Is it possible to advertise ULA prefix only to IPv6 client?

[ccy]

Hi,

When configure the IPv6 network access via PPPoE to my ISP, I am able to obtain an GUA IPv6 address (/64) on LAN interface.  The /64 public GUA prefix do advertise to my Windows configure the IPv6 only network.  The Windows OS have a unique GUA IPv6 too.  It can access to IPv6 internet too, so far so good.

Next, I try ULA IPv6.  I configure a virtual IP on the LAN interface with ULA IPv6 fd01:2:3:4::1/64.  Restart the radvd service, the Windows can has both GUA and ULA address.

Can OPNsense configure to advertise only ULA to the Windows client only?

[Greelan]

I suspect not, unless there is a manual way through config files. But curious - what is your use case for this?

[ccy]

I am trying NPTv6.  As the windows IPv6 client received both GUA and ULA address, I couldn't confirm if IPv6 traffic was evaluated against NPT rule defined in OPNsense.

My next use case is I have configure a IPv6 load balance multi WAN.  I have 3 WAN connections.  All 3 WAN offered only /64 IPv6 GUA.  I think the only option for internal host to utilize the IPv6 multi wan is via ULA.

[bimbar]

Yes, you can do local ULA only + NAT or NPTv6 (just like IPv4).

[meschmesch]

How would a NAT rule look like for ULA? E.g. fd00::

[bimbar]

Internal Networks (possibly fc00::/7) to Any NAT Outgoing on WAN for IPv6, pretty much.

[Greelan]

But geez, why persist with NAT on IPv6 unless it is really necessary?

[bimbar]

Because it is really necessary. There are two main cases:

- You don't have a static IPv6 prefix but still want to do clustering.
- You have a static IPv6 prefix, but want to do multi-wan (you can do NPTv6 in that case).

God knows I tried, but with poor IPv6 support from clients for environments with more than one next-hop, it's not possible to go GUA.

[meschmesch]

Any modifications to Router advertisement? At the moment it is unmanaged. Dhcpv6?

Is there a reason to construct ipv6 subnets for different interfaces?