Messages

1

Virtual private networks / Re: OpnVPN client static IP [SOLVED]

« on: April 22, 2024, 04:35:53 pm »

Can you please describe where exactly I can find this setting "persist-remote-ip"?
Is it related to the Server instance or to client specific configuration?
I can't find it on my OpnSense 24.1.1 instance.

2

22.1 Legacy Series / IPv6 routing setup with virtualized OPNsense and internal VM network

« on: June 10, 2022, 12:36:54 pm »

I'm struggling with adding IPv6 to my setup, here is what I have:

Code: [Select]

           ┌───────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
           │                                                                                                               │
           │                                        Virtualization Host (Proxmox)                                          │
           │                                                                                                               │
           │                            ┌───────────────────────────────────────────────┐     ┌─────────────────────────┐  │
           │                            │                                               │     │                         │  │
           │                            │                       OPNsense                │     │          VM01           │  │
           │                            │                                               │     │                         │  │
Public     │  vmbr0 - 2a01:...::2/64    │ vtnet0 - 2a01:...::3/64       vtnet1 - XXX/YY │     │ eth0 - 2a01:...::10/64  │  │
───────────┼────────────────────────────┼────────                                ───────┼─────┼──────                   │  │
           │                            │                                               │     │                         │  │
           │                            └───────────────────────────────────────────────┘     └─────────────────────────┘  │
           │                                                                                                               │
           └───────────────────────────────────────────────────────────────────────────────────────────────────────────────┘

I have a Virtualization Host (Proxmox) which is connected to the public internet. The IP-address 2a01:...::2/64 is assigned to the public interface vmbr0 and the host is reachable.

I have installed OPNsense in a VM which is connected with one interface to the public bridge vmbr0 and with a second interface to an internal bridge vmbr1.
The WAN interface vtnet0 of the OPNsense router has an IPv6 address 2a01:...::3/64 assigned and is reachable from the public internet.

What I want to achieve:
An IPv6 DHCP Server on the internal interface vtnet1 of the OPNsense router should provide IPv6 addresses with the global prefix (let's say 2a01:...::10/64 to 2a01:...::100/64) to the internal VMs (VM01 in this example) with a static assignment, so that public IPv6 communication is possible but of course controlled with Firewall rules.

My current questions / issues:

• How should I configure the internal interface vtnet1 of the OPNsense router? Static IPv6 or SLAAC?
• What address or prefix should be assigned to the LAN interface of the OPNsense router? An address with the global 2a01: prefix or a link local address?
• How do I configure the IPv6 DHCP server? Especially, how do I configure the gateway and DNS servers to be assigned correctly?

I hope I was able to make my setup and my goals clear.
I have obviously some lack of understanding regarding this IPv6 router setup and I can't find a guide or reference setup, so any help on this is greatly appreciated.