Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
IPv6 Subnetting Assistance Please (Routed Only)
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPv6 Subnetting Assistance Please (Routed Only) (Read 944 times)
ProximusAl
Full Member
Posts: 111
Karma: 15
IPv6 Subnetting Assistance Please (Routed Only)
«
on:
January 05, 2023, 01:23:38 pm »
Hi All,
I'm after some advice on the IPv6 side of things.
I'm looking to replace an EdgeRouter 12 that sits at the edge of my network and does routing only.
My ISP provides me a leased line, with a transit address for the WAN /31 (/127) and a subnet behind that I can route. /29 (/56)
I've installed OPNSense on a new router, and done the following:
Configured the LAN interface as management only (Disabled DHCP and Static IPv4 on my existing LAN)
Configured an SFP+ as the WAN with both my 31.x.x.11/31 and 2a00:xxxx:xxxx:xxxx::709/127 with the appropriate gateways created in OPNsense, namely:
31.x.x.10 and 2a00:xxxx:xxxx:xxxx::708
I have then configured another SFP+ as my routed LAN if you like (Devices on where the other subnet will reside) with the first IP of my routed subnet, namely:
81.y.y.193/29 and 2a00:yyyy:yyyy::1/64 (Which is a 64 chunk I've ripped from the /56)
This SFP+ enters into a normal switch, where other downstream devices are connected.
I have ensured that NAT is disabled under Firewall/NAT/Outbound, as I just want this to be routing only.
Now aside from the firewall rules (which will basically be fully open, as I have firewalls downstream of this one), I'm struggling with one particular area.
On my EdgeRouter, I have Static routes for the IPv6 to split it into chunks, so that downstream devices can have a /60 chunk each.
So downstream for example, I have the following:
WatchGuard UTM Device - 81.y.y.
194
and 2a00:yyyy:abcd::
10
Unifi UDM Pro - 81.y.y.
195
and 2a00:yyyy:abcd::
20
In other words, I am routing manually:
2a00:yyyy:yyyy:
0010
::/60 to 2a00:yyyy:abcd::
10
2a00:yyyy:yyyy:
0020
::/60 to 2a00:yyyy:abcd::
20
This works, and allows each downstream router to have a /60 chunk of my /56 allocation, and RADVD out a /64 of this allocated /60 to clients.
On the EdgeRouter config it looks like this:
route6 ::/0 {
next-hop 2a00:xxxx:xxxx:xxxx::708 {
}
route6 2a00:yyyy:yyyy:0010::/60 {
next-hop 2a00:yyyy:abcd::10 {
}
}
route6 2a00:yyyy:yyyy:0020::/60 {
next-hop 2a00:yyyy:abcd::20 {
}
I am struggling to find where to recreate this in OPNSense, as when I look at Edit Route, it only allows Network Address, and Gateway.
Is there nowhere in OPNSense that allows you to do next hop, or do I have to create gateways for each and every device downstream perhaps?
I'm sorry for the long winded post, but I am extremely keen to swap out the old EdgeRouter with OPNSense.
Thank you in advance for your time.
Logged
ProximusAl
Full Member
Posts: 111
Karma: 15
Re: IPv6 Subnetting Assistance Please (Routed Only)
«
Reply #1 on:
January 05, 2023, 03:20:21 pm »
I'm not sure if this is right or not, but I've done the following:
Added the following gateways:
2a00:yyyy:abcd::10 (IPv6_0010_60)
2a00:yyyy:abcd::20 (IPv6_0020_60)
And then added the following routes:
Network Address 2a00:yyyy:yyyy:0010::/60 with gateway IPv6_0010_60
Network Address 2a00:yyyy:yyyy:0020::/60 with gateway IPv6_0020_60
I cant really test this out yet, as I'm waiting for some more hardware, but hopefully someone can confirm if this is correct?
Thanks
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
IPv6 Subnetting Assistance Please (Routed Only)