Messages

You have to know that setting the respective "LAN" interface in "Track Interface" IPv6 mode will automatically configure DHCPv6 and Router Advertisements. If you want better control over this you set this LAN interface to "Allow manual adjustment of DHCPv6 and Router Advertisements" in which case you can see the DHCPv6 and Router Advertisement options in the service menu and can configure both. But note that setting the manual mode will disable both services so you need to configure and enable them manually as the setting suggest. And there, finally, you can feed a different IPv6 DNS server.


Cheers,
Franco

This was a really helpful answer. I got it all working now like I wanted.
First I had to enable "Allow manual adjustments of DHCPv6 and Router Advertisments" at LAN interface options. Then I created a subnet in the DHCPv6 with a specified DNS server (my PiHole).

At first i didn't get any IPv6 addres anymore but I had to enable RA in OPNSense. I chose for "Managed" and voila I got IPv6 with the PiHole as DNS server but unfortunately ALSO the router. Then I checked "Use the DNS configuration of the DHCPv6 server" in the RA options and now I only got the right IP advertised. :)

Thanks for suggestions and solution.

Cheers,
BiTRiP

I do want to use DHCPv6 and give them the ability to resolve DNS but not by the OPNSense router.

You could say to turn off DNS server at OPNSense to prevent that but I use that service for other purposes.

As far as I know there is no option to set custom IPv6 address in the DHCP options instead of (automatically) OPNSense address?

Ok let me ask the other way then:

Why is the IPv6 of OPNSense automatically pushed to DHCP clients even when it's not configured in DHCP server?
It doesn't make sense to me... :)

Beyond the above, obscuring DNS server IPs is not the way how you force clients to use a particular DNS server.

https://labzilla.io/blog/force-dns-pihole

Forcing my clients to use a particular DNS server is done via DHCP, like it should be.
But this DHCP gives more ip's than is configured....that is the whole problem.

Have you set the DNS servers in the DHCP settings for that interface explicitly? I suspect you did not so it uses all local addresses of the firewall including IPv6. If you set them it should olnly hand out those explicitly set.

Yes I have, but while I only have set 1 ip address there (192.168.2.17) my clients receive this nummer together with IPv6 of the router as DNS.
When I disable DNS server on the router, the DHCP only gives the IPv4 like i've set.

Hello,

When I run the DNS service on OPNSense, the IPv6 number of the router is automatically advertised with DHCP leases while I have only one IPv4 configured there.
This IPv4 number is of my Pi-hole server that is the main DNS server so I don't want let hosts use the IPv6 address directly but ONLY use the pi-hole server.

The reason I also have OPNSense DNS setup is because of resolving hostnames set by DHCP. So this is configure as conditional DNS server in PiHole config.

How can I prevent ISC DHCP also give the IPv6 address with all leases?

Hello,

I have a N100 mini router with 4x 2.5Gb ports. This box has 16GB memory and runs OPNSense natively on its SSD.
The ISP (KPN Fiber) uplink is 1000/1000 Mbit/s and is directly connected, so no modem in between.

When I do a speed test the download speed goes right to around 930Mbit but then immediately drops to around 600Mbit.
The upload test also goes to this 930Mbit but stays around this speed and looks fine.

When I replace the OPNSense box with the providers modem then the speedtest remains stable at 930 for both down- and upload.

Any idea why I have this problem?

At max download the CPU is just having 50% load and memory is also fine.

Thanks!  ::) :o

For pretty long time I have the issue that OpenVPN is not starting after reboot in the GUI while it is actually started in background.
I have to kill the openvpn process manually in CLI in order to get it working again.

I found similar posts having this issue but no fix. Is there a solution already?

How did you make it bootable?

I'm trying to install Opnsense (23.1) in Synology Virtual Manager on a DS220+ with your settings.
I had to convert img to iso but it's not booting (could not read from cdrom error 0005)

What am i missing?

UPDATE: never mind, i was using the wrong image (not dvd image)

Same here, since 23.1.7_x suddenly starting to have weird behaviors while nothing is changed on config.
With updates to 23.1.7_2 and 23.1.7_3 I hoped this was fixed but unfortunately not yet.

From my OpenVPN tunnels is one tunnel not responding (ping) on tunnel-subnet anymore (from both sides) but local LAN and remote LAN are still working.

Other tunnel is not responding on tunnel subnet and remote subnet.

Rebooted both ends but no luck.

Restored back to 23.1.6 all working fine again.  :)

Solved by using an "iroute 192.168.10.0 255.255.255.0" in client specific overrides!

Sounds like the same problem I have. See my topic here: https://forum.opnsense.org/index.php?topic=12163.msg55760#msg55760

What iroute should I use here?

Thanks.

[EDIT]

Also solved by using the right iroute in client specific overrides.

I can't get routing properly working.
Site B can ping everything behind OPNSense server (192.168.2.0/24) but Site A can't ping anything behind Synology router (192.168.10.0/24).

Site A LAN can ping 192.168.6.2 which is the OpenVPN IP of Synology router.

Even OPNSense router can't ping side B LAN.

Any suggestions? It looks i tried them all 😉

      
              Site A                      Site B
      192.168.2.0/24 ⁞                  ⁞ 192.168.10.0/24

       ┌──────────┐  ⁞                  ⁞  ┌──────────┐
       │ OPNsense •-----►( Internet )◄-----• Synology │
       │ (OpenVPN │  ⁞                  ⁞  │ router   │
       │  server) │                        └─•────────┘
       └────────•─┘  ⁞                  ⁞    |  192.168.10.1
   192.168.2.1  |                            | (192.168.6.2)
  (192.168.6.1) |    ⁞                  ⁞    |   
                |                            |
┌────────────┐  |    ⁞                  ⁞    |     
│ Station A1 •--┤                            |
└────────────┘  |    ⁞                  ⁞    | 
                |                            |  ┌────────────┐
┌────────────┐  |    ⁞                  ⁞    ├--• Station B1 │
│ Station A2 •--┤                            |  └────────────┘
└────────────┘  |    ⁞                  ⁞    |
                |                            |  ┌────────────┐
                |    ⁞                  ⁞    ├--• Station B2 │
                |                            |  └────────────┘
                |    ⁞   VPN network    ⁞    |
                ├~~~~~~~~~~~~~~~~~~~~~~~~~~~~┤
                     ⁞  192.168.6.0/24  ⁞   
                                       
                     ⁞                  ⁞


(c) Cduv for this diagram ;)