IPv6 to VLANs don't work

Started by ldnunes, April 03, 2019, 10:37:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 03, 2019, 10:37:46 PM
I'm having some problems regarding distributing IPv6 to multiple VLANs. After making my WAN interface receive the IP6 address and prefix from my ISP's modem using SLAAC I've made the VLANs track the WAN interface. The hosts in the networks receive the IPs and prefix, but can't receive any inbound packet, as the Neighbor Discovery protocol from the modem to the WAN interface don't work past the WAN interface since it uses link-local for the requests.

I've managed to make it work by creating a bridge between the WAN and one of the VLANs networks, but that would expose the hosts of that network since it puts them at the same physical network of the WAN without the OPNSense firewall.

Any help is appreciated.
April 04, 2019, 12:46:47 AM #1
April 04, 2019, 01:41:18 AM #2 Last Edit: April 04, 2019, 01:45:34 AM by lrosenman
I'm also having issues with just a straight interface :(

Is there any doc/tests/etc on MULTIPLE interface(s) getting DHCPv6-PD prefixes?

I'm *OBVIOUSLY* either missing something or this is busted.
April 04, 2019, 04:13:45 AM #3 Last Edit: April 04, 2019, 04:31:56 AM by lrosenman
I did some playing, and I think(!) there's a bug in how we build dhcp6c.conf....

I replaced the one that OPNSense generated with:
Code Select

interface ngeth0 {
  send ia-pd 0; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_opt3_script.sh"; # we'd like some nameservers please
};
id-assoc pd 0 {
  prefix ::/60 infinity;
  prefix-interface em0 {
    sla-id 0;
    sla-len 4;
  };
  prefix-interface em1 {
   sla-id 1;
   sla-len 4;
  };
  prefix-interface em0.100 {
   sla-id 2;
   sla-len 4;
  };
};


and I get IPv6 addresses on all 3 interfaces, up, down, etc.

Basically, for a track interface, we should add the prefix-interface stanzas for each interface in the tracking group, and then *RESTART* dhcp6c on the interface that's being tracked.

this article: https://major.io/2015/09/11/time-warner-road-runner-linux-and-large-ipv6-subnets/ gives a real good overview (based on linux, but the dhcp6c stuff is the same)
April 04, 2019, 08:01:43 PM #4
I'm on Charter and have my Opnsense box configured to do PD to 4 different internal lans. I didn't "figure out" the restarting the dhcpc process for the wan interface, and handled it with rebooting the box.
AMD Ryzen 3 1200
GA-A320M-S2H
8GB DDR4
Intel X550-T2 10GB
32GB Industrial SSD

Shuttle SZ270R8
Intel i5-6500
8gb ram
120gb ssd
Intel x540-t2 10gb nic
April 04, 2019, 08:17:16 PM #5
when I added a new interface with track WAN, OPNSense didn't even re-write the dhcp6c_opt3.conf file....

Ugh.
April 05, 2019, 12:37:27 PM #6
@Franco: Should I file a GitHub issue on this?

What I'm seeing is:
1) have an existing tracking interface setup on LAN tracking WAN
2) add another interface tracking WAN

expected behavior:
rewrite /var/etc/dhcp6c_<wan name>.conf with both interfaces in prefix-interface stanzas
*RESTART* dhcp6c for the <wan name> interface

Current behavior:
nothing changes, and dhcp6c doesn't assign a prefix to the new interface.
Print
Go Up Pages1
User actions