OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of ullbeking »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - ullbeking

Pages: [1]
1
18.7 Legacy Series / Re: OpenVPN with OPNsense and IPv6
« on: November 16, 2018, 02:52:00 am »
Quote from: bartjsmit on November 11, 2018, 10:12:23 am
If you have a working IPv6 stack on your firewall (i.e. your workstations show a swimming turtle on https://cav6tf.org) then IPv6 on your OpenVPN tunnels only need a spare /64 each. Showstoppers are:

- Mean ISP's that give you only one /64 or
- Mean ISP's that give you a dynamic range

These are usually IPv4 knee-jerk reactions and show a profound misunderstanding of how stupendously large the address space is. Vote with your feet if you can.

OK, wow, this is very different to the kind of answer that I was expecting but much more informative and educational.  Thank you!!

When I finally send the cluster off to the colo facility, I don't expect them to be mean about IPv6 address space.  But it adds another dimension of things that I'll need to specify and take into consideration.

Quote
If you want to avoid split tunnel on IPv6 clients you need to push the 2000::/3 route and offer an IPv6 DNS service.

Thanks Bart.  Your answer is exactly the kind of thing that I need rather than playing into whatever misinformed notions I suspect that Reddit post had.

2
18.7 Legacy Series / Re: OpenVPN with OPNsense and IPv6
« on: November 16, 2018, 02:46:34 am »
Quote from: loredo on November 11, 2018, 09:49:33 am
While I can't give you any clear answer here, it might be useful to change the subject of this thread to include "OpenVPN" as IPv6 seems way too generic.

Good idea, and now done.  Thanks for the suggestion.

3
18.7 Legacy Series / OpenVPN with OPNsense and IPv6
« on: November 10, 2018, 06:21:31 pm »
Hello!

Months ago I made the decision to use OPNsense as the main, Internet-facing firewall service.  This is for publicly accessible computing infrastructure, where IPv6 is an assumed requirement for clients.  OPNsense will run on a bare metal server with 4 onboard NIC's.

(I had a delay in the meantime while I was attending to other concerns.  Thankfully now I'm able to return to this work.)

I read the following post recently: https://www.reddit.com/r/OPNsenseFirewall/comments/9tispi/ovpn_and_ipv6/  OpenVPN is not a foundation of my infrastructure but I do expect to use it extensively and depend on it for certain important applications.  I'd read here, for example, that IPv6 should be supported properly: https://wiki.opnsense.org/manual/ipv6.html

Is there some important concept that I'm missing?  For example, some specific edge case that I've gotten confused by?  Thanks for any help in straightening this out!

Kind regards.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2