Messages

Hi,

OK, setting SLA to 8 fixed my issue ! I've been working on this for so long that I didn't see the error.
I'm now assigning opnsense a GUA in a /64 network and delegating a /57 prefix that the downstream router receives and uses. But there's no route in opnsense to the delegated network, I'm opening another topic. I found the solution to routing in opnsense doc.

2 questions regarding the processing of SLA size in Opnsense:
1) SLA size is used only for assigning a local address, is there any use case where someone would want to assign a local address in a larger than /64 network (against conventions) ? If not, I think SLA size could be automatically set to 64 minus delegated prefix size to avoid dumb errors like mine.

2) SLA size is used only for assigning a local address on the system, why does it have an impact on downstream prefix delegation ?

Will consider removing the legacy compatibility regarding the input, which was the only reason why it stopped working in the first place.


Cheers,
Franco

Hi Franco, can you please explain what is this legacy compatibility ?

2/ Use something standard, such as /60.

I wanted to show the difference between my case and a previous user that succeeded to achieve exactly what I want to do.

Anyway, with /60 subnets :

I set SLA length to 4
DHCPDv6 set to :

Code Select Expand

from: ::10:0:0:0:0
to: ::f0:0:0:0:0
Delegation size: 60

Result is :
On Interfaces>Overview>LAN page, I see :

IPv6 address   2001:0db8:aaaa:aa00:fefe:abcd:fe49:d5b0/60

DHCPDv6 page :

Subnet   2001:0db8:aaaa:aa00::
Subnet mask   60 bits
Available range   2001:0db8:aaaa:aa00:: - 2001:0db8:aaaa:aa0f:ffff:ffff:ffff:ffff
Available prefix delegation size   61 bits

cat dhcpdv6.conf :

...
subnet6 2001:0db8:aaaa:aa00::/60 {
  option dhcp6.name-servers 2001:0db8:aaaa:aa00:fefe:abcd:fe49:d5b0;
  prefix6 2001:0db8:aaaa:aa00:: 2001:0db8:aaaa:aa00::/60;

}

Are you sure you actually get a /56 from your ISP? Did you check Interfaces: Overview: WAN: IPv6 prefix?

Cheers
Maurice

Yes.

Hi,

Even with patch from bug report https://github.com/opnsense/core/issues/7046 , the prefix is still wrong.

# opnsense-patch dd92fe4

returns :

Code Select Expand

prefix6 2001:0db8:aaaa:aa00:: 2001:0db8:aaaa:aa00::/58;

I have noticed that my Top Destination Locations Heatmap keeps showing the largest red dot just off the west cost of Africa most of the time. I am in Canada and sometimes it shows North America ( Canada and United States) and then switching back to Africa with very little to none showing in North America. Packet and Volume Always show this red dot near Africa but ass more traffic flows through North America the dot near Africa Fades and gets stronger in North America I saw an old post from 2022 where someone from the EU was seeing a red dot in Wichita US. Does anyone have an explanation for this behavior?

https://en.wikipedia.org/wiki/Null_Island

I did notice on OpenSreetmap contrubuters (https://www.openstreetmap.org/copyright) that one of the contributers is from South Africa. Not sure if this would have anything to do with it.
Thanks:

There are more than ten million registered OpenStreetMap contributors

I want to add that Opnsense behaved in this way for several versions now.

Hi,

I use Opnsense as my internet router/fw, with only a directly connected Openwrt router as core router. All my subnets and endpoints are behind the core router.
I want to receive a prefix from my isp, keep at least one IPv6 address for Opnsense and delegate at least a /60 prefix to the core router. Despite reading the docs and forum topics, I can't succeed.


Let's try configuring my network like this topic https://forum.opnsense.org/index.php?topic=36517.msg178335#msg178335

My ISP only delegates a /56 prefix, no IPv6 address is provided to the WAN interface.
In the WAN interface, SLA length is 2.
In the LAN interface page, IPv6 Prefix ID=0 and Manual configuration is enabled.

This looks correct :

Code Select Expand

root@fw:/var/etc # cat dhcp6c.conf
interface igb1_vlan832 {
  send ia-pd 0;
//REDACTED
  script "/var/etc/dhcp6c_wan_script.sh";
};
id-assoc pd 0 {
  prefix-interface igb0_vlan600 {
    sla-id 0;
    sla-len 2;
  };
};


On Interfaces>Overview>LAN page, I see :

IPv6 address   2001:0db8:aaaa:aa00:fefe:abcd:fe49:d5b0/58

In the DHCPD6 page, Prefix Delegation Range fields are set :

Code Select Expand

from: ::40:0:0:0:0
to: ::c0:0:0:0:0
Delegation size: 58



Then the core router receives 0:0:0:c0::/58 as delegated prefix !


Indeed, the prefix6 statement is wrong :

Code Select Expand

root@fw:/var/etc # cat ../dhcpd/etc/dhcpdv6.conf
option dhcp6.domain-search "admin.home.arpa";
option dhcp6.rapid-commit;

default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
ping-check true;
update-conflict-detection false;
authoritative;

subnet6 2001:0db8:aaaa:aa00::/58 {
  option dhcp6.name-servers 2001:0db8:aaaa:aa00:fefe:abcd:fe49:d5b0;
  prefix6 0:0:0:40:: 0:0:0:c0::/58;

}

ddns-update-style none;


I also tried to change the PD range as given by Maurice in the other topic :

Code Select Expand

from: ::40
to: ::c0
Delegation size: 58



This changes the prefix6 line in dhcpdv6.conf to :

Code Select Expand

prefix6 2001:0db8:aaaa:aa00:: 2001:0db8:aaaa:aa00::/58;
and errors are logged :

Code Select Expand

2023-12-03T18:18:44 Warning opnsense /services_dhcpv6.php: '::c0' is not a valid prefix range value
2023-12-03T18:18:44 Warning opnsense /services_dhcpv6.php: '::40' is not a valid prefix range value



What did I miss ?




For the record, in the DHCPD6 page, I see

Subnet   2001:0db8:aaaa:aa00::
Subnet mask   58 bits
Available range   2001:0db8:aaaa:aa00:: - 2001:0db8:aaaa:aa3f:ffff:ffff:ffff:ffff
Available prefix delegation size   63 bits

Note the strange size field.