1096
19.1 Legacy Series / Re: IPv6 Dual WAN / Policy Based Routing issue
« on: April 17, 2019, 07:18:16 pm »
Thanks, I +1ed it.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
I've now got some ipv6 details from my new provider
ND is /64 (for wan)
PD is /48 (for lan)
would the settings be the same
You can also enable "Register DHCP leases in the DNS Resolver", but that would require said static DHCPv6 server which you can't use with the tracking setup yet.
I don't know. It's part of the problem of IPv6 without NAT.
Maybe someone else has solved this?
That means in conclusion OPNsense is not usable as firewall and/or internal DNS server on connections with dynamic prefixes at the moment.
The workaround would be to use NATv6.
The only issue now according to the IPv6 test site is that my firewall is filtering ICMPv6 messages. Any ideas on how to rectify this, if it can be, would be very welcome.
That assumes there's no LAN PCs/Servers that don't need DNS resolution, if it's required then a LAN DNS server is needed or have I missed something obvious?
How is the OPNsense itself going to lookup hostnames?
As far as i know, searching for updates, aka. "check updates" will probably not work anymore or will OPNsense just use the DNS configured in the general page aswell, even without any forwarding feature enabled?
Never had this setup before so i am really curious.
If DNSmasq AND Unbound are disabled, who is going to do the forwarding to the Google DNS?
I see that under System: Settings: General, under "DNS servers" there is a place where you can specify up to five DNS servers, but I'm not quite clear on how that's used.
There is a dropdown next to each DNS server field under "Use gateway" and the choices are "NONE" or "WAN_DHCP - wan - (wan IP address)" - which should I use?
Then at the bottom there are two options, "Allow DNS server list to be overridden by DHCP/PPP on WAN" which is currently checked
and "Do not use the DNS Forwarder/Resolver as a DNS server for the firewall" which is currently not checked
And also, by default when I set this up, under Services: Unbound DNS: General, "Enable DNS Resolver" is checked