Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
IPv6 /56 wan without upstream static routing
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPv6 /56 wan without upstream static routing (Read 2261 times)
mmaridev
Newbie
Posts: 10
Karma: 0
IPv6 /56 wan without upstream static routing
«
on:
April 12, 2023, 11:55:48 am »
Hi,
my (cloud) provider delivers me a /56 subnet. Their gateway is the first IP of the subnet. The /56 is not statically routed through the MAC of my NIC, I need NDP. Also, DHCPv6 is not provided on their end.Setting up a WANv6 IP for OPNsense works fine. I'm able to allocate a ::2/56 IP, set ::1 as gw and the firewall can ping / reach the internet on v6. What I can't get to work is traffic from the LAN / other interfaces.
I have tried many different configurations but none of these announced via NDP the IPs I had on other interfaces and on the clients. Also Router Advertisements wasn't helpful, even when manually putting a /64 under Advertise Routes. This way I see from tcpdump the packages leaving on the WAN, then the solicitations arriving from the upstream router but no answer from OPNsense.
What's the right way to do this?
Logged
zan
Full Member
Posts: 175
Karma: 31
Re: IPv6 /56 wan without upstream static routing
«
Reply #1 on:
April 12, 2023, 03:15:58 pm »
Let say xxxx:xxxx:xxxx:xx00::/56 is your given prefix.
You slice that prefix into multiple /64 prefixes, from xxxx:xxxx:xxxx:xx
00
::/64 to xxxx:xxxx:xxxx:xx
FF
::/64.
You can then assign each /64 prefix to each interface.
It's up to you how you gonna do it. I suggest something like this:
xxxx:xxxx:xxxx:xx
00
::2/
64
to WAN address since your ISP is using the ::1 for your upstream gateway.
xxxx:xxxx:xxxx:xx
01
::/64 for LAN. Assign the ::1/64 to LAN address, assign WAN address to its upstream gateway.
xxxx:xxxx:xxxx:xx
02
::/64 for VLAN2, xxxx:xxxx:xxxx:xx
03
::/64 for VLAN3, and so on.
Enable radvd on each interface and set it to 'Unmanaged' for SLAAC and check the 'Advertise default gateway'.
All your clients will get their addressess from SLAAC and you should have a working IPv6 at this point.
Logged
mmaridev
Newbie
Posts: 10
Karma: 0
Re: IPv6 /56 wan without upstream static routing
«
Reply #2 on:
April 13, 2023, 10:17:33 am »
Hi Zan,
thank you so much for your reply.
I modified my setup as per your suggestion. IP assignation via SLAAC works fine.
Unfortunately, the behaviour doesn't change. From a client in LAN i can ping both the OPNsense LAN IP and WAN IP but not the upstream gateway nor anything else in the WAN.
Thank you,
Marco
Logged
heaven73
Newbie
Posts: 12
Karma: 1
Re: IPv6 /56 wan without upstream static routing
«
Reply #3 on:
June 02, 2023, 02:00:38 pm »
Hello everyone i configured also the /64 slices and the the /56 static and i have the same behaviour from the wan i can ping from the lan not. also RADV didnt help. anyone has a clue?
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: IPv6 /56 wan without upstream static routing
«
Reply #4 on:
June 02, 2023, 02:27:00 pm »
You don't configure a /56 static on WAN. Either you chose a separate /64 or use a /128 single address.
Cheers,
Franco
Logged
axguru
Newbie
Posts: 5
Karma: 1
Re: IPv6 /56 wan without upstream static routing
«
Reply #5 on:
August 08, 2023, 01:41:41 pm »
Hi there,
I have a setup similar to OP's. My provider gave me a /56 subnet where xxxx:xxxx:xxxx:xx00::1 is the ISPs router.
I tried to recreate Zan's solution but can't configure xxxx:xxxx:xxxx:xx00::2 as the upstream gateway for LAN, it says the address is outside the LAN subnet. xxxx:xxxx:xxxx:xx01::1/64 is the LAN Interface address.
Hope someone can help me.
Kind regards
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: IPv6 /56 wan without upstream static routing
«
Reply #6 on:
August 08, 2023, 02:04:42 pm »
Don't specify a static gateway unless your provider tells you to.
Make sure ICMPv6 is allowed so the WAN interface can use NDP
https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: IPv6 /56 wan without upstream static routing
«
Reply #7 on:
August 08, 2023, 03:58:55 pm »
@axguru You don't configure an upstream gateway for the
LAN interface
, only for the
WAN interface
.
If you do indeed have the same issue as the OP (the provider not routing the /56 to your WAN address, but instead performing ND for every single address), there is no workaround I'm aware off. OPNsense doesn't have an ND proxy.
Why do providers do that? That's not how routing works.
Cheers
Maurice
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
IPv6 /56 wan without upstream static routing