Messages

dnsmasq DHCP Ranges
Leave the DHCP IPv4 range blank in the domain. In IPv6, add the domain to the internal domain.
IPv6 Advanced Mode, Domain Type: Interface

Hello, you have configured Opnsense with the internal domain and the LAN network in lan.internal and it is the same DHCP range. In my opinion, you should leave the domain configuration in DNSMASQ blank for IPv4 and configure the domain in IPv6 in internal.

Hi, it works for me. Thanks.

It's just a visual error, the ips are update, I also wanted to thank you for all the work, spectacular!!!

Hi, I have the same problem

Hello, I don't see 143 in Gui, it's not available for selection. Only Multicast Listener Report 131
I want to test if it works with my ISP, I get a 131 from my ISP every 2 minutes and I think the reason is that I don't have 143 open

I understand, would it be useful to allow 130 131 132 143 for MLDv2?

130 131 132 143 MLD version 2 is omitted, I think it's necessary. 1 2 128 should be after the Bogonsv6 block and private networks, 1 2 128 are not for local addresses.

Hi, sorry for the delay in replying, the Opnsense rules in IPv6 are fine, they work as expected, without problems, Opnsense only uses 1 2 128 133 134 135 136 and I think that conforming more closely to RFC 4890 would be more practical and a little more secure.

Hi, would it be a good idea to change the automatically generated rules for RFC 4890?

# RFC 4890, section 4.4
pass quick inet6 proto icmp6 to { (self) ff02::/16 } icmp6-type \
   { 133 134 135 136 141 142 130 131 132 143 148 149 151 152 153 }

This is after martians.

# RFC 4890, section 4.3
pass quick inet6 proto icmp6 icmp6-type { 1 2 3 4 128 129 144 145 146 147 }

Is this a good idea ?

Hi, it's worth a try, I only have two interfaces and it looks like this. It works very well for me.


interface igc1 {
  send ia-pd 0; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc pd 0 {
  prefix-interface igc1 {
    sla-id 177;
    sla-len 8;
    ifid 273312202386047166;
  };
  prefix-interface igc0 {
    sla-id 178;
    sla-len 8;
    ifid 273312202386047166;
  };
};


igc0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: LAN (lan)
        options=4e0272b<RXCSUM,TXCSUM,VLAN_MTU,JUMBO_MTU,TSO4,TSO6,LRO,WOL_MAGIC,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether xx:xx:xx:xx:xx:xx
        inet 10.154.96.129 netmask 0xffffff80 broadcast 10.154.96.255
        inet6 fe80::2e0:4dff:fe02:cdb2%igc0 prefixlen 64 scopeid 0x1
        inet6 2a01:cc00:cf00:6eb2:3cb::be prefixlen 64
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
igc1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: WAN (wan)
        options=4e0272b<RXCSUM,TXCSUM,VLAN_MTU,JUMBO_MTU,TSO4,TSO6,LRO,WOL_MAGIC,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether xx:xx:xx:xx:xx:xx
        inet 94.107.56.16 netmask 0xfffffe00 broadcast 94.107.57.255
        inet6 fe80::2e0:4dff:fe02:cdb3%igc1 prefixlen 64 scopeid 0x2
        inet6 2a01:cc00:cf00:6eb1:3cb::be prefixlen 64
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

Hi, interface cxl0 it is not configured in id-assoc pd 0

Hello, what static IP do you have on LAN and network mask?

You're amazing Franco, thanks

I don't see a live view log either.