dnsmasq and ipv6 config

[OzziGoblin]

Hi

I've been able to migrate to dnsmasq but there are some IPv6 settings I'm confused about.

I have been assigned a /48 IPv6 address by my ISP, it's segmented this into various /64s for each interface in OpnSense.  Each interface is configured with IPv6 Configuration Type of "Track Interface"  WAN as the parenjt address.
I used to use Router Advertisements, but I've been able to stop using that with the use of dnsmasq ranges, see below.



The question is, what setting do I need on each network interface for IPv6 Configuration Type, testing reveals I can disable it, but I'm not sure if that is correct.

Thanks for your help

[sifrmoja]

The official guide for IPv6 goes through setting up exactly what you are doing. What exactly are you struggling with?

[OzziGoblin]

Hi

Basically, if I'm using dnsmasq ipv6 RA modes to assign ipv6 addresses, do I need the setting enabled on the network interface to track the WAN and what should it be?

ATM each client is getting 2 ipv6 addresses, one seems to be from dnsmasq and the other appears be from the network interface

thanks

[sifrmoja]

Is the second one the privacy address? They both appear to be on the same /64.

Edit: it appears you are using DHCPv6 to send out client IPs as well as SLAAC. You should only use DHCPv6 for prefix delegation and maybe DNS server information.

[OzziGoblin]

Thanks, I think it's because I followed the instructions and used slaac,ra-names in dnsmasq.

[OzziGoblin]

In the end I've reverted to snapshot, I can't figure out the required IPv6 DHCP settings if not using ISC and RA.

Hopefully I can continue using ISC until I can get it working in a lab and then put into my system

[Monviech (Cedrik)]

Either you configure the IPv6 statically, or you use track interface and use the dnsmasq constructor, pointing each DHCPv6 range to the interface it should construct the RAs from.

E.g. this example works when having LAN on "Track Interface" /or/ a static IPv6 address

https://docs.opnsense.org/manual/dnsmasq.html#dhcpv6-and-router-advertisements

[muchacha_grande]

You can use the following guide as an additional source:

https://homenetworkguy.com/how-to/migrate-from-isc-dhcp-to-dnsmasq-or-kea-dhcp-in-opnsense/

I'm studying the migration right now as I'll be moving to dnsmasq in the following days.

[OzziGoblin]

Thanks, I did follow this guide

I'll be interested to hear how your migration goes, specifically around the interface IPv6 settings (tracking vs dhcp vs slaac) and the dnsmasq IPv6 dhcp ranges and their RA modes. Also whether you were able to completely remove ISC and dependancy on the seperate Router Advertisement service, as it's built into dnsmasq.
If you'd be willing to share how you went it would really be appreciated.  After spending too many hours researching, implementing and testing I wasn't able to get IPv6 working without duplicate addresses being assigned and Testipv6 failing so just reverted.

thanks

[OzziGoblin]

Right here is an update on the second migration attempt...

I have IPv4 working
IPv6 addresses are being assigned from the interfaces, which are set to track the wan. 
However, there are no IPv6 leases being registed in dnsmasq.  The only way I am able to get the leases registed is if I enter start and end IPv6 addresses, which adds an EXTRA IPv6 address to each device.

here are the settings on the DHCP range that I'm applying (can't seem to include an image for some reason?)

start address ::3000
end address ::4000
constructor - same as Interface
RA Mode slaac, ra-names
Domain Type - Interface

With the above configured, I get  the IPv6 address registed which looks something like this - xxxx:xxxx:c3ca:dd30::33cc

on the client I have the following now

DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  IPv6 Address. . . . . . . . . . . : xxxx:xxxx:c3ca:dd30::33cc(Preferred)        EXTRA IPv6 Address  ************
  Lease Obtained. . . . . . . . . . : Friday, 7 November 2025 11:28:33 AM
  Lease Expires . . . . . . . . . . : Friday, 7 November 2025 11:33:33 AM
  IPv6 Address. . . . . . . . . . . : xxxx:xxxx:c3ca:dd30:1a5d:5283:b231:d91a(Preferred)
  Link-local IPv6 Address . . . . . : xxxx::xxxx:xxxx:f53a:fe3d%3(Preferred)
  IPv4 Address. . . . . . . . . . . : 10.0.30.2(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Lease Obtained. . . . . . . . . . : Friday, 7 November 2025 11:30:25 AM
  Lease Expires . . . . . . . . . . : Friday, 7 November 2025 11:35:24 AM
  Default Gateway . . . . . . . . . : xxxx::xxx:xxxx:fe01:82c6%3
                                      10.0.30.1
  DHCP Server . . . . . . . . . . . : 10.0.30.1
  DHCPv6 IAID . . . . . . . . . . . : 194570051
  DHCPv6 Client DUID. . . . . . . . :
  DNS Servers . . . . . . . . . . . : xxxx:xxxx:c3ca:dd30:2e2:59ff:fe01:82c6
                                      10.0.30.1
                                      xxxx:xxxx:c3ca:dd30:2e2:59ff:fe01:82c6
  NetBIOS over Tcpip. . . . . . . . : Enabled

Does anyone know how to resolve the IPv6 address registration issue and remove the extra address?

thanks

[Maurice]

Two addresses is what you configured - one SLAAC address and one DHCPv6 address.

If you want only DHCPv6, remove 'slaac' from RA Mode.

If you want only SLAAC, remove 'slaac', add 'ra-stateless' and remove start / end address.

[OzziGoblin]

Hi Maurice

Thanks for the help.

I'd like to remove all dependancies on the old ISC, so I've removed DHCP6 from the interface.  I'm now only left with the dnsmasq config.
I've tried the suggestions you've given me, but I don't get an IPv6 address on that interface anymore.

Just to clarify, I specifiy the same interface for the constructor?
And should the WAN interface still be set to DHCPv6 and if it changes what should I set it to SLAAC?  My ISP supports slaac and I currently get a /48 via DHCPv6.
thanks

[Maurice]

I don't get an IPv6 address on that interface anymore.

The interface itself doesn't get an IPv6 address? That would be unrelated to the Dnsmasq settings.
Or clients connected to that interface don't get IPv6 addresses? Then Dnsmasq isn't configured correctly. Did you enable Router Advertisements in its general settings?

And should the WAN interface still be set to DHCPv6

Yes. That's the DHCPv6 client, unrelated to the Dnsmasq DHCPv6 server.

[OzziGoblin]

Unfortunately I'm not having any success with this.

Router Advertisements in general settings is enabled, although I didn't believe this was required if configured on each interface, when reading the help for the setting.
WAN interface IPv6 is set to DHCPv6
LAN Interface IPv6 configuration is set to none, so no entry available for ISC DHCPv6 or Router Advertisements.

Re the DNSMASQ RA configuration I've tried all the options and no IPv6 address is assigned to the client.

I'm starting to think that dnsmasq is incapable of assigning an ipv6 address to the clients.

Where am I going wrong?

[Maurice]

LAN Interface IPv6 configuration is set to none, so no entry available for ISC DHCPv6 or Router Advertisements.

The LAN interface obviously must track the WAN, otherwise it won't have an IPv6 address and Dnsmasq can't construct a range.