Messages

I tried siwtching it between none and track.  It worked at the time.

Awesome!

Also didn't know that THAT is what the prefix ID is for, and why when I changed it I got a different prefix that still started with 2601.  The last 4 of the prefix were different, which means comcast is probably giving me at least a /48 prefix, right?

Did all four hex characters in the fourth quartet change? If so, then I would think so. But your PD (prefix delegation) would be specified in your Comcast Gateway's configuration pages and in your account on their website.

And if SLAAC can't do DNS at all, what would the best method be for syncing them to DNS records?

That's an area I haven't delved into yet. You may want to start a new thread for that.

Edit: I misunderstood your post, so I'm re-replying after re-reading.

Your clients should be creating their own IP addresses based on the RAs (router advertisements) from your OPNsense router through NDP (neigbor discovery protocol). The RAs should be based on the router's LAN address they are seeing on their LAN (or VLAN). If they are constructing their IPv6 with SLAAC starting with 2601, then that's probably the advertisement they are getting from OPNsense. Is OPNsense's LAN address starting with 2601 or 2001? If that's what you meant at the end where you said "Track Interface" was obtaining the old prefix of 2601, then maybe this will help:

I think I remember reading somewhere you can work around DHCP issues somehow by changing the "IPv6 Prefix ID" field on the LAN Interface settings. Usually you would just leave it at 0. But depending on how many /64s you can get out of your prefix delegation, you can change it to select the 2nd /64 prefix, or the 3rd, etc. going up by integers in hex. So I've got a /59. That means there are 5 bits left for subnetting, giving me 2^5 or 32 subnet/prefix IDs. So I can have anything between 0 and 1F there for prefix ID (if my hex math is right). The idea is this: if you change your prefix ID, you can get the service provider's DHCP server's attention when somehow before you were not.

You also could try toggling your LAN IPv6 settings between "None" and "Track Interface" to try to clear it that way.

Regarding DNS, that would be handled via DHCPv6 or static configuration on the host. As far as I know, SLAAC doesn't do DNS. Maybe someone else could chime in on this one.

Earlier, you stated "I have my WAN configured to use DHCPv6 to request only a /64 prefix". You may need to change this by clearing that "Request only an IPv6 prefix" checkbox for the DHCP process to work.

Try looking at your Comcast Gateway WAN Status. For me (Comcast Business Gateway, so it might be different for you) the 8th line was "Delegated prefix (IPv6)" which showed a /56, which I now believe is what's assigned to the wan interface of the Comcast Gateway, not what will be passed down to my firewall in a delegation. What works for me is to request a /59 delegation. Other sizes seem to break prefix delegation, although I don't know why.

Also, strangely, if I request a prefix delegation size of /64 then when I look at Interfaces\Overview, it shows my LAN interface having a /59 prefix but neither routing nor SLAAC works. So, perhaps if you request a /64 then look at your LAN interface status in Interfaces\Overview, you can use the prefix length you see there for the length you should really request in your WAN interface settings.

I went through some similar issues here:
https://forum.opnsense.org/index.php?topic=10915.0

and got them solved by obtaining WAN address and prefix from my service provider with DHCPv6 and setting the prefix size properly (in my case, /59). Then setting LAN to track the WAN interface for its address. Check the link for the details.

If your setup is similar enough and you have questions beyond what's in those posts, I can try to answer them from my working config.

Thanks! This did the trick. I also need to set the prefix length on the WAN interface to /59, but now Track Interface works as well as internal host SLAAC!

I have Comcast Business as my ISP and have a Cisco 3941B Business Gateway. I am running OPNsense 18.7.9 behind it and have recently got IPv6 running (mostly) but I'm having trouble with getting Router Advertisements working with the "Track Interface" setting on the LAN interface of OPNsense.

I did a lot of searching, but none of the guides out there worked for me. Through trial and error, the combination of settings I used to get basic routing functionality were this: Comcast Business Gateway set to Stateful (Use DHCP Server), along with using DHCPv6 on the WAN interface of my OPNsense appliance with 64 bits for the prefix delegation size, which is confusing since the Comcast Business Gateway says I have a delegated /56, but this is the only way I can get it to work. Then I used WAN interface Tracking on the LAN Interface with Prefix ID 0.

With all this set, under Interfaces---Overview, I have a modified EUI-64 auto-configured IPv6 address with a /64 prefix length on my OPNsense WAN interface (not a DHCP IPv6 address). My OPNsense LAN address gets auto-configured with a modified EUI-64 IPv6 address and a /59 prefix, which seems strange (once again) since my Comcast Business Gateway says I have a delegated /56.

Then, if I manually configure my hosts sitting behind the OPNsense appliance with appropriate IPv6 addresses in the same subnet as the OPNsense LAN interface and use its address as the default gateway, then routing works and I am able to get IPv6 internet access with my hosts. So this is a big success!

However, I can't figure out how to get my router advertisements working properly with the above configuration, which would allow me to use automatic configuration for my LAN hosts. SLAAC only seems to work if I manually configure my OPNsense LAN interface's IPv6 address with the one it would have gotten from "Track Interface" and to use a /64 prefix length. My Router Advertisement settings are set to "Stateless", "Normal" router priority, "Advertise Default Gateway" checked, and "RA Sending" checked.

How can I get SLAAC for LAN hosts working along with "Track Interface" on the LAN interface of my OPNsense appliance?