Messages

Dear community,

I am a beginner in IPv6 understanding and would like to understand the implications of IPv6 on Wireguard VPN's. So far I have created 5 IPv4 and IPv6 (track interface)VLANs that all work smoothly. Now, I also setup 5 different Wireguard VPNs that can independently connect to one of the 5 IPv4 VLANs smoothly. Now, the question is how can I get this to work as well for the 5 IPv6 VLANS ?

1. From my ISP I got a /56 dynamic IPv6 prefix and an IPv6 address as well on my WAN. From this /56 I created five /64 IPv6 subnets.
Let's say for instance one of the five subnets reads 2001:aaaa:bbbb:cc01:dddd:eeee:ffff:1111/64
2. Then how do I create a Wireguard instance that can connect to this IPv6 VLAN ?
3. What is the tunnel address I need to choose ? Should it be inside 2001:aaaa:bbbb:cc01:dddd:eeee:ffff:1111/64 ? or should it be outside of it ? or should it be a ULA ?

The point is that I would like to have an example of an IPv6 configuration in Wireguard s.t I can implement it. It seems that on the internet there are enough videos on how to set it up for IPv4 but not for IPv6. Hopefully someone has a guide on how to do this and make me better understand how IPv6 works.

Thanksss yall

Dear community,

I have a OPNsense network with multiple users that all have their own IPv6 VLAN on which they host services. At this moment I need to add the firewall rules for all of their services since I am the only OPNsense administrator. Hence, I was wondering if I could create OPNsense user accounts where each user has only control over his/her VLAN and nothing else. That is, they control the port forwarding and firewall rules for their VLAN s.t they can change firewall rules according to their needs instead of depending on me doing it for them. I would compare it to a VPS where you also have control over the firewall but cannot modify the firewall of other users.

Thank you!!

Dear opnsense community,

I recently created an Bind9 Authoratative namserver VM to serve my domain names all on the same IP address. Now, when I resolve the domain names from outside my network I can resolve them and dig NS example.com also works. However, when I am on my local network I cannot resolve the domain names that are globally routable. This happens when I choose unbound to be my DNS upstream. When I change the DNS upstream to 1.1.1.1 for instance then it does resolve the domain names served by Bind9 again. All other domain names are perfectly resolved by the Unbound DNS resolver, only not my applications that I host locally but are exposed externally by Bind9. Maybe someone knows, what kind of settings i should adjust to locally resolve my domain names as well.

Cheers,

Dennis

Heey guys!! I have scrolled on the internet a bit to find open source alternative solutions that can compete with ubiquity/unifi wireless access points and their controller software, with VLAN's etcetera. I could only find old threats about OpenWRT but nothing new and as well developed as OPNsense for routing. Do you guys now of any of such projects running at the moment ? I would be eager to try them out!!

Cheers Y'all.

Dear OPNsense community,

For some reason I cannot access internal resources with port forwarding over IPv4 outside of my LAN (using my mobile phone's cellular network for instance).

However, internally I can reach my resources from a domain name that I have registered at domain registrar (Porkbun in my case) both on IPv4 and IPv6. As an example, to test if I can reach internal resources I created a simple apache web server VM on Proxmox that listens on port 80 for IPv4.

1. Create apache VM (10.99.0.101) on Proxmox that listens on port 80 for both IPv4 and IPv6
2. Go to domain registrar and set my DNS settings example.com -> 88.89.89.2 (public IP on WAN interface)
3. Go to OPNsense > Firewall > NAT > Port Forward and create two entries for HTTP and HTTPS.

Interface: WAN
TCP/IP Version: IPv4
Protocol: TCP   
Destination: WAN address
Destination port range: HTTP to HTTP
Redirect Target IP: Single host network (10.99.0.101 IP address of apache VM)
Redirect Target port: HTTP
Pool options: default
NAT reflection: Use system default
Filter rule association: Rule

The HTTPS is just a copy from the HTTP with HTTPS. Next to that I attached my Firewall WAN settings. Finally, I also selected inside the Firewall > Settings > Advanced

Reflection for port forwards: Enabled
Reflection for 1:1: Disabled
Automatic outbound NAT for Reflection: Enabled

Hopefully, one could help me here! since right now I cannot reach any internal resource from outside my network.

Cheers :) :)