OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 21.7 Legacy Series »
  • IPv6 all static in DC
« previous next »
  • Print
Pages: [1]

Author Topic: IPv6 all static in DC  (Read 1602 times)

marcelmah

  • Jr. Member
  • **
  • Posts: 61
  • Karma: 3
    • View Profile
IPv6 all static in DC
« on: October 15, 2021, 04:55:42 pm »
Hi,

I have OPNsense 21.7.3_3 running on a XCP-ng host as a VM.
We have several IPv4 ranges and one IPv6 range.

IPv4 works as expected, I'm having trouble getting IPv6 working.

Our DC gave us this information (I changed some letters!):
Prefix: 2a00:xxx:13x::/48
Subnet: 48
Router 1: 2a00:xxx:13x::1 (don't use as a gateway)
Router 2: 2a00:xxx:13x::2 (don't use as a gateway)
Gateway: 2a00:xxx:13x::3

Start Range: 2a00:xxx:13x:0:0:0:0:4
End Range: 2a00:xxx:13x:ffff:ffff:ffff:ffff:ffff

I created a single gateway with address: 2a00:xxx:13x::3
I gave my WAN address 2a00:xxx:13x::5 /48 (4 is in use on another Linux VM)
I gave my LAN address 2a00:xxx:13x::6 /48
I gave a Windows VM behind the OPNsense 2a00:xxx:13x::7 /48

If I ping from OPNsense to Google IPv6 DNS I get a response when I use the WAN as a source.
When I use the LAN as the source, no dice.

Windows VM also has no Internet connection using IPv6.

What am I doing wrong here? and yes I'm pretty new in the IPv6 game, I have it running at home, also in OPNsense but my ISP provides a DHCPv6 address.

Kind regards,

Marcel
Logged

Patrick M. Hausen

  • Hero Member
  • *****
  • Posts: 6735
  • Karma: 568
    • View Profile
Re: IPv6 all static in DC
« Reply #1 on: October 15, 2021, 06:18:42 pm »
All assigned addresses are /64 in IPv6. And even if they weren't you cannot have one address of the /48 on one interface and another one from the same /48 on another interface. Same as in IPv4. Different prefix for each network/interface.

What that means is that your provider gave you a /48 so you can cut it in 655536 different /64s. And then use one of those for each interface of your OPNsense, for remote LANs, for "dialup" VPNs, ... to your heart's content.

And it looks like your WAN is 2a00:xxx:13x::/64, so 2a00:xxx:13x::4 or 2a00:xxx:13x::5 as you picked is OK for WAN, but with a /64 prefix length.

Then pick e.g. 2a00:xxx:13x:8000::/64 for your LAN and e.g. the same host address as for WAN for your OPNsense again: 2a00:xxx:13x:8000::4/64 or 2a00:xxx:13x:8000::5/64

That isn't mentioned because that's just how IPv6 addressing works. There are always /64 prefix lengths, only.

HTH,
Patrick
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

marcelmah

  • Jr. Member
  • **
  • Posts: 61
  • Karma: 3
    • View Profile
Re: IPv6 all static in DC
« Reply #2 on: October 15, 2021, 11:36:00 pm »
Hi,

I did not change my single gateway.
I changed the prefix on my WAN to 2a00:xxx:13x:0:0:0:0:5 /64
I changed my LAN to 2a00:xxx:13x:8000::5 /64

I can still ping to Google DNS from WAN but not from LAN.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 21.7 Legacy Series »
  • IPv6 all static in DC
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2