Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Track interface different subnet
« previous
next »
Print
Pages: [
1
]
Author
Topic: Track interface different subnet (Read 2875 times)
TiltedFish
Newbie
Posts: 6
Karma: 0
Track interface different subnet
«
on:
May 24, 2020, 08:44:45 am »
I have several vlans managed by opnsense, with a track interface for ipv6 for each one, all works perfectly.
For one of the vlans, i want to advertise a /60 subnet, instead of a /64, but there doesnt seem to be any option to do this.
Is there any workaround for this? I could advertise a /60 in addition to the track interface using radvd, but will that advertised subnet be routable the same as a track interface.
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: Track interface different subnet
«
Reply #1 on:
May 24, 2020, 09:17:02 am »
There are restrictions on IPv6 subnets. From a techrepublic blog:
https://www.techrepublic.com/blog/10-things/10-things-you-should-know-about-ipv6-addressing/
"In an IPv6 address, the first 48 bits are the network prefix. The next 16 bits are the subnet ID and are used for defining subnets. The last 64 bits are the interface identifier"
You can put /64 subnets behind a far router but you can't (or indeed have to) sub-divide your range into larger ranges. You connect your routers with link-local connections (fe80:) and use RADV multicast to advertise the remote subnets.
I can't see any reason other than routing to assign /60 to an OPNsense VLAN. Certainly not a lack of addresses with 18 billion billion in a /64
Bart...
Logged
TiltedFish
Newbie
Posts: 6
Karma: 0
Re: Track interface different subnet
«
Reply #2 on:
May 24, 2020, 09:34:28 am »
I get a /56 from my isp, my other firewalls never had issues allocating /60 subnets downstream.
There are plenty of reasons for doing this, obviously its not about running out of addresses.
I have several ipv6 networks on different subnets and need a way to do IPv6-PD downstream so that other routers can advertise ipv6 networks.
Relatively straight forward network design for ipv6
«
Last Edit: May 24, 2020, 09:38:54 am by TiltedFish
»
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: Track interface different subnet
«
Reply #3 on:
May 24, 2020, 10:47:13 am »
Interfaces: [YOUR WAN INTERFACE]: Manual Configuration
"If this option is set, you will be able to manually set the DHCPv6 and Router Advertisements service for this interface. Use with care."
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Track interface different subnet
«
Reply #4 on:
May 24, 2020, 01:03:48 pm »
Advertising a /60 prefix in Router Advertisements would indeed be highly unusual. In OPNsense this could only be done by configuring an interface statically or by using virtual IPs. This prefix would then also be routed correctly.
But you also mention prefix delegation which is a DHCPv6 feature and completely unrelated to prefixes advertised in RAs. As franco mentioned, adjusting the downstream PD size is possible by switching to manual RA & DHCPv6 mode in the interface's tracking settings.
Cheers
Maurice
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Track interface different subnet
«
Reply #5 on:
May 24, 2020, 01:45:09 pm »
And beware if the prefix changes. If you have a good ISP then the dhcp6 address will be locked anyway. My ISP gives me the ability to use static or dynamic addressing, the prefixes etc are the same in either case. If you have an ISP who likes to change your IA and PD allocations then you are in for a hard time.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
TiltedFish
Newbie
Posts: 6
Karma: 0
Re: Track interface different subnet
«
Reply #6 on:
May 25, 2020, 12:33:25 am »
Thanks for the replies.
I noticed the ability to set downstream ipv6-pd in the dhcpv6 options, but wasent working. Presume because I am using track interface but I have to use static.
Downstream v6-pd i dont think is unusual, common for multiple router setups.
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Track interface different subnet
«
Reply #7 on:
May 25, 2020, 02:06:10 am »
Downstream PD works with track interfaces. If you get a /56 from your ISP, the downstream PD size is /62 in automatic mode. If this works, but a /60 PD size in manual mode doesn't, then you probably miscalculated the PD range from / to values. You might want to post the output of:
cat /var/dhcpd/etc/dhcpdv6.conf
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Track interface different subnet