Messages

Not that it helps you, but I've upgraded 4 OPNSense routers from 25.7 to 25.7.1 with no issues whatsoever.

If it helps anyone, I've successfully upgraded:
A CWWK N100, AliExpress jobber with os-cpu-microcode-intel installed
Numerous R86S N100's with os-cpu-microcode-intel installed

So far, all have upgraded with no issues. (3 done so far, 1 to go)

Upgraded my spare R86S router, with basic config, with no issues.

Entire process was smooth.

Will start upgrading the other 4 in least important order :)

I guess because I saw on X "OPNSense 27.5 released..." and assumed it would be there? :)

Same, and I'm not using a mirror...

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2014q3/008804.html

This was where any RIO discussion seemed to have ended in a non implementation of it.

That kind of explains it all :)

What's interesting is their comments on how different OS's deal with RIO's does not match my experience :)

I'll stick with OPNSense RADVD......let's hope it stays around forever.

One day, maybe my ISP will support IPv6, and I can just launch GUA's out and forget about this experience.......

Completely agree.

As I say, I'm back with OPNSense's RADVD now and its working perfect.

Shame really, as would be nice to house everything in DNSMasq, but DHCP and DNS will do for now......

Thanks for everyones help with this....

Thanks,

The issue I am seeing is as follows:

In my home lab, I get my IPv6 from a VPS over Wireguard on OPNSense.

I am using ULA on my LAN, with NPTv6 to get out to the internet.
I do this almost to depreference IPv6, as most OS will choose IPv4 over an IPv6 ULA. (IPv6 slower link over wireguard, and data caps)

This actually works really well with OPNSense's built in Router Advertisements.

When trying to use DNSMasq, it seems the route info option (24), or lack of, is a critical part of making what I do work.

What was happening last night, was when I started using DNSMasq to advertise, the lack of RIO (24), allows other devices on my network to announce a ULA prefix.
Namely, an Amazon Echo Studio.  It started advertising an fd35: prefix, which gets picked up by my Linux server, which now has both (fd35, and my advertised fd76)
As I mention, iOS and Windows seem to cope with this, but Linux prefers the ULA with RIO (24) as its source address and thus....no access outbound.
Deprefrencing the fd35 address (lft 0), and it then works.

When using OPNSense Router Advertisements, it includes RIO(24), and the Amazon echo, on seeing this, stops advertising its own prefix, and my Linux server starts to work.

As I said, the way I do IPv6 is horrible, but better than not having it at all.

For now, I'm back to using OPNSense RA's, and everything is working.

My head hurts a lot from deep diving tcpdump.....

Back again, with hopefully the final piece of the puzzle, and it's a bit technical.
I don't want to get too deep into my config, but it all involves ULA and NPTv6, but the crux of my issue now is this:

With OPNSense->Services->Router Advertisement that RA includes:

route info option (24) (I assume because of the tickbox Advertise Default Gateway)
mtu option (5)
source link-address option (1)

With DNSMasq, it only has:
mtu option (5)
source link-address option (1)

Is there a way in DNSMasq to get the RA to include route info option (24)

Without it, my Linux servers are having a hard time using IPv6. (Because of other ULAs, and source address selection) iOS and Windows are fine.....

The way I do my IPv6 is *far* from ideal, but it is what it is, short of turning it off :)

Thanks Cedric,

Thankfully a reboot of Proxmox itself seems to have resolved it.

I can only imagine RDNSS got stuck on vmbr0, which is what the windows VM uses.

I truly love OPNsense, and I am so appreciative of your help.

It seems fine on iOS devices, but one of my windows devices still has the DNS, even after a reboot.
It's a Proxmox VM so need some digging.

Might need to get wireshark involved here.

Definitely can't see the rdnss in the RA on Linux.

Thank you so much for your help thus far....

I *think* that may have done it:

No rdnss option showing now

15:26:32.529712 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 64) fe80::aab8:e0ff:fe02:d25 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 64
        hop limit 255, Flags [other stateful], pref medium, router lifetime 600s, reachable time 0ms, retrans timer 0ms
          prefix info option (3), length 32 (4): fd76:192:168:76::/64, Flags [onlink, auto], valid time 86400s, pref. time 86400s
            0x0000:  40c0 0001 5180 0001 5180 0000 0000 fd76
            0x0010:  0192 0168 0076 0000 0000 0000 0000
          mtu option (5), length 8 (1):  1280
            0x0000:  0000 0000 0500
          source link-address option (1), length 8 (1): xx:xx:e0:02:0d:xx
            0x0000:  a8b8 e002 0d25

Sorry, but I'm back again.

It seems that DNSMasq is sending out RDNSS when I dont want it to....:(

Anyway to stop that? I dont want any DNS info sent with the RA.

In the other method it was a checkbox, but struggling to find it in DNSMasq...

Sorry for the trouble....

Just to confirm this worked perfectly.

Thanks....

Now using DNSMasq for DHCP, DNS, and RA.

Set an explicit RA mode in the dhcp-range, then you can set an MTU for RA.

https://github.com/opnsense/docs/blob/e46dfd4cb78dd2459716785a4ca46950e70b8a92/source/manual/dnsmasq.rst?plain=1#L290

https://docs.opnsense.org/manual/dnsmasq.html#dhcp-settings

Absolutely brilliant.....thanks.....