Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - RhizomaticNomad

Pages1
#1
General Discussion / Re: [solved] IPv6 Prefix Delegation to OPNsense behind another OPNsense - no route
October 19, 2023, 11:23:13 PM
Thanks a lot Maurice, the overlapping of the PD range with the LAN subnet was obviously the failure, after adjusting this I've got it working as wanted :)

Quote from: Maurice on October 19, 2023, 07:16:45 PM
Make sure the PD range doesn't include the LAN subnet(s). With a /56, you can delegate no more than three /58 prefixes:

2^(58-56) - 1 = 3

If your LAN subnet ID is 0, set the PD range to ::40 .. ::c0.

The requirements for automatic creation of routes for downstream prefix delegation have recently been relaxed, see here:
https://github.com/opnsense/docs/pull/500/commits/a9830d87b1fbb8efaa5290480e673cd5d59230c4

Cheers
Maurice
#2
General Discussion / [solved] IPv6 Prefix Delegation to OPNsense behind another OPNsense - no route
October 19, 2023, 05:06:58 PM
Hey,

in this setup an OPNsense is via modem connected to our ISP. IPv4 works and the OPNsense receives a /56 subnet.  The LAN interface tracks the WAN interface and the connected clients can access all the other clients in that network and the internet. As it should work.The LAN interface is configured to allow manual adjustment of DHCPv6 and RA, the prefix delegation range is set
Code Select
from ::00:0:0:0:0 to ::c0:0:0:0:0 with a
Code Select
Prefix Delegation Size: 58
Beside the clients there is another OPNsense, which WAN interface is also configured as DHCPv6 and requests a delegated prefix for the /58 network. That works as well and that interface receives an IPv6 prefix for the /58 subnet. The LAN interface again tracks the WAN interface of that OPNsense, but here the problems begin. While I can ping other clients and the internet from that OPNsense, the clients connected to that LAN are only able to reach the other clients in that network.
The problem seems to be, that the first OPNsense, which is connected to the ISP and delegates the /58 network doesn't set a (deafult) route for that /58 subnet. If I follow Maurice suggestion in this thread https://forum.opnsense.org/index.php?topic=7719.msg35554#msg35554 and configure a gateway with the ULA of the second OPNsense in the first and add a route for the delivered /58 subnet with that gateway, the clients behind the second OPNsense also get access to the internet, as long as the route is valid (2 hours). At least with an Android phone, with my linux desktop it didn't work at all so far.
Any ideas what could be my misconfiguration?
Pages1