OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of macklij »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - macklij

Pages: [1]
1
23.7 Legacy Series / DNS Priority, IPv4, IPv6
« on: November 18, 2023, 02:57:09 pm »
I'm enjoying OPNsense and getting to grips with IPv6 on my network.

Background
In summary my setup is very simple: OPNsense on a little PC (https://www.aliexpress.us/item/3256805846674072.html - I really like it!), a couple of switches around the house, a UniFi Cloud Key 2 (no DHCP on this - it's all on the OPNsense) with a couple of UniFi access points.

The OPNSense setup is pretty basic. A WAN with both DHCP and DHCPv6 clients connecting to the ISP (Community Fibre London 1Gb symmetric), from which I get a CGNAT IPv4 address and a /56 IPv6.  On the LAN side I run a DHCPv4 service and let SLAAC do IPv6 addressing.

Question 1
In Windows clients on a wired LAN, I get DNS servers showing as follows using ipconfig /all:
Code: [Select]
DNS Servers . . . . . . . . . . . . .: 192.168.0.1
                                       1.1.1.1
                                       2a02:xxxx:xxxx:xxxx:xxxx:fcff:fe10:6d75

That's all good (IPv4 DNS server addresses are as set in DHCP service, nothing set in Router Advertisement, so using system settings).  My question is, how do I get the IPv6 DNS server address to have priority? Currently, if I do an nslookup it defaults to 192.168.0.1 as the DNS server.

Question 2:
On Wi-Fi, Windows clients don't show the IPv6 DNS server address in ipconfig /all (they do get IPv6 static and temp addresses and gateway):
Code: [Select]
DNS Servers . . . . . . . . . . . . .: 192.168.0.1
                                       1.1.1.1

However, netsh interface ipv6 show dnsservers does show that windows is getting the correct info from RA:
Code: [Select]
Configuration for interface "Wi-Fi"
    DNS servers configured through DHCP:  2a02:xxxx:xxxx:xxxx:xxxx:fcff:fe10:6d75
    Register with which suffix:           Primary only

So what's going on?

Even more curious:

On a couple of iPhones, in Settings>Wi-Fi>'network name'>Info>Configure DNS, all the DNS Servers are shown with the IPv6 DNS address last (just like Windows LAN). But after about 10 minutes following Wi-Fi being turned 'Off and On', the IPv6 DNS server address disappears.

On MacOS on Wi-Fi, it behaves just like Windows on LAN: i.e. Two IP 4 addresses followed by IPv6.

--------------------------------------

I figure the IPv6 info on the clients is just buggy (but I haven't ruled out UniFi as the issue either), but would be interested in peoples thoughts. 

From a strictly OPN perspective, I would ideally like the IPv6 DNS server address to be the highest priority. Is that something that OPNsense can do without enabling DHCPv6?

Thanks in advance :)

2
23.7 Legacy Series / IPv6 on LAN, SLAAC - no temporary addresses
« on: November 16, 2023, 04:49:14 pm »
First post - please be gentle :)

Background
My ISP is Community Fibre (London). The IPv4 bit is CGNAT and working, and I believe I only get a /64 IPv6 subnet (neither ideal).

Using my old Draytek router, I am able to use SLAAC without DHCPv6 and my Windows and Mac clients successfully get/generate an IPv6 address and a temporary IPv6 address as well as an fe80 link local. The only issue is that the Draytek can’t route IPv6 packets quick enough - I only get 300Mbs on a 1Gbs connection (it’s fine on IPv4 which is hardware accelerated). Hence I built an OPNsense box.

All is good on OPNsense IPv4, and I can make IPv6 work too, but I only get one public IPv6 address per client – no temporary one. DHCPv6 is running and seems to be required for this to happen – if I disable the service there are no Ipv6 addresses received via SLAAC. Therefore, I suspect the issue is to do with SLAAC, DHCPv6 and prefixes but I can’t work it out.

The Question
I would like to get IPv6 working in the same way as my Draytek, but faster! I.e. Using SLAAC so that Windows and other clients can create two public addresses – one main one and one temporary. Ideally without DHCPv6, but that would be the icing on the cake.

Is this possible?

My setup
I currently have a WAN interface and a single Bridged LAN interface (3 ports working well). With the following settings I get a single working IPv6 address (plus IPv4 of course)

Interfaces>WAN:
Block private networks – checked
Block bogon networks – checked
IPv4 Configuration Type – DHCP
IPv6 Configuration Type – DHCPv6
MAC address – Spoofing the one my ISP likes

DHCPv6 client configuration:
Basic
Request only an IPv6 prefix – checked
Prefix delegation size - 64
Send IPv6 prefix hint – checked

Interfaces>LanBridge
Block private networks – unchecked
Block bogon networks – unchecked
IPv4 Configuration Type – Static IPv4
IPv6 Configuration Type – Track Interface

Track IPv6 Interface:
IPv6 Interface - WAN
IPv6 Prefix ID – 0x0
Manual configuration – unckecked
(I have previously checked this and tried lots of things. Even after disabling it, the router advertisement config isn’t always cleared – is that a bug?. I end up restoring a backup config)

I have played around with this for hours, so any guidance really appreciated (https://forum.opnsense.org/index.php?topic=27288.msg149991#msg149991 and https://forum.opnsense.org/index.php?topic=36986.0 looked useful, but to no avail)

Thanks in advance.


Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2