Messages

1

Virtual private networks / Re: How to get IPv6 from Wireguard to OPNsense?

« on: November 23, 2024, 04:53:41 pm »

I was wonder nobdy here know something for my question? I will try to make simpler. My setup is ISP --> Wireguard server on VPS --> Wireguard client on OPNsense wg0 --> WAN --> LAN


In the past I had IPv6 from ISP but IPV6 cannot pass from OPNsense. The problem is OPNsense.


Actually I would like to setup IPv6 on OPNsense?

2

Virtual private networks / How to get IPv6 from Wireguard to OPNsense?

« on: November 22, 2024, 06:26:28 pm »

Hi,


My ISP gives me ONLY IPv4. I paid a VPS then I installed Wireguard VPN on the VPS, then IPv4 and comes to OPNsense's WAN.  OPNsense run as Wireguard client. This setup works fine.

The problem is that I cannot get from VPS IPv6 IP to OPNsense's WAN. Wireguard server on the VPS works fine with IPv6, I tested on my linux laptop. I made a wireguard client on my linux laptop then I connected directly to VPS with IPv4 and IPv6.

 
So I would like to get directly from VPS to OPNsense's Wan then traffic goes to LAN . I read a lot of examples here but I didn't solve it.

VPS gives a IPv6 with /64 subnet but I can get one more with /64 subnet.

3

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 20, 2024, 08:57:09 pm »

On Android, set the MAC address to "Device" (not "Random").

What you can't disable are privacy extensions. Android (like most systems) generates one SLAAC address based on the MAC address (which makes it essentially static, as long as the prefix doesn't change) and one randomised address. For privacy reasons, only the random address is used for outbound connections.

on my Xiaomi redmi cellphone there is no option to do  that!

4

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 19, 2024, 09:47:47 pm »

my devices (cellphones) every time that connect my network has different ipv6 address. Is there solution to not change this address. I would like to change to static ipv6 ip.

How can I do that?

5

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 14, 2024, 10:01:48 pm »

Do I have to enable  "Enable DHCPv6 server on LAN interface" or any other service fro ipv6???

6

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 14, 2024, 08:28:13 pm »

Yes, everything visible in the screenshot is correct.

You are GOD! Thank you very much. I solved it.

7

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 13, 2024, 10:50:56 pm »

The outbound NAT rule should work with default settings, you only need to set the TCP/IP version to IPv6.

Please look at the photo. Is it correct?

8

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 13, 2024, 10:38:59 pm »

- configure the OPNsense LAN interface with a static IPv6 address, like 2001:db8::1/64
- set the Router Advertisements mode to "Unmanaged"
- enable hybrid outbound NAT rule generation
- create an IPv6 outbound NAT rule for the WAN interface

I did it -->   2001:db8::1/64
I dit --> - set the Router Advertisements mode to "Unmanaged"

What I have to put inside outbound nat rule in wan inteface?? Would you like to show me an example?

9

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 13, 2024, 09:35:40 pm »

If you connect your laptop directly to the WLAN bridge, no Prefix Delegation is required - the laptop gets an IPv6 address from your brother's router.
But if you connect the OPNsense WAN to the WLAN bridge and your laptop to the OPNsense LAN, Prefix Delegation is required so OPNsense can provide an IPv6 address to your laptop.

If Prefix Delegation isn't set up on the other router and you don't have access to it, this unfortunately won't work.

If you're desperate, you could configure IPv6 outbound NAT in OPNsense.

Would you like to help me, what are the next steps to configure  IPv6 outbound NAT in OPNsense ?

10

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 13, 2024, 08:57:05 pm »

Does the upstream DHCPv6 server (= your brother's router) support Prefix Delegation and is it configured correctly?

I don't have access in his router. As I said If I take the ethernet cable then connected directly to my laptop. I have ipv6 connection.

So I thing the answer in you question is Yes . but  as I said I don't have access on his router to see the settings.

11

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 13, 2024, 08:50:03 pm »

A SLAAC WAN can only provide IPv6 connectivity for OPNsense itself, not for devices in its LANs. You'll need DHCPv6 Prefix Delegation for this, which also needs to be supported by the upstream router.

Cheers
Maurice

Thank you for replying

I changed from SLAAC to DHCPv6, with no luck.  DHCPv6 Server not restarting...

12

23.7 Legacy Series / IPv6 Rules with Gateway not working.

« on: February 13, 2024, 06:09:13 pm »

Hello,

I get the internet via wifi. My ubiquiti nanostation is connected as a bridged mode via wifi at my brother's wifi connection then nanostation goes the internet through ethernet port to OPNsense then to my laptop.

If I remove the ethernet cable from OPNsense, then I connected the ethernet cable directly to my laptop the IPV6 works fine. So I thing the problem is from OPNsense.

I post some photos with settings.

    Interfaces: [LAN]    Track Interface
    Interfaces: [WAN]   SLAAC

13

23.1 Legacy Series / Re: How to solve ddclient error message?

« on: February 06, 2024, 08:35:02 pm »

I noticed that I had the same problem with no-ip but now it works:

Account settings:
Service: noip
username: my-email
pass: noip pass
hostname: FQDN1, FQDN2
Check ip method: Interface[ipv4]
Interface to monitor: wan
check ip timeout: 10
Force SSL: ticked

General Settings:
Enable: ticked
Interval: 300
Backend: native (with ddclient fails miserably)

Please , would you like to upload a screenshot?

14

General Discussion / Re: How to access to GUI OPNsense from WAN ?

« on: December 07, 2023, 09:47:38 pm »

Then you maybe like to show us such google-results to give us a chance of understanding what you mean.

Using external services is nothing what I would name "bypassing"... this is another way / workaround to achieve what you want... And as said:

You can't get through CGNAT (IPv4) to access your WAN interface

This is 100% true as long as your provider don't give you exclusive routing /NAT for one or a couple of ports.

https://github.com/mochman/Bypass_CGNAT

https://forum.mikrotik.com/viewtopic.php?t=193257

Please, I don't care to discussing for cgnat. I would like to access from wan as you said such as IPV6

Did you see my diagram? I sent you extra information that you said. How can I solve it? Can you help to pass ipv6 from router to opnsense?

15

General Discussion / Re: How to access to GUI OPNsense from WAN ?

« on: December 07, 2023, 07:33:58 pm »

Yes, I do know what CGNAT is and no, my ISP doesn't use that. You can't get through CGNAT (IPv4) to access your WAN interface nor  should you ever 'allow' connections to your WAN interface. The only solution is to use IPv6 to access your LAN with a VPN as I mentioned earlier, obviously that assumes your ISP provides IPv6.

Who is your ISP? Would you consider moving to another ISP that doesn't use CGNAT, that would be the optimal solution.

inaccurate

You are wrong . I already did it.

Please, search in google bypass CGNAT  then stop  to have opinion because you don't have knowledge in the specific issue.