Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
external access web interface OPNsense over IPv6 on PPPOE
« previous
next »
Print
Pages: [
1
]
Author
Topic: external access web interface OPNsense over IPv6 on PPPOE (Read 2067 times)
MediO
Newbie
Posts: 1
Karma: 0
external access web interface OPNsense over IPv6 on PPPOE
«
on:
November 06, 2019, 10:39:31 am »
Hi all,
I looking for some suggestions on how to access my OPNsense firewall externally over IPv6. I have xs4all as ISP and IPv6 is working over an PPPOE connection. After testing with the option "Request only an IPv6 prefix" i do not get an unicast IPv6 address on my WAN interface.
In the /system/settings/administration - Listen Interfaces i can add the WAN interface but without an Ipv6 address this logically wont work.
The description states "Only accept connections from the selected interfaces." After testing with a firewall rule on the WAN interface and accessing the IPv6 unicast address of the LAN interface i do see 443 traffic allowed but not a working interface(website). It does not appear to be an implicit firewall rule as my rule is hit and allowed, thus it's probably on the application level.
How can i make external access over IPv6 to the web gui of the firewall possible? Possibly bugfix or some other way to make clear what's happening eg entry in logfile or in description?
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: external access web interface OPNsense over IPv6 on PPPOE
«
Reply #1 on:
November 06, 2019, 12:28:51 pm »
I run an OpenVPN tunnel that routes IPv6 to all internal hosts, including the OPNsense web GUI.
Bart...
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: external access web interface OPNsense over IPv6 on PPPOE
«
Reply #2 on:
November 15, 2019, 02:34:17 pm »
If you really can't get a WAN GUA using either SLAAC or DHCPv6, you can manually add one by using a Virtual IP (IP Alias). It would then be advisable to use the first /64 of the delegated prefix for that. So if your prefix is 2001:db8:1234::/48, you could use 2001:db8:1234::1/128 as the WAN GUA. Of course this only works if your prefix is more or less static.
Cheers
Maurice
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
external access web interface OPNsense over IPv6 on PPPOE