"
Franco,
I recently installed a fresh install of opnsense 26.1 on a router. I have been running dual-wan for years (ATT & Spectrum), but with ISC DHCP for v6/v4, and figured it was time for a fresh config.
The default was DNSMasq, I couldn't get router advertisements to work or see leases (though ipv4 was working, ipv6 was not), so I switched over to KEA / RA. DHCPv4/6 are working well and assigning leases and RA daemon is configured as Managed (A+O) and working great. I get a warning that I should be using a /64 it doesn't seem to effect anything.
I also switched over to the new firewall rules.
My networks are as follows:
WAN1: DHCP / DHCPv6
WAN2: DHCP / DHCPv6
LAN: Static - 172.20.0.1/24 / fd00::1/112
*probably should make it a /120 to match number of addresses, or a /96 so I can 1:1 the values in the last octet to the last group.
** Note: Image tags not working for me, included links **
My Home screen: <link>
NAT is configured manually, and I have the following rules: <link>
I have the following gateways: <link-int> <link-group>
If I wait about couple minutes a link-local IP (fe80 will show up) on WAN1, and I can then manually start the gateway monitor for WAN1_DHCP6: <link>
Firewall: <link1> <link2>
SYSLOG : <link>
Config : <link>
*Password hash removed
I tried the patch and didn't notice any different behavior before.
Post-Patch SYSLOG: <link>
I do have a few opinions on Multi-WAN configs:
- I like using a private range for IPv6 and NAT'ing, because it means IPv4 works exactly the same as IPv6 which makes it simple to manage.
- When traffic is being redirected to different gateways, tracking an interface seems problematic.
- Defaulting to a net in the private IP space (fc00/7), and doing a One-to-One NAT, is probably the best solution when using multiple WAN/Gateways (I personally just NAT to the interface address, but you have the IPs with v6 so might as well use them).
These are just my opinions, but IMHO IPv6 keeps pretending they engineered all the use-cases away for translation, but I just think they cause more problems trying to throw away the toolbox.
In any case, I'd love to get my router's second ISP (Spectrum) up and working, and both of them without manually intervention (hitting start on the gateway monitor).
This is my home router and not a production system, and i haven't added my lab nets yet so it's pretty barebones. If you want me to test anything let me know.
I recently installed a fresh install of opnsense 26.1 on a router. I have been running dual-wan for years (ATT & Spectrum), but with ISC DHCP for v6/v4, and figured it was time for a fresh config.
The default was DNSMasq, I couldn't get router advertisements to work or see leases (though ipv4 was working, ipv6 was not), so I switched over to KEA / RA. DHCPv4/6 are working well and assigning leases and RA daemon is configured as Managed (A+O) and working great. I get a warning that I should be using a /64 it doesn't seem to effect anything.
I also switched over to the new firewall rules.
My networks are as follows:
WAN1: DHCP / DHCPv6
WAN2: DHCP / DHCPv6
LAN: Static - 172.20.0.1/24 / fd00::1/112
*probably should make it a /120 to match number of addresses, or a /96 so I can 1:1 the values in the last octet to the last group.
** Note: Image tags not working for me, included links **
My Home screen: <link>
NAT is configured manually, and I have the following rules: <link>
I have the following gateways: <link-int> <link-group>
If I wait about couple minutes a link-local IP (fe80 will show up) on WAN1, and I can then manually start the gateway monitor for WAN1_DHCP6: <link>
Firewall: <link1> <link2>
SYSLOG : <link>
Config : <link>
*Password hash removed
I tried the patch and didn't notice any different behavior before.
Post-Patch SYSLOG: <link>
I do have a few opinions on Multi-WAN configs:
- I like using a private range for IPv6 and NAT'ing, because it means IPv4 works exactly the same as IPv6 which makes it simple to manage.
- When traffic is being redirected to different gateways, tracking an interface seems problematic.
- Defaulting to a net in the private IP space (fc00/7), and doing a One-to-One NAT, is probably the best solution when using multiple WAN/Gateways (I personally just NAT to the interface address, but you have the IPs with v6 so might as well use them).
These are just my opinions, but IMHO IPv6 keeps pretending they engineered all the use-cases away for translation, but I just think they cause more problems trying to throw away the toolbox.
In any case, I'd love to get my router's second ISP (Spectrum) up and working, and both of them without manually intervention (hitting start on the gateway monitor).
This is my home router and not a production system, and i haven't added my lab nets yet so it's pretty barebones. If you want me to test anything let me know.
