Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
IPv6, prefix delegation, and undocumented default behavior
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPv6, prefix delegation, and undocumented default behavior (Read 1216 times)
alienbaby
Newbie
Posts: 1
Karma: 0
IPv6, prefix delegation, and undocumented default behavior
«
on:
February 10, 2023, 05:05:50 pm »
I'm running a Comcast Business connection with a static /29.. which also comes with a IPv6 /56.
I have multiple DMZs.. and a transit connection (VLAN 3000) from the OpnSense 23.1 firewall to a Cisco 3560G. The 3560G acts as a core router for multiple other VLANs.
In my case, I migrated from pfSense. So I already had a semi-working configuration in which the Cisco 3560 requested a prefix delegation from the firewall, and then assigned two of the /64 from the delegation to two subnets.
Using OSPFv3 to advertise IPv6 between the C3560 and the Firewall.
I'll like to note that OpnSense appears to spin up a DHCPv6 server on all interfaces that Track a prefix delegation.
The [invisible] OpnSense DHCPv6 server then appears to take a block of IPv6 subnets from the delegation it received from the ISP (Comcast) and then further delegates them as /63.
Question: Where is the code that creates the invisible DHCPv6 server ? I'd like to change the default delegation from /63 to /62 or /61
---
prefix delegation received by WAN interface (IPv6 DHCP) was 2001:db8:1:5280::/59
WAN IPv6 set to DHCPv6
WAN DHCPv6 client configuration
. Configuration Mode - basic
. Request only an IPv6 prefix - checked (prefix delegation is not requested without this box checked; bug?)
. Prefix delegation size - 59 (irrelavant, doesnt change the delegation received; comcast router only gives out /59)
. Send IPv6 prefix hint - checked
. Use IPv4 connectivity - unchecked
. Use VLAN Priority - Disabled
LAN IPv6 set to track interface WAN
. Track IPv6 Interface set to WAN
. Allow manual adjustment of DHCPv6 and Router Advertisement - unchecked (if checked, kills the invisible/default/unconfigurable DHCPv6 server) ( if checked, you can manually add a prefix delegation(s) for downstream routers; assuming they are within the /59 or /60 block received by the firewall.)
[ be aware, there do appear to be multiple bugs in the UI for IPv6. If you attempt to use Configuration Mode Advanced on the WAN IPv6 DHCPv6 client configuration section, then it's a bear to get it to start requesting the prefix delegation again (as observed using tcpdump) ]
FRR (os-frr) plugin is installed; OSPFv3.
----
option dhcp6.domain-search "home.net";
option dhcp6.rapid-commit;
default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
ping-check true;
update-conflict-detection false;
authoritative;
subnet6 2001:db8:1:5281::/64 {
range6 2001:db8:1:5281::1000 2001:db8:1:5281::2000;
prefix6 2001:db8:1:5290:: 2001:db8:1:5298::/63;
}
ddns-update-style none;
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: IPv6, prefix delegation, and undocumented default behavior
«
Reply #1 on:
February 10, 2023, 08:09:54 pm »
The code doing auto-DHCPv6/RA on tracking interfaces originates from pfSense actually, but has gone through a number of improvements on our end. To edit the configuration manually the option "Allow manual adjustment of DHCPv6 and Router Advertisements" is present right under the tracking option in the interface settings.
Enabling this option makes DHCPv6/RA configurable on a tracking interface (off by default). There is no way to do cherry-picking on the auto-mode, but what you want to configure can be configured manually with suffix addresses (::xxx) appended to the WAN prefix.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
IPv6, prefix delegation, and undocumented default behavior