IPv6 questions

Started by fgsfdgfds, March 09, 2021, 11:43:05 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4
User actions
March 11, 2021, 04:28:45 PM #15
I don't understand the question. You mentioned above:

QuoteI now set LAN to static IPv6:
2A02:x:x:1000::1/64

So this is your LAN address and subnet. And on the OPNsense WAN (which is the Draytek LAN), you mentioned you use the 2a02:x:x:1::/64 subnet. So two different subnets. Looks good to me.
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
March 11, 2021, 09:58:43 PM #16
I don't understand why you don't have the Draytek in bridge mode, let Opnsense handle the PPPoE negotiation... the rest is then easy. There are full instructions for using Zen in the Opnsense wiki.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
March 12, 2021, 11:06:14 AM #17
Yeah tried that multiple times, millions of reboots, network down for hours.
Gave up.
I think if I was starting on a fresh network deployment, I'd do that, but seems to cause alot of hassle to try and swap.
Maybe I'll change to that in the future.
March 12, 2021, 06:39:08 PM #18
If you want me to help you set  it up as a static system send me a pm, more than happy to assist. It doesn't take very long at all to do the basic configuration.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
March 12, 2021, 09:16:01 PM #19
Thanks, I might in the future, still messing trying to get things to behave.
1 thing I have noticed if you change a few things with IPv6, you seem to have to reboot OPNsense, else it just seems to break it.

Anyway, now it have set DHCPv6 to assign IPs between ::2000 - ::4000
I can't work out why some clients seem to get an address in this range.
whilst others seem to just ignore the DHCP and go for something in the whole 64 subnet at random.

Any ideas why this would be?
March 12, 2021, 09:37:06 PM #20
SLAAC. The way ipv6 is designed any client can have multiple addresses. You can switch to managed in which case the only addresses would be those issued by dhcp6d, but then Android devices will not get a v6 address.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
March 12, 2021, 09:41:40 PM #21
to be honest I think I maybe faced with a bare metal full reinstall with no config restore.

after messing with the settings to test stuff, after awhile routing stops.
I check the firewall and it says it's blocking stuff like ipv6 lan addresses to dns port 53 within the lan, that LAN rule should be wide open.

then a load of the services die.
the link to the gateway ipv6 side times out

it's like a cascade, reboot then things seem OK until you want to change/try something

why does this happen?
March 12, 2021, 09:59:40 PM #22
The usual cause is forgotten changes for that type of thing,. You make a couple of changes then reverse one then another... Pretty soon you've got forgotten changes. Backup your config often then reversing out of a situation like that is just reloading a backed up config. One of the reasons I use Zen and statics is that it's one less variable that can change. The only time my Opnsense instance ever needs a reboot is when it gets updated.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
March 12, 2021, 10:16:43 PM #23
the thing I notice is clients seem to get an address of there own in 1000::/64 I have set as the overall subnet
then the same client also get from the DHCPv6 server the address from the set range :2000 - :4000
But this has a /128 subnet shown on the client.
Surely just 1 ip address is enough and in the range I specified and the subnet should be /64 not /128

Its annoying them getting 2 addresses and the subnets seems all messed up for the DHCPv6 offered one
March 12, 2021, 10:28:53 PM #24
The way ipv6 works clients get multiple get multiple addresses, in windows you can disable this, I have it disabled for my servers.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
March 12, 2021, 10:38:02 PM #25
I guessed at that, just worried that if I make PCs (mostly linux) only take 1 address and then opnsense sends an address with /128 at the end. No routing might happen.
March 12, 2021, 10:44:36 PM #26
Why would you have them use only one address? The only reason to do that is if they are servers.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
March 12, 2021, 11:09:29 PM #27
most are servers.
I clearly have soooo much to learn about IPv6.
I now have linux pcs making DNS requests to the LAN DNS on opnsense using fe80:: ip address, OPNsense just block these contiunually and then the linux PC timesout

why do I have DNS requests on port 53 coming from fe80 on a linux PC?
March 12, 2021, 11:48:11 PM #28
I have another question, if you set the DHCPv6 range to a narrow range say ::2000 - ::4000 on a /64
the addresses it hands out show up as /128 on the clients not /64
why is this?  the client then seems to get another address /64 so it is able to have comms with others on the same network.
Seems a bit crazy.

Becasue then it has another address, if I want to block a client on a schedule how can I tell which addresses I need to block?
often the client seems to get 2 or 3 addresses from the /64 subnet
I suppose if every machine gets 3 addresses on the planet, that'll run down the address space a bit quicker, lol
March 12, 2021, 11:57:58 PM #29
Quote from: fgsfdgfds on March 12, 2021, 11:09:29 PM
most are servers.
I clearly have soooo much to learn about IPv6.
I now have linux pcs making DNS requests to the LAN DNS on opnsense using fe80:: ip address, OPNsense just block these contiunually and then the linux PC timesout

why do I have DNS requests on port 53 coming from fe80 on a linux PC?


Quite normal, that's a link local address, if you look a great deal of IPv6 traffic will be using  link-local addresses within your own LAN segment.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
Print
Go Up Pages 1 2 3 4
User actions