Topics

1

19.1 Production Series / IPv6 Dual WAN / Policy Based Routing issue

« on: March 10, 2019, 03:53:44 pm »

Hi all,

I'm trying to get a simple Dual WAN / Dual LAN setup running:
Two WAN interfaces (DHCPv6), two LAN interfaces (LAN1 tracks WAN1, LAN2 tracks WAN2). The WAN1 gateway (WAN1_DHCP6) is the default one. To get traffic originating from LAN2 being routed via WAN2, the gateway is set to WAN2_DHCP6 in the allow-all firewall rule for LAN2 (Policy Based Routing).

No success. LAN1 works just fine, but there is no Internet access from LAN2. This is not a DNS issue (DNS servers are set to external public servers in Router Advertisements). A traceroute from a host in LAN2 to a public IPv6 address doesn't get further than the first hop (router). As expected, switching the default gateway to WAN2_DHCP6 gets LAN2 working and breaks LAN1 Internet connectivity.

Ideas? This should be pretty straight forward, but maybe I am missing something.

Cheers

Maurice

2

18.1 Legacy Series / IPv6 Prefix Delegation: routes missing

« on: March 25, 2018, 08:34:13 pm »

This is not about requesting a prefix from an upstream router / ISP, but about delegating prefixes to downstream routers in the LAN.

I have a static /48 from my ISP. OPNsense is used as a distribution router and should delegate /56 prefixes to other routers connected to its LAN interface.

Prefix Delegation Range and Prefix Delegation Size are properly configured in Services / DHCPv6 / LAN and downstream routers successfully request prefixes (visible in Services / DHCPv6 / Leases / Delegated Prefixes).
However, OPNsense doesn't seem to add routes for the delegated prefixes to its routing table. So clients connected to the downstream routers can't access the Internet.

Is this working for someone? If so, am I missing something? Or could this be a bug?

3

17.7 Legacy Series / [SOLVED] Stateless DHCPv6 support missing?

« on: November 20, 2017, 01:03:53 am »

Hello all,

This is my first post! I'm currently virtualizing a router by migrating from an old embedded Linux box to a fresh install of OPNsense 17.7.7_1 in a Hyper-V VM. Pretty straightforward so far, but now I'm stuck at setting up stateless DHCPv6 for the LANs.

In the existing setup, clients use SLAAC for address autoconfiguration. Clients which don't support the RDNSS / DNSSL options in RAs (like older Windows versions) use stateless DHCPv6 for DNS server and domain information.

In OPNsense, the Router Advertisement "Assisted" mode seems to be the only one which sets the required A and O flags in RAs. But it also sets the M flag which indicates stateful DHCPv6. There seems to be no "A + O flag only" mode. Also, the DHCPv6 server can not be enabled unless you specify an address range.

I've never used an IPv6 router which doesn't support this, so I'm not sure whether this is really missing or I just can't figure out how to configure it (these are my first steps with OPNsense).

Thanks

Maurice