Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Adding (or changing) IPv6 link-local address on DHCPv6 addressed interface
« previous
next »
Print
Pages: [
1
]
Author
Topic: Adding (or changing) IPv6 link-local address on DHCPv6 addressed interface (Read 621 times)
MinutesTagger
Newbie
Posts: 1
Karma: 0
Adding (or changing) IPv6 link-local address on DHCPv6 addressed interface
«
on:
April 29, 2023, 01:11:00 pm »
Hello,
Is there a way to add an additional IPv6 link-local address for a WAN interface that is already configured to get a global-unicast address via DHCPv6 (or get FreeBSD to use a spoofed MAC address to derive its link-local address)?
I am trying to configure OpnSense for the first time.
I am attempting to configure it to spoof the router supplied by my Internet Service Provider which is dual-stack IPoE with the WAN interface addressed via DHCPv4/DHCPv6 and with DHCPv6 prefix delegation.
I have configured a spoofed MAC address of the Opnsense WAN interface so that is the same as the ISP supplied router it will be replacing and that seems to work fine.
However, FreeBSD does not use that spoofed MAC address when generating the EUI64 link-local address for the WAN interface. It still uses the default MAC address for the interface hardware. In the output below, the LLA fe80::daec:5eff:fe71:ffb3 has been generated from the MAC d8:ec:5e:71:ff:b3 rather than the spoofed 3a:35:84:bf:01:f4:
$ ifconfig xn1
xn1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WAN (opt1)
ether d8:ec:5e:71:ff:b3
hwaddr 3a:35:84:bf:01:f4
inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
inet6 fe80::daec:5eff:fe71:ffb3%xn1 prefixlen 64 scopeid 0x6
It means when the Opnsense box is swapped in, the upstream Broadband Network Gateway repeatedly attempts and fails to neighbour discover a now non-existent link-local address.
Perhaps FreeBSD has generated the link-local address before the Opnsense configuration to use a spoofed MAC address has been applied?
Is there a way to either add an additional link-local address derived from the spoofed MAC?Or even better get the default link-local address to be generated from the spoofed MAC address? What would be the appropriate file to edit/create to do this from the FreeBSD shell if there is no way to do this from the GUI?
«
Last Edit: April 29, 2023, 01:21:46 pm by MinutesTagger
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Adding (or changing) IPv6 link-local address on DHCPv6 addressed interface
«
Reply #1 on:
May 02, 2023, 07:38:20 am »
Virtual IPs in the link-local scope are possible for all interfaces... you can even assign the same one to each interface so you never have to remember more than one per box... but make sure you use a /64 bitmask.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Adding (or changing) IPv6 link-local address on DHCPv6 addressed interface