Messages

@meyergru It appears to me that this has something to do with the time that goes between the RA 0 and the first RA > 0. If that time is less than a certain amount (I think three seconds), then the Android device willfully ignores the router afterwards. If the time between these two RA's is greater than three seconds then Android does not ignore it anymore and thigs go fine. At least it looks like this after running some tests.

@meyergru You seem to know what you are talking about and yes, not handing out static IPv6 prefixes can become a pain in certain scenarios such as the one you mentioned. Fortunately, I do have a static IPv6 prefix from my ISP and I heard from someone that one of the causes of RA with lifetime 0 can be the fact that one of the LAN interfaces is set to track the WAN interface which means that whenever a change happens on that LAN interface, OPNsense will issue an RA with lifetime 0 to all other LAN interfaces.

The scope in the original message is entirely unclear to me. Also the fact that the WAN type plays a big role here. As a downstream router the system eventually deprecates a prefix it is no longer entitled to hold even if it's just due to intermittent connectivity that could be the case during a startup with PPPoE for example.


Cheers,
Franco

Thanks for your answer. My scope is pretty straight forward: I want to stop OPNsense from sending RA's with lifetime 0 because my Android devices lose their v6 route and refuse to restore it after they received an RA with lifetime 0. This results in the fact that those Android devices are unable to use IPv6 anymore because they lost their router, their default gateway and then they refused to restore it. I was unable to find a way to make them restore their route automatically, I had to manually disconnect and reconnect my android devices to the network. Or, to be more specific, I want to be able to have full control over the RA's with lifetime 0 that OPNsense sends out, I want it to only send them out when I tell it to send them out.

The answer to your question is literally in the first sentence of the message I already linked above.

When you read that thread, you will see further discussion on the feature because the 0 lifetime RA has both advantages and disadvantages.

AdvDeprecatePrefix is set to off on my device but OPNsense still sends RA's with lifetime 0. It really has no influence.

I replied to Patrick - I meant there is no Github issue needed, since the option already exists.

Ok, but, once again, is there any way that I can stop OPNsense from sending RA's with lifetime 0? I have not seen an answer to my question.

No need to, since it is already available. See this.

Tahnks for the link but why do you say that it is not needed? I need it because my Android devices lose IPv6 connectivity after OPNsense sends an RA with lifetime 0.

Hello guys. I want to know if there is any way that I could stop OPNsense from sending RA's with lifetime 0. I tried different stuff but none of it worked or it worked only for the shutdown process but not for the bootup process too.

OPNsense, if left in its default state, will send at least two RA's with lifetime 0 during a reboot process: one of them during the shutdown stage and the other one durng the startup stage.

In my opinion any router out there, should be sending RA's with lifetime 0 only during a shutdown command, not during a reboot command and not right at the start of the bootup.

Hello everyone,

I've noticed an issue where after restarting my OPNsense edge router, its NDP table (and occasionally the ARP table) does not update properly. Specifically, some devices connected to OPNsense are missing from the NDP table entirely after a reboot.

When I run ndp -a on OPNsense after a reboot, certain devices do not appear in the list at all—meaning OPNsense fails to map their MAC addresses to their IPv6 addresses. As a result, it seems like OPNsense is unaware of their existence in terms of IPv6 connectivity.

This issue is most persistent when OPNsense interacts with a Proxmox Server and its VMs. Occasionally, it affects Android phones, but to a lesser extent. In some cases, Proxmox itself disappears from the ARP table, losing its IPv4 address.

The only way I can get OPNsense to recognize these devices again is by completely restarting the Proxmox server along with all its VMs.

Has anyone encountered this issue before? Is there a way to force OPNsense to update its NDP table correctly after a reboot without restarting all affected devices?

Thanks in advance for any insights!

Hi everyone. I would like to describe you an issue that I am having on my homelab setup. But first things first, I need to describe the setup.

I have an OPNsense router as my main router. This router is connected to the ISP via fiber optic PPPoE for IPv4 and DHCPv6 for IPv6. To simplify things, I will refer to this router as "router A".

Connected to "router A" I have two other routers: one of them is an Asus Router running MerlinWRT and the other one is another OPNsense router. I will refer to the Asus Router as "router B" and I will refer to the second OPNsense router as "router C".

"Router A" has received a /60 IPv6 prefix from the ISP and has delegated two /63 IPv6 prefixes to "router B" and "router C" from the /60 pool that it has.

Connected to "router A" I have a Raspberry Pi and my Desktop PC.

Connected to "router B" I have my phone via WIFI.

Connected to "router C" I have a laptop.

All my devices, including the ones connected to "router B" and "router C" have public GUA IPv6 addresses.

If I am trying to reach my Raspberry Pi, which is connected to "router A" from my laptop, which is connected to "router C", using the IPv6 GUA of my Pi, I cannot do it, no type of communication is done between these two devices. However, if I try to access my Pi from outside my home, from the WAN the communication is established on the IPv6 GUA without any trouble.

If I connect my laptop to a VPN provider which offers IPv6 GUA, then my laptop can easily communicate with my Raspberry Pi on the IPv6 GUA.

What is the setup that I must do on my routers so that my laptop can communicate with my Raspberry Pi without the need of connecting it to the VPN provider?