OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of DustinHarp »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - DustinHarp

Pages: [1]
1
General Discussion / Re: Issue with internal IPv6 testing network
« on: August 12, 2024, 04:35:43 am »
OK. Think I figured it out. It will take some explaining.

Quote from: OPNSense manual

Static mapping: If the DUID of an active prefix lease matches the DUID of a DHCPv6 static mapping, the delegated prefix will be unconditionally routed to the static mapping’s IPv6 address. The DHCPv6 service doesn’t have to be configured with an address range and the downstream router doesn’t have to request an address. The address in the static mapping may be a GUA, ULA or link-local address. This allows downstream prefix delegation to routers which only request a prefix, not an address.

So for the purposes of this exercise VM #1 should have a /64 address assigned to its LAN interface. Under Services->ISC DHCPv6->LAN a prefix delegation range can be configured and for routing a delegated prefix to VM #2 through the LAN link-local address of VM #1 as the default gateway a DHCPv6 static mapping should be defined on VM #1 with the DUID and link-local address of the WAN interface of VM #2. Having tested connectivity between servers accessible from the simulated WAN interface of the VM #1 and behind the LAN interface of VM #2, this configuration works.

Thank you

2
General Discussion / Re: Issue with internal IPv6 testing network
« on: July 21, 2024, 05:27:26 pm »
Doh. But how best to assign and carve out prefixes to be delegated to client routers?

3
General Discussion / Issue with internal IPv6 testing network
« on: July 21, 2024, 03:34:56 pm »
Hi!

This may be rather unorthodox and the result of myself doing something incorrectly but still might be worth a try anyway.

Running two OPNSense 24.1 virtual machines under KVM with virtio nics to assist in development and lab scenarios.

My current challenge is in simulating an IPv6 network. With VM #1 having a /48 prefix assigned to its LAN interface, delegating /56 prefixes to client routers using DHCPv6-PD. VM #2 in this scenario takes the place of the client router and its WAN interface is behind the LAN bridge of VM #1.

Configuration of WAN router (VM #1):

Code: [Select]
LAN interface: Static IPv6: 2001:db8:1::1/48
Prefix delegation range: 2001:db8:1:100:: - 201:db8:1:200::
Prefix delegation size: 56

RA configuration: Managed
Advertise Default Gateway: Enabled

Configuration of LAN client router (VM #2 - its WAN is connected behind VM #1 LAN)

Code: [Select]
WAN interface: DHCPv6
Request only an IPv6 prefix: Enabled
Prefix delegation size: 56
Send IPv6 prefix hint: Enabled

Code: [Select]
LAN interface: Track Interface
Allow manual adjustment of DHCPv6 and Route Advertisements: Enabled
IPv6 Prefix ID: 0x0

The issue is when having configured the WAN router to only delegate prefixes with a link-local default gateway similar to a 'real' ISP attempting to ping the LAN address of the VM #1 from VM #2 takes about 20 seconds to start responding to pings after which it will work for ~10 seconds than fail again and repeat.

Observing the output of
Code: [Select]
route -6n monitor on VM #1 shows a route of the full LAN address of VM #2 being added and deleted in unison with the above described behavior.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2