dnsmasq and ipv6 config

[OzziGoblin]

that would mean I can't remove isc dhcpv6 or the router advertisement service as it's enabled when tracking is enabled.

So it would seem that dnsmasq is not able to completely replace ISC yet?

[Maurice]

Services: ISC DHCPv6: [LAN interface]: uncheck 'Enable'
Services: Router Advertisements: [LAN interface]: set Router Advertisements to 'Disabled'

[OzziGoblin]

Yip, they are configured exactly like that :-)

But then dnsmasq isn't assigning the ipv6 address is it?

[Maurice]

... and?

[OzziGoblin]

sorry I don't mean to appear rude, but wasn't the point of migrating to dnsmasq to remove dependancy on ISC so it can be removed at the next major update?

thanks

[Maurice]

I don't get your point, sorry.

Services: ISC DHCPv6: [LAN interface]: uncheck 'Enable'

This disables ISC DHCPv6. It stops the service. So there is no more dependency.

[OzziGoblin]

ok, thanks for all your patience with me Maurice, you've been a big help

[muchacha_grande]

Hi OzziGoblin, as we talked earlier I'm reporting my still ongoing migration from ISC DHCP 4 and 6 to Dnsmasq.
I made a first try today and it didn't work as expected. I couldn't make DHCPv6 working as it is with ISC DHCPv6.

My setup is somewhat weird because my OPNSense is behind the ISP router already acting as NAT router with a configured DMZ pointing to OPNSense WAN.
The ISP doesn't allow me to use bridge mode, so this is what I have.

The rare thing is the way I could get IPv6 to work. The ISP assigns a single /64 IPv6, no PD, no nothing. So I'm doing NATv6 and DHCPv6 assigns /80 addresses to local PCs. I chose /80 because I have some VLANs and I had to create different subnets for each one.

This way I have IPv6 /80 networks on each VLAN and it works perfect. Is not the ideal situation because I'm NATing IPv6, but I didn't find a single problem yet in the daily use.

THE MIGRATION:
I could make work the IPv4 part, but I couldn't make DHCPv6 assign an address. It doesn't work. The Dnsmask log says "dnsmask no address range available for DHCPv6".
I tried different RA flags, and even external radvd in assisted mode as the docs says, but still nothing.
One thing I noted is that I can't select other prefix than 64. Higher numbers throws an "integer" error on the GUI and lower values makes Dnsmask to abort at start telling that the prefix has to be at least 64. So the only choice is 64.

With ISC DHCPv6 I have /80 configured as prefix for the assigned addresses on each VLAN.

Well... that's all for now. I'll keep trying...

Cheers

[Maurice]

The ISP assigns a single /64 IPv6, no PD, no nothing.

Is this /64 on-link on the ISP router's LAN interface? Then I'd recommend trying the new os-ndp-proxy-go plugin. It allows you to use the same /64 for the OPNsense LANs and you won't need NAT.

Cheers
Maurice

[muchacha_grande]

Hi Maurice.

Is this /64 on-link on the ISP router's LAN interface?

Yes it is. I saw this plugin recently. I've tested NDP proxy in the past. The no "go" version, and it worked fine on a test router. I'll give this a try.
Do you know if this works fine when there are multiple subnets?

[Maurice]

ndp-proxy-go was developed from scratch by OPNsense OG @Monviech. It's way ahead of ndproxy. And yes, you can use it for multiple LANs. They will all share the same /64, the proxy can handle this.

[Monviech (Cedrik)]

Please also read the documentation:
https://docs.opnsense.org/manual/ndp-proxy-go.html

[muchacha_grande]

Please also read the documentation:
https://docs.opnsense.org/manual/ndp-proxy-go.html

Excellent, thank you, I will.


About, my failed Dnsmask DHCPv6 migration attempt. Do you know have an idea of what could be wrong?

I couldn't make DHCPv6 assign an address on any VLAN. Neither a reserved address nor a dynamic one.