IPv6 Rules with Gateway not working.

Started by novel, February 13, 2024, 06:09:13 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
February 13, 2024, 06:09:13 PM Last Edit: February 14, 2024, 08:29:20 PM by novel
Hello,

I get the internet via wifi. My ubiquiti nanostation is connected as a bridged mode via wifi at my brother's wifi connection then nanostation goes the internet through ethernet port to OPNsense then to my laptop.

If I remove the ethernet cable from OPNsense, then I connected the ethernet cable directly to my laptop the IPV6 works fine. So I thing the problem is from OPNsense.

I post some photos with settings.

    Interfaces: [LAN]    Track Interface
    Interfaces: [WAN]   SLAAC


February 13, 2024, 07:40:40 PM #1
A SLAAC WAN can only provide IPv6 connectivity for OPNsense itself, not for devices in its LANs. You'll need DHCPv6 Prefix Delegation for this, which also needs to be supported by the upstream router.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
February 13, 2024, 08:50:03 PM #2
Quote from: Maurice on February 13, 2024, 07:40:40 PM
A SLAAC WAN can only provide IPv6 connectivity for OPNsense itself, not for devices in its LANs. You'll need DHCPv6 Prefix Delegation for this, which also needs to be supported by the upstream router.

Cheers
Maurice

Thank you for replying

I changed from SLAAC to DHCPv6, with no luck.  DHCPv6 Server not restarting...
February 13, 2024, 08:54:21 PM #3
Does the upstream DHCPv6 server (= your brother's router) support Prefix Delegation and is it configured correctly?
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
February 13, 2024, 08:57:05 PM #4
Quote from: Maurice on February 13, 2024, 08:54:21 PM
Does the upstream DHCPv6 server (= your brother's router) support Prefix Delegation and is it configured correctly?

I don't have access in his router. As I said If I take the ethernet cable then connected directly to my laptop. I have ipv6 connection.

So I thing the answer in you question is Yes . but  as I said I don't have access on his router to see the settings.
February 13, 2024, 09:25:02 PM #5
If you connect your laptop directly to the WLAN bridge, no Prefix Delegation is required - the laptop gets an IPv6 address from your brother's router.
But if you connect the OPNsense WAN to the WLAN bridge and your laptop to the OPNsense LAN, Prefix Delegation is required so OPNsense can provide an IPv6 address to your laptop.

If Prefix Delegation isn't set up on the other router and you don't have access to it, this unfortunately won't work.

If you're desperate, you could configure IPv6 outbound NAT in OPNsense.
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
February 13, 2024, 09:35:40 PM #6
Quote from: Maurice on February 13, 2024, 09:25:02 PM
If you connect your laptop directly to the WLAN bridge, no Prefix Delegation is required - the laptop gets an IPv6 address from your brother's router.
But if you connect the OPNsense WAN to the WLAN bridge and your laptop to the OPNsense LAN, Prefix Delegation is required so OPNsense can provide an IPv6 address to your laptop.

If Prefix Delegation isn't set up on the other router and you don't have access to it, this unfortunately won't work.

If you're desperate, you could configure IPv6 outbound NAT in OPNsense.


Would you like to help me, what are the next steps to configure  IPv6 outbound NAT in OPNsense ?
February 13, 2024, 10:11:24 PM #7
- configure the OPNsense LAN interface with a static IPv6 address, like 2001:db8::1/64
- set the Router Advertisements mode to "Unmanaged"
- enable hybrid outbound NAT rule generation
- create an IPv6 outbound NAT rule for the WAN interface
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
February 13, 2024, 10:38:59 PM #8
Quote from: Maurice on February 13, 2024, 10:11:24 PM
- configure the OPNsense LAN interface with a static IPv6 address, like 2001:db8::1/64
- set the Router Advertisements mode to "Unmanaged"
- enable hybrid outbound NAT rule generation
- create an IPv6 outbound NAT rule for the WAN interface

I did it -->   2001:db8::1/64
I dit --> - set the Router Advertisements mode to "Unmanaged"

What I have to put inside outbound nat rule in wan inteface?? Would you like to show me an example?

February 13, 2024, 10:44:46 PM #9
The outbound NAT rule should work with default settings, you only need to set the TCP/IP version to IPv6.
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
February 13, 2024, 10:50:56 PM #10
Quote from: Maurice on February 13, 2024, 10:44:46 PM
The outbound NAT rule should work with default settings, you only need to set the TCP/IP version to IPv6.

Please look at the photo. Is it correct?
February 13, 2024, 11:06:42 PM #11
Yes, everything visible in the screenshot is correct.
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
February 14, 2024, 08:28:13 PM #12
Quote from: Maurice on February 13, 2024, 11:06:42 PM
Yes, everything visible in the screenshot is correct.

You are GOD! Thank you very much. I solved it.
February 14, 2024, 10:01:48 PM #13
Do I have to enable  "Enable DHCPv6 server on LAN interface" or any other service fro ipv6???
February 15, 2024, 01:56:28 AM #14
DHCPv6 shouldn't be required, most devices support SLAAC (Router Advertisements "Unmanaged" mode).
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
Print
Go Up Pages1 2
User actions