Wrong IPv6 delegations for WAN

Started by Anchor, March 11, 2025, 09:51:43 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 11, 2025, 09:51:43 PM Last Edit: March 11, 2025, 11:28:34 PM by Anchor
Hello,

So i did read a little around on different posts here, but the most that seem most like my issue i have found in pfsense forum today and i don't think i can even post here.

After another clean reset i have set without any issues at all my Chinese firewall appliance (N100 SBC with four Intel rj45), using Stalink in bypass mode, don't know if is for the updates or if my NIC was been drunk.

The strange part is i wasn't even able to access it from LAN, when i have set Starlink to operate as NOT bypassed, i didn't made any rule to accept Starlink IP ranges this time since everything was working, only recommendations of RFC 4890, that also strangely, are not all or present or maybe with different names, but i was able to access the OPNsense from my phone that rely on another network behind an openWRT access point in that configuration. So i gave up even if i am still interested to leave their modem before the Firewall to use old IoT devices that can't be connected using WPA3.

This was a little of my issues encountered over the time, but now the issue that i need to resolve as the title says, is that Starlink give correctly a /56 delegation, but when it goes on OPNsense everything goes on 64, i don't know if could just be something related to the equations for the amount of all the others delegations because i am not good to make calculations, or if some misconfiguration, as i said the RFC 4890 is compiled correctly as mentioned, i recently needed to set the DHCP6 manually because is a little tricky to let DNS6 work without setting it, but other then this i don't know what else i could try.

Also I forgot to mention that after trying to left the Starlink router without bypass the IP range on LAN are became as the delegations of their router (192.168.1.100 instead 192.168.1.10~), but for this I can't be sure at 100% because of the reboots, anyway after installed latest update I'm still on this segment even if should end using a Mac to do those things because I can't never be really sure about things like that.

Thank you.
March 12, 2025, 10:29:41 AM #1
What does "everything goes on 64" mean? /64 is the standard prefix length for a LAN subnet. If you create multiple (V)LAN's, each should get its own /64, allocated from your /56 delegation.
March 12, 2025, 11:38:23 AM #2 Last Edit: March 12, 2025, 11:55:55 AM by Anchor
Quote from: dseven on March 12, 2025, 10:29:41 AMWhat does "everything goes on 64" mean? /64 is the standard prefix length for a LAN subnet. If you create multiple (V)LAN's, each should get its own /64, allocated from your /56 delegation.

Hi there,

I'm sorry but i don't think i fully understand what you mean,

when i set previously my NIC with opnsense first time with starlink and giving /56 of allocation, it also gave /56 addresses, how it works on every router... or i'm missing something?
March 12, 2025, 11:39:20 AM #3
What do you mean by "gave /56 address"? What exactly do you expect to see? What exactly do you actually see?
March 12, 2025, 11:57:59 AM #4
Quote from: dseven on March 12, 2025, 11:39:20 AMWhat do you mean by "gave /56 address"? What exactly do you expect to see? What exactly do you actually see?

I mean WAN was replying 56 addresses allocations,

If i set the WAN interface for 56, and the Starlink is giving 56 as showed in Overview, why i should expect to see/have 64?
March 12, 2025, 12:04:26 PM #5
The /56 is a delegated prefix. It is handed to your router (by the ISP) to do with as you please. The WAN interface itself *may* get a separate IPv6 address, from a different prefix (*not* part of the /56).

Go to Interfaces > Overview, and click on the "Details" (magnifier icon) button, and look for "Dynamic IPv6 prefix received", as well as "IPv6 Addresses". What do you see?
March 14, 2025, 02:10:06 PM #6 Last Edit: March 14, 2025, 02:15:23 PM by Anchor
Quote from: Anchor on March 12, 2025, 11:57:59 AM
Quote from: dseven on March 12, 2025, 11:39:20 AMWhat do you mean by "gave /56 address"? What exactly do you expect to see? What exactly do you actually see?

I mean WAN was replying 56 addresses allocations,

If i set the WAN interface for 56, and the Starlink is giving 56 as showed in Overview, why i should expect to see/have 64?

Seems like i have been told, anyway i will say it again, the Starlink hardware gives /56.

Maybe i should follow this post?

https://forum.opnsense.org/index.php?topic=46201.0

Also, if i want leave their router without bypassing it, why shouldn't work by itslef? i need to accept ICMP also on IPv4 to make it work?

Thanks again
March 14, 2025, 02:37:45 PM #7
Quote from: Anchor on March 14, 2025, 02:10:06 PMSeems like i have been told, anyway i will say it again, the Starlink hardware gives /56.

That means Starlink delegates a /56 to your OPNsense. Still every single interface of your OPNsense with IPv6 active must have a /64 prefix length. You get a /56 so you can configure up to 256 interfaces.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 14, 2025, 06:43:22 PM #8
Quote from: Patrick M. Hausen on March 14, 2025, 02:37:45 PM
Quote from: Anchor on March 14, 2025, 02:10:06 PMSeems like i have been told, anyway i will say it again, the Starlink hardware gives /56.

That means Starlink delegates a /56 to your OPNsense. Still every single interface of your OPNsense with IPv6 active must have a /64 prefix length. You get a /56 so you can configure up to 256 interfaces.

Thanks for the reply,

So thats mean i should no care about my 64 delegation?

Because the only way to see Starlink gives /56 is in the overview, but the interface is getting /64 like any other interface.

Also if someone else got it working without putting it in bypass mode and if i need to enable some outbound NAT rules to make it work since would be in double NAT if not set as bypassed.
March 14, 2025, 06:54:13 PM #9
Delegation = entire address range you get for all of your network.
Interface prefix length: always /64 with the possible exception of point to point links, but never /56.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 04, 2025, 11:20:53 PM #10
Never 56 so I used a bigger number.

BTW, after resetting it I was able even to set the starlink not in bypass mode and have it working, how should be.

Now the problem is that after the last update seems, I can't get ipv6 addresses working anymore, I think I tried everything.
April 05, 2025, 01:47:32 PM #11
I am only getting an fe80 private address, even if addresses are shown in Overview, i don't know if this a behavior can be dictated by new updates and the radious that need to be updated or there is something wrong with my starlink modem and i should try to set it as not bypassed
April 05, 2025, 02:34:03 PM #12 Last Edit: April 05, 2025, 09:46:21 PM by Anchor
I was trying to set delegations to 64 as is shown on the Overview and since no delegation was shown for my selected one, and NTP is dead, also after a reboot, no package to try reinstall?

daemon child died with signal 11    unable to create socket on igc1 [xxxx:xxxx:;; bind(28) AF_INET6
lags 0x11 failed: Address already in use


***UPDATE****

Despite the socket bind and in use and my others issues with time synchronizations, there is obviously something on my connection, or between me and starlink services, or more likely between me and my country, before starlink, or better say "between" me and starlink, after a while ipv6 are going disappeared... even using their modem...

NOICE.
Print
Go Up Pages1
User actions