IPv6: old prefixes blocked after prefix changes

Started by herrhannes, April 09, 2023, 10:12:43 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 09, 2023, 10:12:43 AM Last Edit: April 09, 2023, 03:53:55 PM by herrhannes
Hello,

as my WAN connection is unfortunately a VDSL connection with a daily reconnect, I stumble into the following issue: At each reconnect, I get assigned a new prefix which is then distributed to the network clients as well.
But only this new prefix seems to be part of the definition of "LAN Net", therefore all connections using the addresses based on the old prefix are blocked by the default deny rule.

Is this actually intended behavior? Linux clients seem to always use the latest prefix but MacOS and iPhone e.g. do not and are consequently blocked from reaching "the internet". Local addresses such as the virtual IP of OPNsense are still reachable.
How could I circumvent this issue without allowing IPv6 traffic from any to any on the LAN Interface?

Edit: The firewall rules were probably the wrong lead as that should be the correct behavior. Only the deprecation did not work as expected?!
April 09, 2023, 03:52:18 PM #1 Last Edit: April 10, 2023, 12:23:56 PM by herrhannes
AdvDeprecatePrefix = on seems to have helped. Shouldn't that be the default configuration?
Maybe it's also just a coincidence...

Edit: No, it didn't. My Apple devices still do not get the deprecation and continue to use the old IPs.
Why?
Print
Go Up Pages1
User actions