Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
IPv6 Track Interface with preferred interface suffix?
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPv6 Track Interface with preferred interface suffix? (Read 1948 times)
FF2PacketPusher
Newbie
Posts: 4
Karma: 0
IPv6 Track Interface with preferred interface suffix?
«
on:
October 22, 2021, 09:45:59 pm »
First post here, so hello everyone! I'm a recent convert from OpenWRT, tried pfSense but I feel it didn't really live up to the hype and the UI is atrocious... Decided to install OPNSense and I've loved it so far!!
In OpenWRT I was able to assign the interface identifier of a delegated IP6 prefix to a LAN interface. I'm trying to end up with assigning my firewall an IP of ::1 out of my delegated (tracked) prefix for each LAN interface, but still have the prefix update if the delegated prefix changes from my upstream ISP. Is this possible with OPNSense?
Thanks!
Richard
Logged
bimbar
Sr. Member
Posts: 440
Karma: 25
Re: IPv6 Track Interface with preferred interface suffix?
«
Reply #1 on:
October 23, 2021, 04:17:50 pm »
I don't think so. There is a whole set of feature requests about static suffixes with dynamic prefixes, firewall rules with dynamic prefixes and NPT with dynamic prefixes, but none of that yet exists.
I'd recommend using static ULA addresses or link-local addresses via alias or CARP, if that is possible in your case.
«
Last Edit: October 23, 2021, 06:33:47 pm by bimbar
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6871
Karma: 577
Re: IPv6 Track Interface with preferred interface suffix?
«
Reply #2 on:
October 23, 2021, 05:30:20 pm »
My experience has been that the "happy eyeballs" implementation of Apple devices ignores IPv6 when only ULA prefixes are present. This might have changed, I have not looked into this issue any further.
If it's a simple home/small office LAN you can of course borrow a global unicast /64, from someone who has got e.g. a /56 or /48 assignment. If you NAT that for outgoing traffic, nothing bad is going to happen. Don't pick a global unicast /64 at random, though. You might blackhole $something for you just by accident.
Kind regards
Patrick
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
FF2PacketPusher
Newbie
Posts: 4
Karma: 0
Re: IPv6 Track Interface with preferred interface suffix?
«
Reply #3 on:
October 23, 2021, 11:19:11 pm »
I like the idea of using a GUA based range for my home network and doing NAT on it. One of my cloud providers hands out a routable /48 with every VPS, so I could easily use one of those and as long as I don't use it in the cloud, I'd never blackhole myself. I was thinking of even doing a P2P Wireguard tunnel and just using that entirely for my IPv6 and don't use my PD from Comcast at all. Or setting up an HE.net IPv6 tunnel.
Sounds like it's decision time. lol
Thank you both pmhausen and bimbar for the suggestions.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
IPv6 Track Interface with preferred interface suffix?