Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Multi-homing Dual WAN on IPv6 with dynamic /64 global prefixes
« previous
next »
Print
Pages: [
1
]
Author
Topic: Multi-homing Dual WAN on IPv6 with dynamic /64 global prefixes (Read 3307 times)
Hikari
Newbie
Posts: 2
Karma: 0
Multi-homing Dual WAN on IPv6 with dynamic /64 global prefixes
«
on:
October 02, 2020, 05:04:33 am »
Hello everybody.
I was googling for solutions and found
https://github.com/opnsense/core/issues/2544
then decided to register on forum to describe my situation.
Quick summary: I have 2 ISPs at home, both provide me only /64 global prefixes and little frequently they are changed. I'd like to do load balancing and fail over on IPv6 as I have for IPv4. Today I use OpenWRT.
These are my main issues / needs:
1) One ISP uses GPON, IP is provided by PPPoE. The other uses HFC, IP is provided by DHCP. Both modens are on bridge mode.
2) Both provide a unique /64 global prefix each. I took months discussing with both and demanding to properly follow IPv6 standard with no success. I'd like to use VLAN.
3) I'd like to have load balancing to benefit from both links and failover.
3.1) Today failover on OpenWRT with mwan3 isn't working, even on IPv4. IDK why, when ISP2 goes offline, Internet remains working on ISP1. But if ISP1 goes offline, everything using Internet go offline and it takes almost 1min for ISP2 be back available.
4) Both ISP global prefixes are being delegated for all devices on LAN.
5) It's not frequent, but it happens on both of prefixes changing. I'm not sure what triggers it.
6) My LAN currently has 3 Windows PCs, 2 Windows laptops, 2 Linux/BusyBox NAS, 1 small Ubuntu server, 1 Android phone, plus TV, Yamaha receiver, 3DS, WiiU, Switch.
7) As you can imagine I do a lot of remote access, so I need them to have a fixed reliable address, and also a domain name under my LAN domain.
Yeah, a lot of issues and rare situations bound together.
I've been using OpenWRT for a few years. In the past I had found ppl trying to develop solutions for similar situations, but found nobody that succeeded. A few days ago I was looking how pfSense manages it, figured it doesn't support dynamic global prefix and ended up on OPNsense.
Changing any of these ISPs isn't an option, I'm alrdy glad I'm not stuck on only 1 as most ppl in Brasil are. Indeed, when I was demanded them to provide /56 prefix, a tech guy from NET/Claro told me that only government companies are forced to follow public Internet protocols as IPv6, that as they are private companies they can use their own proprietary protocols, and it's my problem if anything doesn't work, and somebody from ombudsman told me that I'm welcome to close contract if I want.
Years ago I had studied IPv6 (I'm far from being expert) and figured its issues. It's great its designer envisioned that every device would have its own global address, and I'd gladly follow that. But I've been seeing that IPv6 has flaws that make easy for unethical ISPs to exploit. It's very troubling to have ISP defining my LAN IP addresses, both on their prefixes - and changing them whenever they want - and blocking me from using VLAN.
Because of these issues and for easier configuring load balancing and failover, I believe NPTv6 would be the simplest solution.
OpenWRT doesn't have native support for NPTv6. pfSense has, but only if WAN prefix is static, it seems that whenever any ISP changes its prefix we need to manually change it on settings. OPNsense has that ticket opened and worked on, which gave me hope.
I'm not sure what to set for ULA so that any device would use IPv6 over IPv4. I believe the solution would be to set a unique ULA / fake GUA /56 prefix, distribute its /64 to VLANs as needed, then load balancer chooses which WAN to use, then NPTv6 translate this internal prefix to current GUA one.
I understand how hard it is to identify when WAN PD changes and propagate it for DNS server, SLAAC, DHCPv6 server, etc. But it's unpractical to keep changing it manually, and I alrdy have the /64 issue.
Regarding fixed address, IDK how OPNsense and pfSense does it. On OpenWRT it's pretty easy. It lists each known device by its MAC and we define its IPv4 address, its IPv6 suffix and its host name. dnsmasq uses that to attribute its (both prefix) address on DHCPv6 and resolves its DNS names to their addresses. How can that be done on OPNsense?
So, this is it. If I find that OPNsense can solve my needs I'll build a custom router and learn to use it. I thank everybody who worked on making it happen and maintains it and anybody who reads this post
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Multi-homing Dual WAN on IPv6 with dynamic /64 global prefixes