Messages

Hi Franco,

thanks, clear.
However, what I would like to understand is if my way is currently still the recommended way with different prefixes for different subnets, or if there is now an alternative more "standard" way with KEA or DNSmasq.

Maybe I also not really understand the difference between "track interface" and "Identity Association".

Thanks
Mario

Hi everybody,

I will be in the same situation when I upgrade to 26.1 and honestly, I am somehow confused with the IPv6 topic.

I have a FTTH account with Telekom in Germany. I also get a /56 prefix.

My current setup:
KEA DHCP for IPv4. Different VLANs with different subnets.

For my VLAN interfaces and IPv6, I did the following:
- In the WAN interface I put "IPv6 Configuration Type: DHCPv6"
- In the LAN VLANS I put "IPv6 Configuration Type: Track interface"
 - Under "Track IPv6 Interface" I put my WAN interface and I assigned a unique prefix for each interface
- Under "Services" KEA DHCPv6 is disabled
- Under "Services" ISC DHCPv6 is enabled for the VLANs and shows the IP ranges
- "Service -> Router Advertisments" is set to "Assisted" for the single LAN VLANS.

DNSMasq is not enabled.

I have this IPv6 setup since the beginning and put it following a howto for my provider.

Will this still work with the 26.1 upgrade? (I think so with ISC running as a plugin...?)
More important: Is this the way to go? What would now be the recommended way for my setup?
- Different prefixes for my VLANS
- Dynamic IPv6 /56 prefix received from my provider when dialing in via PPPoE.

I think this will be relevant for a lot of users at least in Germany ;)


Cheers
Mario

I could solve the problem, so for all of you who are in the same situation:

Realtek basically offers the following drivers:
- Auto Installation Program (NDIS) Not Support Power Saving
- Auto Installation Program (NDIS)
- Auto Installation Program (NetAdapterCx) Not Support Power Saving
- Auto Installation Program (NetAdapterCx)

I had the issue with the one from ASROCK driver (Realtek Lan driver ver:10.071.0425.2024). Based on the version, I think this is an NDIS driver. Then also with the "Auto Installation Program (NetAdapterCx)". Same result.

Now I also tried the "Auto Installation Program (NetAdapterCx) Not Support Power Saving". And finally all works fine.

So seems, that the power saving has caused this problem.

Connected by a switch. However same cable for the USB and for the Realtek.

IPv6 enabled for the NIC with DHCP enabled. Same for the Realtek and for the USB model.

I first used the Realtek driver from the ASROCK homepage for my mainboard. Then later also changed it to the latest from the Realtek homepage. Without any change.
As this is now happening with 2 computers and with a completely new Win11 installation, I was wondering if I am the only one.

Quite strange as it works for all my other devices (Linux), my work Laptop (win11) and also for my new Win11 computer if I just plug in the USB NIC...

On OPNSense ISC DHCPv6 I could see a lease given, but seems not to be received/accepted on my client.

btw: Service - Router Advertisements was "disabled", I changed it now to "Assisted". However does not make a difference.

Hi,

I had a Win11 Desktop with an ASROCK B550 Mainboard with a Realtek 2.5G NIC. And since some time I realized I did not get an IPv6 adress anymore.
All other devices work fine.

Now I got a new PC with a fresh Win11 installation. ASROCK X870 Pro RS board, again with a Realtek 2.5G NIC. Same problem. When I plug in a USB NIC, I get the IPv6 address.

Does anybody know problems like this?

Is anyone going to fix the version typo on the title of this thread?

Sorry ;)
Done

One question regarding DHCPv6 and RA.

In my LAN interface I track my WAN interface for IPv6 and just define a prefix for my 56-subnet I get from my provider.
If I then do not select the manual configuration (Allow manual adjustment of DHCPv6 and Router Advertisements).

What are then the defaults for DHCPv6 and RA?
My challenge is that, when the "manual configuration" is not ticked, I do not even see the Service->RA or the Service->ISC-DHCPv6 settings showing up.

OK thanks.
And just one (I think now rather stupid question).
I was always thinking, I am running a DHCPv6 server on my Opnsense.
But after a short ChatGPT consultation, I think I understood now that without the manual IPv6 configuration of the interface, I am only using router advertisement and the clients are using SLAAC to generate their IP. Is this correct?
This would explain why I cannot deactivate it and the only menu option below ISC DHCPv6 are the "Leases".

If I understood this right, I can ignore DHCPv6 in my current setup....?

OK, so this would mean before changing my setup waiting for 25.7. correct?

So if I understand right, then DNS would be still Unbound on port 53 and DNSMASQ on another port to answer queries for local hostnames?

And regarding ISC: I can dissable ISC for IPv4. But how does this work for IPv6? Can only view the leases there but find no further options.

Hi everybody,

honestly I am now a bit confused and need some advice.

In the past I was using unbound for DNS and ISC DHPC for DHCP.
I defined private IPV4 subnets in ISC-DHCP for my vlans.

For IPV6 i set DHCPv6 in my WAN interface (PPPOE - Deutsche Telekom) and in my LAN interfaces just tracked the WAN and set a prefix id.

Some time then, I switched to KEA for DHCPv4 (as it was supposed to be the new standard). Created my subnets there, set fixed IPs etc.

Now with Kea IPv6 and also everything in DNSMASQ: Which is the preferred setup?

Is it only DNSMASQ instead of ISC + KEA + UNBOUND?

I just installed the DNSCrypt plugin and I have the same problem with the logs

Reading the questions:
I just realized that I completely forgot about the DynDNS. I mean the time it needs to update.
I was super quick with testing. What a shame, if this would be the reason..... :-[

So I just rolled back to 24.1.1, updated again to 24.1.2 (without the patch).
I will now test again and having a look at the DynDNS topic....

So...
After a clean update to 24.1.2, a few minutes of just waiting and doing nothing, everyhting works nicely...  :)

So DynDNS could be an explanation....
However, there might have also been something else. Especialle because I was not able to start OPNsense yesterday at all.... no idea....

Thanks for the great support!
Just made a litte PayPal donation the the OPNsense project.

(1) Do you use DNS entries as endpoint addresses?

Yes, I have a dynamic IP, so I have a dyndns domain pointing to my OPNsense router.

(2) Do you use tunnel addresses on your instances?

Yes, this is the entry for the respective instance:    10.21.4.1/24,fd21:04::01/64
And allowed IPs for the peers. For example: 10.21.4.4/32,fd21:04::04/128
This addresses are then in the interface section of the client.

(3) Do you have allowed IPs on your peers?

Yes, different for split and full tunnel:
Full tunnel allowed IPs: 0.0.0.0/0,::/0
Split tunnel allowed IPS: 10.21.0.0/16

(4) Do you have the instances assigned as interfaces?

Yes

(5) If yes for (4) do you have an IPv4/IPv6 mode set in the interface?

IPv4 and IPv6 Configuration Type set to "none"

(6) If yes for (4) do you have VIPs assigned to these interfaces?

No


Reading the questions:
I just realized that I completely forgot about the DynDNS. I mean the time it needs to update.
I was super quick with testing. What a shame, if this would be the reason..... :-[

So I just rolled back to 24.1.1, updated again to 24.1.2 (without the patch).
I will now test again and having a look at the DynDNS topic....

OK. Following behaviour:

1. Updated again to 24.1.2 -> Wireguard did not work.
2. Applied the patch and rebooted. -> Wireguard did not work
3. Restarted Wireguard -> Wireguard worked
4. Reboot again -> Wireguard works

Until now. Everything was checked with my Android phone.

5. Reboot again -> Wireguard does not work on Android. However, iPad works.
A few connects and disconnects with both, Android and iPad. Suddenly both of them are working.


I tested Wireguard with the mobile LTE network but also out of my WLAN. Both showed the same behaviour.
Either both work, or both do not work.

Also both of my tunnes, split and full, showed the same behaviour.

This is difficult to nail down...

Anything that I could test now with the patched 24.1.2 installation?
Otherwise I would revert back to 24.1.1, reinstall 24.1.2 and continue testing to see if it is the same unstable behaviour....

# opnsense-patch 340a32473
or
# opnsense-patch 3340a32473

I guess it is the second to fit to the Github link correct? Just to be double-safe....