GUI Invalid IPv6 address

Started by millerwissen, May 15, 2025, 05:11:54 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 15, 2025, 05:11:54 PM Last Edit: May 15, 2025, 05:57:18 PM by millerwissen
So I am new to the forum but not to OPNSense/pfSense/m0n0wall etc i'm old enough to remember even that.

My usual deployment for IPv6 for security reasons and having full control is an internal /64 for the LAN properly routed with NAT66 such as:

f999:1:2:3::/64

NAT66 works fine with OPNsense, I've used in many locations without issues just like pfSense.

But in this particular machine is on hetzner which specifically wants a link local gateway for my IPv6 WAN (public ip + link local as gateway) which is fine on pfsense and freebsd in general, all you do is add the link local + scope, for this vm would be: fe80::1%vtnet0 a perfectly valid IPv6 and supported by FreeBSD in this manner.

So why does the GUI persist on giving me this error:

"Dynamic gateway values cannot be specified for interfaces with a static IPv6 configuration.
Invalid IPv6 address"

I have another machine on this same system running another gateway on pfsense and it takes the link local + scope via GUI without issues I would like to migrate to OPNsense but it seems to be 'checking' IPv6s and I really don't want it to do that I just want to disable any IPv6 checks and let me design my network as I please without having to login to SSH and hard force it to work because of some web verification script logic.
May 15, 2025, 07:15:44 PM #1
Shouldn't it work with just the link local address as gateway (aka no scope)?
Hardware:
DEC740
May 15, 2025, 09:01:58 PM #2
Quote from: Monviech (Cedrik) on May 15, 2025, 07:15:44 PMShouldn't it work with just the link local address as gateway (aka no scope)?
I only tested with a quick ping6 to google.com it does seem to be active yes but what doesn't make sense to me is that it outright refuses to take the scope along with the IPv6, now if is taking into account the fact that I picked the interface at the top which it applies to and automatically adds the scope then it's just me not being familiar with OPNsense but it's specifically saying 'invalid' and not 'no scope needed' and I can't seem to find any information about that anywhere.

Though if I add another gateway that is also fe80::1 to another interface then it would probably reject because the ip address already exists?
May 15, 2025, 09:20:47 PM #3
I think since you select interface (=scope), each fe80:: entry should be unique if its on a different interface as gateway.
Hardware:
DEC740
May 15, 2025, 10:02:23 PM #4
Quote from: Monviech (Cedrik) on May 15, 2025, 07:15:44 PMShouldn't it work with just the link local address as gateway (aka no scope)?

Link local addresses always need a scope. How should the system tell which link it is local to without?

In the OPNsense UI on the other hand you just set the gateway LL address without the scope and OPNsense will add it according to the interface you assigned the gateway to. If you look at the routing table afterwards you will see that the scope is present. Just don't put it in the gateway address field. The interface selection takes care of that.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions