Quote from: schnipp on December 22, 2024, 11:09:38 AMQuote from: mooh on December 05, 2024, 01:22:09 PMI think what you're looking for is IPv6 privacy extensions. See https://forum.opnsense.org/English_Forums/General_Discussion/IPv6_privacy_extensions_for_WAN_interface
Not sure if that still correct as the article is quite old by now.
It still works like a charme :-)
I have restructured my network (Fritzbox acted as the WAN Gateway in front of the Opnsense and now moved behind the Opnsense in a dedicated VLAN). This is the first time the IPv6 privacy extensions do not work anymore.
- If only an IPv6 prefix is requested via DHCPv6 and the public WAN address is derived from that prefix, IPv6 privacy will not work. It is not clear to me why the WAN address is generated from the MAC address in this case. The subnet technically allows WAN addresses to be derived via SLAAC.
- When requesting an IPv6 prefix and IPv6 address via DHCPv6, IPv6 privacy also does not work because the prefix length of the public IPv6 address is 128 (no available subnet).