"
Hello,
I would like to make some of our infrastructure ready for IPv6, but struggle doing so.
tl;dr
Is it necessary to setup IPv6 prefix delegation for static IPv6 WAN addresses? How to do it?
* We have a server at a datacenter
* There are several KVM hosts running on this server.
* OPNsense is running in one of these KVM guests
* OPNsense WAN interface is bridged to the host ethernet interface
* OPNsense LAN interface is bridged to an internal bridge interface
* The datacenter is providing a /48 network to us: 2a00:nnnn:nnnn::/48
* Default GW is: 2a00:nnnn:nnnn::1
I've configures OPNsense WAN Interface to us a static IPv6. (One out of the /48 network)
2a00:nnnn:nnnn::123
What's working:
+ I could connect without problems from OPNsense to other IPv6 Hosts on the Internet
+ I could connect from other IPv6 internet hosts to the OPNsense host.
Now the tricky part:
I want do "hide" some KVM guest behind the OPNsense Firewall. By hiding it means that for example the hidden machines should only be accessible via HTTPs and HTTP.
Therefor I've setup a static IPv6 Adress on OPNsense LAN interface
2a00:nnnn:nnnn:100::1
And manually configured the other KVM guest (hidden behind the OPNsense) to use IPv6 Addresses like
2a00:nnnn:nnnn:100::10
With this setup
+ I can connect to the LAN host from OPNsense and vice versa.
- I can't ping the default GW from the LAN hosts
- I can't connect to internet host from the LAN hosts
I assume the without a correct IPv6 prefix delegation the default GW (2a00:nnnn:nnnn::1) does not know it needs to route all packages to 2a00:nnnn:nnnn:100::/64 to the WAN interface of OPNsense.
But to be honest I've totally no idea who to do this prefix delegation. Any help or idea is highly appreciated.
What is the correct way to configure WAN and LAN interfaces is this scenario?
I would like to make some of our infrastructure ready for IPv6, but struggle doing so.
tl;dr
Is it necessary to setup IPv6 prefix delegation for static IPv6 WAN addresses? How to do it?
* We have a server at a datacenter
* There are several KVM hosts running on this server.
* OPNsense is running in one of these KVM guests
* OPNsense WAN interface is bridged to the host ethernet interface
* OPNsense LAN interface is bridged to an internal bridge interface
* The datacenter is providing a /48 network to us: 2a00:nnnn:nnnn::/48
* Default GW is: 2a00:nnnn:nnnn::1
I've configures OPNsense WAN Interface to us a static IPv6. (One out of the /48 network)
2a00:nnnn:nnnn::123
What's working:
+ I could connect without problems from OPNsense to other IPv6 Hosts on the Internet
+ I could connect from other IPv6 internet hosts to the OPNsense host.
Now the tricky part:
I want do "hide" some KVM guest behind the OPNsense Firewall. By hiding it means that for example the hidden machines should only be accessible via HTTPs and HTTP.
Therefor I've setup a static IPv6 Adress on OPNsense LAN interface
2a00:nnnn:nnnn:100::1
And manually configured the other KVM guest (hidden behind the OPNsense) to use IPv6 Addresses like
2a00:nnnn:nnnn:100::10
With this setup
+ I can connect to the LAN host from OPNsense and vice versa.
- I can't ping the default GW from the LAN hosts
- I can't connect to internet host from the LAN hosts
I assume the without a correct IPv6 prefix delegation the default GW (2a00:nnnn:nnnn::1) does not know it needs to route all packages to 2a00:nnnn:nnnn:100::/64 to the WAN interface of OPNsense.
But to be honest I've totally no idea who to do this prefix delegation. Any help or idea is highly appreciated.
What is the correct way to configure WAN and LAN interfaces is this scenario?
