OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of vasawar »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - vasawar

Pages: [1]
1
23.7 Legacy Series / Re: [IPv6] Can’t delegate prefix to downstream router
« on: December 23, 2023, 04:20:03 pm »
Hi,

OK, setting SLA to 8 fixed my issue ! I’ve been working on this for so long that I didn’t see the error.
I’m now assigning opnsense a GUA in a /64 network and delegating a /57 prefix that the downstream router receives and uses. But there’s no route in opnsense to the delegated network, I’m opening another topic. I found the solution to routing in opnsense doc.

2 questions regarding the processing of SLA size in Opnsense:
1) SLA size is used only for assigning a local address, is there any use case where someone would want to assign a local address in a larger than /64 network (against conventions) ? If not, I think SLA size could be automatically set to 64 minus delegated prefix size to avoid dumb errors like mine.

2) SLA size is used only for assigning a local address on the system, why does it have an impact on downstream prefix delegation ?

2
23.7 Legacy Series / Re: [IPv6] Can’t delegate prefix to downstream router
« on: December 20, 2023, 09:24:48 pm »
Quote from: franco on December 20, 2023, 02:38:21 pm
Will consider removing the legacy compatibility regarding the input, which was the only reason why it stopped working in the first place.


Cheers,
Franco

Hi Franco, can you please explain what is this legacy compatibility ?

3
23.7 Legacy Series / Re: [IPv6] Can’t delegate prefix to downstream router
« on: December 20, 2023, 09:21:28 pm »
Quote from: doktornotor on December 20, 2023, 12:38:16 pm

2/ Use something standard, such as /60.

I wanted to show the difference between my case and a previous user that succeeded to achieve exactly what I want to do.

Anyway, with /60 subnets :

I set SLA length to 4
DHCPDv6 set to :
Code: [Select]
from: ::10:0:0:0:0
to: ::f0:0:0:0:0
Delegation size: 60
Result is :
On Interfaces>Overview>LAN page, I see :
Quote
IPv6 address   2001:0db8:aaaa:aa00:fefe:abcd:fe49:d5b0/60

DHCPDv6 page :
Quote
Subnet   2001:0db8:aaaa:aa00::
Subnet mask   60 bits
Available range   2001:0db8:aaaa:aa00:: - 2001:0db8:aaaa:aa0f:ffff:ffff:ffff:ffff
Available prefix delegation size   61 bits

cat dhcpdv6.conf :
Quote
…
subnet6 2001:0db8:aaaa:aa00::/60 {
  option dhcp6.name-servers 2001:0db8:aaaa:aa00:fefe:abcd:fe49:d5b0;
  prefix6 2001:0db8:aaaa:aa00:: 2001:0db8:aaaa:aa00::/60;

}


4
23.7 Legacy Series / Re: [IPv6] Can’t delegate prefix to downstream router
« on: December 20, 2023, 08:53:13 pm »
Quote from: Maurice on December 20, 2023, 12:39:08 pm
Are you sure you actually get a /56 from your ISP? Did you check Interfaces: Overview: WAN: IPv6 prefix?

Cheers
Maurice

Yes.

5
23.7 Legacy Series / Re: [IPv6] Can’t delegate prefix to downstream router
« on: December 20, 2023, 12:19:22 pm »
Hi,

Even with patch from bug report https://github.com/opnsense/core/issues/7046 , the prefix is still wrong.

# opnsense-patch dd92fe4

returns :

Code: [Select]
prefix6 2001:0db8:aaaa:aa00:: 2001:0db8:aaaa:aa00::/58;

6
Zenarmor (Sensei) / Re: Top Destination Locations Heatmap in Africa
« on: December 14, 2023, 11:14:26 pm »
Quote from: Meg on December 14, 2023, 05:56:01 am
I have noticed that my Top Destination Locations Heatmap keeps showing the largest red dot just off the west cost of Africa most of the time. I am in Canada and sometimes it shows North America ( Canada and United States) and then switching back to Africa with very little to none showing in North America. Packet and Volume Always show this red dot near Africa but ass more traffic flows through North America the dot near Africa Fades and gets stronger in North America I saw an old post from 2022 where someone from the EU was seeing a red dot in Wichita US. Does anyone have an explanation for this behavior?

https://en.wikipedia.org/wiki/Null_Island

Quote from: Meg on December 14, 2023, 05:56:01 am
I did notice on OpenSreetmap contrubuters (https://www.openstreetmap.org/copyright) that one of the contributers is from South Africa. Not sure if this would have anything to do with it.
Thanks:
There are more than ten million registered OpenStreetMap contributors




7
23.7 Legacy Series / Re: [IPv6] Can’t delegate prefix to downstream router
« on: December 05, 2023, 07:49:49 am »
I want to add that Opnsense behaved in this way for several versions now.

8
23.7 Legacy Series / [SOLVED][IPv6] Can’t delegate prefix to downstream router
« on: December 03, 2023, 06:40:34 pm »
Hi,

I use Opnsense as my internet router/fw, with only a directly connected Openwrt router as core router. All my subnets and endpoints are behind the core router.
I want to receive a prefix from my isp, keep at least one IPv6 address for Opnsense and delegate at least a /60 prefix to the core router. Despite reading the docs and forum topics, I can’t succeed.


Let’s try configuring my network like this topic https://forum.opnsense.org/index.php?topic=36517.msg178335#msg178335

My ISP only delegates a /56 prefix, no IPv6 address is provided to the WAN interface.
In the WAN interface, SLA length is 2.
In the LAN interface page, IPv6 Prefix ID=0 and Manual configuration is enabled.

This looks correct :
Code: [Select]
root@fw:/var/etc # cat dhcp6c.conf
interface igb1_vlan832 {
  send ia-pd 0;
//REDACTED
  script "/var/etc/dhcp6c_wan_script.sh";
};
id-assoc pd 0 {
  prefix-interface igb0_vlan600 {
    sla-id 0;
    sla-len 2;
  };
};

On Interfaces>Overview>LAN page, I see :
Quote
IPv6 address   2001:0db8:aaaa:aa00:fefe:abcd:fe49:d5b0/58


In the DHCPD6 page, Prefix Delegation Range fields are set :
Code: [Select]
from: ::40:0:0:0:0
to: ::c0:0:0:0:0
Delegation size: 58


Then the core router receives 0:0:0:c0::/58 as delegated prefix !


Indeed, the prefix6 statement is wrong :
Code: [Select]
root@fw:/var/etc # cat ../dhcpd/etc/dhcpdv6.conf
option dhcp6.domain-search "admin.home.arpa";
option dhcp6.rapid-commit;

default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
ping-check true;
update-conflict-detection false;
authoritative;

subnet6 2001:0db8:aaaa:aa00::/58 {
  option dhcp6.name-servers 2001:0db8:aaaa:aa00:fefe:abcd:fe49:d5b0;
  prefix6 0:0:0:40:: 0:0:0:c0::/58;

}

ddns-update-style none;

I also tried to change the PD range as given by Maurice in the other topic :
Code: [Select]
from: ::40
to: ::c0
Delegation size: 58


This changes the prefix6 line in dhcpdv6.conf to :
Code: [Select]
prefix6 2001:0db8:aaaa:aa00:: 2001:0db8:aaaa:aa00::/58;and errors are logged :
Code: [Select]
2023-12-03T18:18:44 Warning opnsense /services_dhcpv6.php: '::c0' is not a valid prefix range value
2023-12-03T18:18:44 Warning opnsense /services_dhcpv6.php: '::40' is not a valid prefix range value


What did I miss ?




For the record, in the DHCPD6 page, I see
Quote
Subnet   2001:0db8:aaaa:aa00::
Subnet mask   58 bits
Available range   2001:0db8:aaaa:aa00:: - 2001:0db8:aaaa:aa3f:ffff:ffff:ffff:ffff
Available prefix delegation size   63 bits

Note the strange size field.





Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2