Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Client in VLAN gets 2 public ipv6 adresses
« previous
next »
Print
Pages: [
1
]
Author
Topic: Client in VLAN gets 2 public ipv6 adresses (Read 491 times)
crazyducky
Newbie
Posts: 7
Karma: 2
Client in VLAN gets 2 public ipv6 adresses
«
on:
August 25, 2024, 09:11:05 pm »
Hi,
I am using "Track Interface"(from WAN Interface) on my VLAN Interface.
A client in my VLan gets 2 public ipv6 adresses, one from the VLAN (with "Assign prefix ID") and one from my main LAN. Unless the prefix they are equal.
As I am facing ipv6 issues right now, I am curious if this is a correct behavior.
- Opnsense 24.7.1
- ipv6 Dual Stack (Dt. Telekom FTTH)
«
Last Edit: August 25, 2024, 09:13:10 pm by crazyducky
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6848
Karma: 575
Re: Client in VLAN gets 2 public ipv6 adresses
«
Reply #1 on:
August 25, 2024, 09:12:39 pm »
Are you using the same physical interface for the untagged LAN and the VLAN? Don't. Tagged only or untagged only is the recommended way.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
dseven
Sr. Member
Posts: 317
Karma: 34
Re: Client in VLAN gets 2 public ipv6 adresses
«
Reply #2 on:
August 25, 2024, 09:58:21 pm »
What is "A client in my VLan"?
You're probably running into an unfortunate situation where Windows [network drivers] blindly strip VLAN tags from all incoming frames, and forward them into the network stack, instead of discarding them (when VLAN support is not enabled).
It doesn't really matter how they leave the OPNsense box, but (unless you have a proper VLAN-aware NIC), you want to avoid sending *any* VLAN-tagged traffic to Windows.....
Logged
crazyducky
Newbie
Posts: 7
Karma: 2
Re: Client in VLAN gets 2 public ipv6 adresses
«
Reply #3 on:
August 25, 2024, 10:03:47 pm »
The configuration I am talking is a LXC inside a proxmox host. All Linux debian based.
The switch port connected to the host is tagged to this VLAN.
The client is a debian 12 LXC running on a proxmox host. The LXC has no VLAN settings applied, the dhcp ipv4 is from correct VLAN.
The Proxmox host uses ipv4 only but the linux bridge should route everything to the physical port.
No Client in this Proxmox host is using the untagged LAN.
Logged
dseven
Sr. Member
Posts: 317
Karma: 34
Re: Client in VLAN gets 2 public ipv6 adresses
«
Reply #4 on:
August 25, 2024, 10:11:47 pm »
I'm not sure what "The switch port connected to the host is tagged to this VLAN." means either - is the switch configured to send that VLAN, and only that VLAN, *untagged* on that port?
If the LXC shows a SLAAC addresses from a prefix associated with another network, it must have received a Router Advertisement broadcast from that network, somehow....
Logged
dseven
Sr. Member
Posts: 317
Karma: 34
Re: Client in VLAN gets 2 public ipv6 adresses
«
Reply #5 on:
August 25, 2024, 10:20:24 pm »
This might be interesting:
https://forum.proxmox.com/threads/7-x-vlan-leaking-on-bridge.108296/
Logged
dseven
Sr. Member
Posts: 317
Karma: 34
Re: Client in VLAN gets 2 public ipv6 adresses
«
Reply #6 on:
August 25, 2024, 10:25:53 pm »
Or this, if you're trying to use VLAN 1...
https://forum.proxmox.com/threads/vlan-aware-bridges-and-vlan-1.70315/
Logged
crazyducky
Newbie
Posts: 7
Karma: 2
Re: Client in VLAN gets 2 public ipv6 adresses
«
Reply #7 on:
August 25, 2024, 11:16:10 pm »
First of all thank you for your inputs.
I changed the Port tagging setting in my unifi switch.
Was previously set to "Allow all VLANs", now I reduced the allowed VLANs to the few needed and excluded the untagged LAN from this port.
My LXC now get 1 public IP only (from the desired VLAN prefix).
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Client in VLAN gets 2 public ipv6 adresses