Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Devices cannot get IPv6 GUA
« previous
next »
Print
Pages: [
1
]
Author
Topic: Devices cannot get IPv6 GUA (Read 1609 times)
tknv
Newbie
Posts: 4
Karma: 0
Devices cannot get IPv6 GUA
«
on:
January 04, 2024, 01:21:07 pm »
I expect devices can get IPv6 GUA when connected to a switch.
Seems only DNS(LAN6 IPv6(GUA) address which get from ISP) is supplied to vlan600 device by SLAAC.
Network
https://i.postimg.cc/dt7rVMqn/lan6.png[/img]]
The interface LAN6 can get IPv6 GUA address from ISP.
But devices which connect to switch vlan600 cannot get IPv6 GUA.
I tried to RA:Unmanaged, but a client could not get IPv6 address.
OPNsense setup:
Interface: WAN
IPv4 Configuration Type: PPPoE
IPv6 Configuration Type: DHCPv6
Request only an IPv6 prefix: Checked
Send IPv6 prefix hint: Checked
Use IPv4 connectivity: Checked
Interfaces: LAN6
IPv4 Configuration Type: None
IPv6 Configuration Type: Track Interface
Track IPv6 Interface
IPv6 Interface: WAN
Manual configuration: Checked (Allow manual adjustment of DHCPv6 and Router Advertisements)
Services: Router Advertisements: LAN6
Router Advertisements: Assisted
Router Priority: High
Advertise Default Gateway: Checked
IPv4(uses another NIC, not same NIC of LAN6) devices(connected to vlan2) are no issue at all.
Logged
Saarbremer
Sr. Member
Posts: 353
Karma: 14
Re: Devices cannot get IPv6 GUA
«
Reply #1 on:
January 04, 2024, 02:55:06 pm »
Hi,
there is some info missing about your config:
* What is the prefix ID configured per each LAN?
* What is the prefix size from ISP / assigned to your LAN?
* Did you enable manual configuration of DHCPv6 and RA on each interface?
P.S.: Thanks for using a UML component diagram. That made my day. :-)
Logged
tknv
Newbie
Posts: 4
Karma: 0
Re: Devices cannot get IPv6 GUA
«
Reply #2 on:
January 04, 2024, 03:38:03 pm »
Thank you very much for your response.
LAN6 got IPv6 GUA: 2001:x::xxxx/56
> What is the prefix ID configured per each LAN?
Only LAN6 interface for IPv6 now.
Interfaces: [LAN6]
...
Track IPv6 Interface
IPv6 Interface: WAN
IPv6 Prefix ID: 0x0 << is set.
Manual configuration: Checked (Allow manual adjustment of DHCPv6 and Router Advertisements)
> What is the prefix size from ISP / assigned to your LAN?
I believe it is 56.
> Did you enable manual configuration of DHCPv6 and RA on each interface?
Only interface [LAN6] is for IPv6 and RA is set as:
Services: Router Advertisements: LAN6
Router Advertisements: Assisted
Router Priority: High
Advertise Default Gateway: Checked
Advertise Routes: set nothing.
DNS options: Checked(Use the DNS configuration of the DHCPv6 server)
DNS options: Not checked(Do not send any DNS configuration to clients)
DHCPv6 is not set on LAN6. My understanding is not needed due to expected DHCPv6 at ISP.
But I am not sure. Is it needed?
If needed, I would like to know what parameters are needed to be set there.
P.S. I like to use UML component diagram to explain network device/port/vlan etc. Looks easy to understand all(most) about networking there.
Logged
Saarbremer
Sr. Member
Posts: 353
Karma: 14
Re: Devices cannot get IPv6 GUA
«
Reply #3 on:
January 04, 2024, 06:35:44 pm »
Hi,
the setting router advertisements to assisted without having a DHCPv6 present is not what you want. Assisted means stateful dhcpv6 configuration, so you want your DHCPv6 then. However, setting RA to stateless renders the need for a dhcpv6 server obsolete. Remember, DHCP is essential in IPv4 but DHCPv6 is not in IPv6.
Setting your LAN to "track IPv6 Interface" = WAN does not mean LAN is using your ISP's DHCPv6 server. It just refers to your OPNsense box to obtain the prefix and everything else delegated from the ISP. The Prefix ID has to be different on every interface using this configuration.
You should re-check the prefix sizes. A prefix of /56 in one LAN is discouraged. A prefix of /64 should be the way to go.
Did you try to remove the "manual configuration" flag first and see what happens? The situation could just be a misconfiguration to fail with your ISP's behaviour or your ISP could do some bad stuff.
Think about using DHCPv6. If you don't need it, don't use it. But then switch off the managed flag by selecting sth else than managed or assisted.
On the positive side: You have a LAN IPv6, at least something works.
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Devices cannot get IPv6 GUA
«
Reply #4 on:
January 04, 2024, 06:59:56 pm »
Have you tried plugging a PC directly into the OPNsense LAN6 port? Just to rule out a switch issue. Some switches do funny stuff like RA blocking by default.
Cheers
Maurice
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
tknv
Newbie
Posts: 4
Karma: 0
Re: Devices cannot get IPv6 GUA
«
Reply #5 on:
January 09, 2024, 05:30:51 am »
Hi Saarbremer,
Thank you for the advice.
Track IPv6 Interface
...
Manual configuration: No check (Allow manual adjustment of DHCPv6 and Router Advertisements)
Then LAN6 client get IPv6 GUA. After removing the "Manual configuration". OPNsense remove DHCPv6 and RA setting for the LAN6 interface.
But luckily at the LAN6 client IPv6 primary DNS is LAN6 IPv6 GUA address. Thus, I can handle the IPv6 DNS request at the OPNsense.
But a bit worry, I feel strange about remove the "Manual configuration". Once remove it, we lose control DHCPv6 and RA.
Hi Maurice, thanks for the comment. I use same switch OS and different ISP, but IPv6 GUA is working. So I think it is not blocked now. But agreed, need to doubt it as well.
Regards,
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Devices cannot get IPv6 GUA
«
Reply #6 on:
January 10, 2024, 07:01:28 pm »
By default (manual configuration disabled), Router Advertisements and the DHCPv6 server automatically get configured for good compatibility with most devices and common use cases. If you require specific settings and are familiar with radvd and dhcpd6, you can enable manual configuration. There are no default "just works" settings in this mode though. Manual means manual.
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
tknv
Newbie
Posts: 4
Karma: 0
Re: Devices cannot get IPv6 GUA
«
Reply #7 on:
January 12, 2024, 02:24:26 am »
Hi Maurice, I agreed need to know more about IPv6 and also my ISP.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Devices cannot get IPv6 GUA