Messages

Thanks :)

So in NPTv6
   2a01:cb00:xxxx:yyyy::/64   fd2a:ef:f0:73:xxxx::/64   None

from 2a01:cb00:xxxx:yyyy::11 ping fd2a:ef:f0:73:xxxx::53
request timed out

Not working

Hello

I have a functionnal ipv6 network

My ISP delegate 2a01:cb00:xxxx:xxxx::/64
Opnsense DHCP distribute ip with 2a01:cb00:xxxx:xxxx::

Everything is fine and runing.

But sometime my ISP changes the delegation. Not a good thing with server.

Could I use ULA for certains servers (Active Directory and Pi-Hole for exemple) and route 2a01:cb00:xxxx:xxxx:: to this ULA ?
How could I have fixed ipv6 in the lan whatever the prefix is ?

Thanks for help (I'm lost TBH)

Hello

Today I have inside ISC DHCPv6 two DNS server for everyone from the setting: "DNS servers"

Is there a way for a specific DHCPv6 Static Mappings to have different DNS server that the one for everyone ?

Thanks for help

ok
this is why my FW are crashing (no reboot juste gone for FW2)

Hello

I have a functionnal wireguard setting. I can ping everything over ipv4 (LAN or WAN)
But no access to ipv6 ping.

on server peers allowed IP: 0.0.0.0./0,::/64
on client : ::/0

Thanks for help

Hello to all

This topic can help poor soul like me.

My ISP changes the prefix of my ipv6 fiber.

Solution

dhcpv6
Range should be only the suffix

DHCPv6 Static Mappings for this interface.
also only suffix

But big issue with the dns servers (that are static in the settings and in my case those dns are from DHCPv6 Static Mapping)

Then
vi /usr/local/bin/update_dhcpv6_dns.sh

Code Select Expand

!/usr/bin/bash

ALIAS1="AD1"
ALIAS2="AD2"

IPV6_ADDR1=$(pfctl -t "$ALIAS1" -T show | grep ":" | head -n 1 | sed 's/^[[:space:]]*//')
IPV6_ADDR2=$(pfctl -t "$ALIAS2" -T show | grep ":" | head -n 1 | sed 's/^[[:space:]]*//')


if [ -z "$IPV6_ADDR1" ]; then
    echo "Error for ($ALIAS1)."
    exit 1
fi

if [ -z "$IPV6_ADDR2" ]; then
    echo "Error for  ($ALIAS2)."
    exit 1
fi



cp /conf/config.xml /conf/config.xml.bak


sed -i "" "/<dhcpdv6>/,/<\/dhcpdv6>/{
    s#<dnsserver>.*</dnsserver>#<dnsserver>$IPV6_ADDR1</dnsserver>#;

    /<dnsserver>/ {
        n
        s#<dnsserver>.*</dnsserver>#<dnsserver>$IPV6_ADDR2</dnsserver>#
    }
}" /conf/config.xml


grep -A 5 "<dhcpdv6>" /conf/config.xml

pluginctl -s dhcpd6 restart

ADDR2."

Then

vi /usr/local/opnsense/service/conf/actions.d/actions_dhcpv6update.conf

Code Select Expand

[wake]
command:/usr/local/bin/update_dhcpv6_dns.sh
type:script
description:DHCPv6 UPDT prefix DNS servers
message:UPDT DNS Servers DHCPv6

And last
add a cron from GUI

Problem is solved and shoudn't be wipped by opnsense updates

;)

Is OPNsense your DNS server (Unbound / Dnsmasq)? Then you don't have to manually enter DNS server addresses in the ISC DHCPv6 settings. If left empty, the interface address will be used.

If your DNS servers are separate machines in your network, then you'll have to use their link-local addresses or deploy ULAs.

Cheers
Maurice

Opnsense is not my DNS Server
the link-local adresse is fixed ?
Thanks

I think I'll go the ULA ways

I juste need fixed ip with ULA for the DNS

Thank you

Did you find any solution ?

Would like alias host dynamic ipv6

Hello

DNS servers got IP from DHCPv6 itself
Sometime ISP prefix changes.

Range change accordingly thus modifying dns server prefix IPs

There is no way to have the dns server ip with prefix ?

Thank for help

ITS WORKING :)
THANK you    :D

so i need to create a carp for ipv6
understood

EDIT: ok fe80::1/64 as carp

But I don't understand for RA ?

EDIT: Source adress in RA: (fe80::1)

Thank you for your time

Hello

I have 2 OpnSense in HA.
IPv4 and CARP are working flawlessly.

BUT for IPv6 I'm lost.
If I set HA1 with WAN DHCPV6, LAN Trackt and manual RA (managed). Everything is OK.
But adding the same settings to HA2 messes everything.
How can I IPv6 on both machine and have HA1 some sort of prioritized over HA2 ?

Thanks

My case
Dhcpv6
Static lease (to have the DUID juste check the ip on the device then check in on the lease then use the plus button)

Voilà

Website is working on ipv6
I think the blocage comes from the orange box