Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Static setting of IPv6 block /64
« previous
next »
Print
Pages: [
1
]
Author
Topic: Static setting of IPv6 block /64 (Read 1193 times)
barneby
Newbie
Posts: 7
Karma: 0
Static setting of IPv6 block /64
«
on:
May 25, 2024, 02:17:25 am »
Hello,
I am trying to setup IPv6 for my OPNsense router. I got a /64 IPv6 block from the provider. I would like to statically set IPv6 on the WAN and LAN interfaces and then assign IPv6 to clients connecting to the LAN using DHCPv6.
I received information from the provider that I should use the block xxxx:xxxx:ffff:1121::/64 and that xxxx:xxxx:ffff:1121::1 is the gateway.
I made the following settings:
Configuring the WAN Interface:
1. Log in to the OPNsense web interface.
2. Navigate to Interfaces > Assignments.
3. Click on the name of the WAN interface.
4. In the Static IPv6 Configuration section, fill in the following:
IPv6 Address: xxxx:xxxx:ffff:1121::5
IPv6 Prefix: 64
IPv6 Upstream Gateway: xxxx:xxxx:ffff:1121::1
5. Click Save and then Apply Changes.
Configuring the LAN Interface:
1. Navigate to Interfaces > Assignments.
2. Click on the name of the LAN interface.
3. In the Static IPv6 Configuration section, fill in the following:
IPv6 Address: xxxx:xxxx:ffff:1121::7
IPv6 Prefix: 64
4. Click Save and then Apply Changes.
Setting Up the DHCPv6 Server:
1. Navigate to Services > DHCPv6 > LAN.
2. Check Enable DHCPv6 server on LAN interface.
3. In the Subnet section, fill in:
Range: xxxx:xxxx:ffff:1121::1000 to xxxx:xxxx:ffff:1121::2000
4. Click Save.
Configuring Router Advertisements (RA) on LAN:
1. Navigate to Services > Router Advertisements > LAN.
2. In the Router Mode section, select Managed.
3. Click Save.
The result is that the client receives the correct IPv6 address from the set range. He also gets a route.
But I can't get to the IPv6 address of the LAN or WAN interface.
At the same time, I cannot reach any IPv6 address on the Internet.
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether bc:24:11:a5:dd:6b brd ff:ff:ff:ff:ff:ff
altname enp0s18
inet 172.16.1.39/24 metric 100 brd 172.16.1.255 scope global dynamic ens18
valid_lft 5461sec preferred_lft 5461sec
inet6 xxxx:xxxx:ffff:1121::11f3/128 scope global dynamic noprefixroute
valid_lft 5459sec preferred_lft 2759sec
inet6 fe80::be24:11ff:fea5:dd6b/64 scope link
valid_lft forever preferred_lft forever
ip -6 route
::1 dev lo proto kernel metric 256 pref medium
xxxx:xxxx:ffff:1121::/64 dev ens18 proto ra metric 100 expires 86394sec pref medium
fe80::/64 dev ens18 proto kernel metric 256 pref medium
default via fe80::1c43:adff:fefb:d3a8 dev ens18 proto ra metric 100 expires 1794sec mtu 1500 pref medium
I have all traffic from the LAN net allowed on the firewall.
Where can the problem be?
Thank you for your help.
Logged
yourfriendarmando
Full Member
Posts: 103
Karma: 8
Re: Static setting of IPv6 block /64
«
Reply #1 on:
May 25, 2024, 09:26:03 am »
Did your ISP give you an address that looks like this?
2001:0000:0000:0000:0000:0000:0000:0000/128
That would be the IP address of the FW itself on your ISP's network.
Also you should have been given some IPv6 addresses for DNS.
Before you make any changes, see if your routing is working just fine:
Trying pinging Google DNS servers from your Router:
Interfaces: Diagnostics: Ping
2001:4860:4860::8888
2001:4860:4860::8844
«
Last Edit: May 25, 2024, 09:43:11 am by yourfriendarmando
»
Logged
barneby
Newbie
Posts: 7
Karma: 0
Re: Static setting of IPv6 block /64
«
Reply #2 on:
May 25, 2024, 10:25:40 am »
Ping from the router works fine.
https://i.imgur.com/R2tOFFR.png
But not from the client.
https://i.imgur.com/oKo8A5w.png
I have the rules for the LAN interface set as follows.
https://i.imgur.com/lIN1DsU.png
Logged
yourfriendarmando
Full Member
Posts: 103
Karma: 8
Re: Static setting of IPv6 block /64
«
Reply #3 on:
May 25, 2024, 12:20:06 pm »
You might check your System Gateways. Sometimes I need to restart or reenable the ipv6 gateway. I think I have disabled gateway monitoring.
Also if you just enabled ipv6, it sometimes costs a full reboot to fully enable it.
Logged
barneby
Newbie
Posts: 7
Karma: 0
Re: Static setting of IPv6 block /64
«
Reply #4 on:
May 25, 2024, 12:47:51 pm »
The gateway is set up like this
https://i.imgur.com/B3XUjLz.png
gateway monitoring is disabled and rebooting doesn't help.
The routes are as follows
https://i.imgur.com/pzhn2hB.png
Also strange is that in DHCPv6 Leases, IPv6 addresses assigned to clients are displayed on the WAN interface. At the same time, I have DHCPv6 configured only for LAN.
https://i.imgur.com/2PDN34J.png
https://i.imgur.com/NVO84qy.png
Logged
barneby
Newbie
Posts: 7
Karma: 0
Re: Static setting of IPv6 block /64
«
Reply #5 on:
May 25, 2024, 02:52:21 pm »
So I now know out where the problem is.
My ISP subnet is already routing. This can also be recognized by the fact that the gateway is in the same subnet as it was assigned to me.
So I can no longer route the subnet on my router. It is therefore necessary to set IPv6 in pass-through mode or ask the ISP not to route the subnet.
Thank you for your help.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Static setting of IPv6 block /64