give only ULA via RA when WAN is down?

Started by BPplays, February 03, 2025, 01:54:18 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 03, 2025, 01:54:18 AM
is there any way to have opnsense give out RAs for my ULA when WAN is down then return to giving GUA and ULA when WAN is back up? my goal is to have a functional local ipv6 network even if my internet is down
February 05, 2025, 02:01:50 AM #1
You can configure the LAN interface to track the WAN and add a ULA virtual IP (/64 IP alias). radvd will advertise both: The tracked GUA and the static ULA.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
February 06, 2025, 08:53:19 AM #2
Quote from: Maurice on February 05, 2025, 02:01:50 AMYou can configure the LAN interface to track the WAN and add a ULA virtual IP (/64 IP alias). radvd will advertise both: The tracked GUA and the static ULA.

Cheers
Maurice

last i tested it that seems to only advertise a ULA when it also gets a GUA from WAN but i changed some settings since then and haven't had time to test again. are you sure that works even without a PD from your ISP like if your internet is down?
February 06, 2025, 12:41:11 PM #3
Haven't tested it in a long time either. I think this has been fixed at some point, but I'm not entirely sure. Try it. If it doesn't work, I'd consider it to be a bug.
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
February 06, 2025, 01:27:04 PM #4
It works when Router Advertisements are set to unmanaged.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
February 06, 2025, 02:25:16 PM #5
Quote from: meyergru on February 06, 2025, 01:27:04 PMIt works when Router Advertisements are set to unmanaged.

I'm fairly sure hat DHCPv6 can not advertise more than one address range.
February 06, 2025, 04:46:07 PM #6
Unmanaged actually means that no DHCPv6 is in place. I know for a fact that SLAAC can advertise more than one range.

Maybe (IDK) the fact that DHCPv6 cannot advertise more than one range is the reason why RA settings other than "Unmanaged" that allow or call for DHCPv6 besides SLAAC also disable router advertisements of the VIP range alongside.

Matter-of-fact, the ULA is only visible in /var/etc/radvd.conf if "Unmanaged" is chosen for that interface.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
February 06, 2025, 05:04:37 PM #7 Last Edit: February 06, 2025, 05:08:28 PM by dseven
Quote from: meyergru on February 06, 2025, 04:46:07 PMMatter-of-fact, the ULA is only visible in /var/etc/radvd.conf if "Unmanaged" is chosen for that interface.

Sure about that? I added a ULA alias to my guest network as an experiment. It's (still) configured as "Assisted", and both the ULA and the GUA prefixes are there in radvd.conf. Note that if you add an alias (VIP), radvd won't be immediately updated - I had to go to the RA service settings in the UI and "Save" (without changing anything) to get it to happen.

I haven't tried a scenario where the GUA came from tracking a WAN interface that then went out of service (yet).
February 06, 2025, 05:08:43 PM #8 Last Edit: February 06, 2025, 05:12:11 PM by meyergru
Not entirely, but I had "Stateless" and it disappeared. I cannot easily make the GUA disappear, but at least the ULA will remain, so your local IPv6 connectivity should work anyway. Even if all devices still thought that their old GUA still was available, it should work fine, because those should work locally as well.

So, I think it is less about if the GUA disappears but if the ULA is always there, or am I wrong?
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
Print
Go Up Pages1
User actions