Messages

Also have issues with IPv6 on the latest OPNsense installations with PPPoE.
The firewall can't communicate to the outside world over IPv6. The clients can. I dont know what happened, but it seems to be broken for me, even with a backup restore on a clean install. This worked fine in the past.

I found the root cause in this case. After removing a network card (disable / unassign & remove) in Proxmox, it results in 1 unassigned NIC after reboot. I restored the backup, re-assigned the unassigned NIC to the interface and it worked.

Same here today, lost settings after reboot. I can restore the settings, access the router. But it happens again after the reboot.

Hi,

VXLAN works great with Wireguard S2S, but I have one problem right now.
I have 2 identical gateway (Bridge) IPs on each router. The gateway is configured in Windows.

What is the best method to use a single gateway IP for clients?

Site 1 (BR 10.10.5.1) <--WG--> Site 2 (BR 10.10.5.1)
Windows clients GW: 10.10.5.1

When Site 1 goes down, the VM fails over to Site 2 with the same IP & gateway.
I think my current config may be causing problems. It is in fact a duplicate IP.

Hello,

I want 1 VXLAN for 3 sites (connected with wireguard). How can I add a second IP to the VXLAN device/VNI?
I tried to add a second device without success. This way it only works over 1 VPN tunnel (Site <--> Site), but I need this configuration for Site <--> Site <--> Site. 2 tunnels for each site in this case (1 to 2 and 3 etc.)

Site 1:
VNI ID: 1 Source: 10.10.1.1 Remote: 10.10.1.2

In addition, I notice that the VXLAN devices do not come up after reboot. I have to restart the services after reboot. No special configuration. Seems to be related to the VXLAN/LAN Bridge with Wireguard tunnel and timing.

-- No multicast support --

Disabling IPv6 on an interface disables it completely, including the link-local address. That's by design. If DHCPv6 or SLAAC aren't available to you and you don't have a static WAN GUA either, simply set it to "Static IPv6" and enter a link-local address, e. g. fe80::a/64.

Cheers
Maurice

Perfect, I will assign fe80::a for now on the WAN interface. I indeed don't have SLAAC, DHCPv6 and GUA and limited to IPv6 /64 with fe80::1 as gateway in this case. I can use the whole /64 block without any issues now.

Hi All,

I got 1 single /64 IPv6 subnet for our OPNsense router. The gateway is fe80::1 on the router itself.

After some testing with my IPv6 setup:
Assigned the IPv6 subnet (IPv6Address::1/64) to the LAN interface and a part of it in the DHCPv6 settings.
The WAN interface got a link-local address, but only when I activated one of the IPv6 options. I disabled IPv6 on the WAN interface and the link-local address exists until reboot. After the reboot it is gone.

How can I ensure that the link-local persists after reboot? It looks like this configuration works with the /64 subnet. Other tips and tricks are also welcome.