subnets

« on: August 09, 2018, 06:13:45 pm »

I would like to add my vote to this feature request.

I am in the process of moving from pfSense to OPNSense, and - like deasmi - would like the RA to anounce both a GUA prefix (the one I get from my provider) and a ULA prefix (one I randomly "generated").

Over at pfSense this was possible.
On the RA tab where OPNSense has the 'Advertise Routes' box, over there they have a box called "RA subnets" which announced additional prefixes/subnets.


I am using Track Interface (WAN) to get my GUA prefix.


The reason I would like this feature added is because I want to use ULA addresses internally.
At home I do not have a permanent prefix.
At work I do have a permanent prefix, but this will probably change at least twice in the foreseeable future (we will first move buildings, then later switch ISPs when fiber becomes available there)

That would mean I cannot count on my GUA addresses as being permanent, and I would very much like to avoid reconfiguring the network.

Having both subnets announced would be helpful in my case I think