Messages

Indeed ISC DHCPv6 is enabled.

So the only chance is, disable DHCPv6 on this interface? I dont see any option to not deliver the DNS servers (which are blank atm). Setting ::1 as delivered DNS server could work, but feels dirty

Hi,

i'll try to understand an option in router advertisement, if it does what the text tells me.

Target
I just want to deliver IPv4 DNS servers to my subnet, but dont want to disable IPv6 completely.


If "Do not send any DNS configuration to clients" (DontDns) work as told, the clients should not get any DNSv6 server... so thats what i want


In "dns_option_off" i see my IPv4 DNS servers and the same IPv6 DNS two times
In "dns_option_on" we have again the IPv4 DNS servers and the IPv6 DNS only one time

So when "DontDns" is checked, it seems that no information is send, but why is the default gateway used as DNS?

Is this something from the ISC DHCPv6 that has to be changed or is this a Windows 11 thing?


Regards

After some further investigations

The VPN interface is ignored inside the gateway group. May because of this note, even if dynamic gateway is not set, but for VPN interface you just can select "None"

Currently it's not possible to use gateways without an address (Interface option "Dynamic gateway policy") inside a group. This is due to the fact that the firewall requires an address of the right family (IPv4 / IPv6) to be present on the interface, which can not be guranteed based on its configuration at the moment.

https://docs.opnsense.org/manual/multiwan.html

As this works with openVPN and gateway groups in pfsense and it seems a bug in opnsense

• https://www.reddit.com/r/opnsense/comments/1gecvr9/opnsense_ignores_gateway_group_vpn_and_uses/?rdt=52834
• https://github.com/opnsense/core/issues/7536

The only workaround for this use case, where you want a routing with fallback via gateway group with multiple VPN connections, is slightly mentioned in this issue request.
https://github.com/opnsense/core/issues/8108

Activate "Skip rules when gateway is down" and make duplicates for every rule where you want a fallback gateway. It's a bit messy in the interface rules, but it works

Hi,

i'm trying to create a gateway group of multiple openVPN connections to route them via firewall rules for some subnets (IPv4 private). When selecting only a single VPN Gateway it works, if i select the gateway group it skips the VPN connections and tries to route it via WAN.

This old thread from 2023 sounds familiar to this -> https://forum.opnsense.org/index.php?topic=37022.0
But a solution was never mentioned.

Is there something specific to do with OpenVPN interfaces in gateway groups?

Regards