DNSmasq as DHCP giving all VLANs IPV6 PrefixID to wifi clients

[lox]

Hello,

I have switched from ISC to DNSMasq. I have a few VLANs.

- I get a /48 from My ISP so each VLAN gets a /64.
- The LAN is configured with PrefixID of 0 and InterfaceID of 1
- Each VLAN as its own PrefixID and InterfaceID of 1
- RA is set as assisted/normal/automatic for each interface
- Each IPV6 DHCP range in DNSmasq is ::dddd:0:0:0 - ::dddd:ffff:ffff:ffff

I have a wifi access point that tags VLANs for the different SSID (one SSID per VLAN). It works well for IPV4.

Wifi devices that connect to LAN and not support DHCPV6 do get SLAAC IPV6 with the proper PrefixID, but they do slowing get IPV6 for all VLANs PrefixID over time (a few minutes) !

What am I doing wrong ?

I have no such issue with DHCPv4 and Ethernet devices supporting DHCPv6 (get both SLAAC and DHCPv6 IPs with the proper PrefixID). May it be because LAN traffic isn't tagged ? How could I prevent that from happening ?

[lox]

There is a serious issue with Services > Router Advertisements.

I have a Guest VLAN with captive portal and IPV6 Disabled but when I connect to it, I get a proper IPV4 from the VLAN network, but I also get an IPV6 from the LAN's IPV6 network !

Please help !

[Monviech (Cedrik)]

Please ensure your setup follows the best practices outlined here:

https://docs.opnsense.org/manual/how-tos/vlan_and_lagg.html

You probably leak multicasts/broadcasts due to tagged and untagged vlans on same interface.