New features

[sopex8260]

What are some neat features you would like to see on opnsense?

[nero355]

The recent talk about a "Favorites" feature is pretty much all I need so far :)

I would then create sub-folders for each Network/VLAN and add the corresponding settings into each of them.

[OPNenthu]

Some improvements toward IPv6 quality of life:

1) Ability to add static IPv6 address on interfaces in addition to DHCPv6-PD.

Why: As we move closer to IPv6-only or IPv6-mostly networks we need to maintain stable internal IPv6 connectivity even when the prefix on WAN is lost.  To do that, we can assign ULAs in addition to the GUA prefix and we can distribute both with RAs (preferred over DHCPv6 for modern clients).

Currently, OPNsense drops the ULA VIP when WAN is lost: https://github.com/opnsense/core/issues/10048#issuecomment-4141350758


2) Expand Dnsmasq to auto-register discovered SLAAC addresses in DNS.

Why: Modern clients use privacy extensions which makes them untrackable in OPNsense and also unaddressable on the network except in case of IPv4 or static assignment with DNS host entry.

The hostwatch db can be used to find new privacy addresses on a short interval (configurable).


3) Add an option to suppress prefix deprecation RAs (with PreferredLifetime=0) being sent unless the prefix is not seen again on WAN after some configurable amount of time (e.g. 5 minutes).

Why: ISPs love to reboot customer modems for firmware updates and weekly maintenance, or users may need to temporarily take equipment offline.  Clients receive the RA to deprecate the prefix, and then they dutifully follow the RFC guidance which says they should not use that prefix anymore.  The result is that SLAAC breaks and temporary addresses are no longer generated until and unless a new prefix is seen.

This one is a bit nasty and would require OPNsense to track the state and keep a timer for re-transmitting the suppressed RAs, but I see no alternative for fixing this realistically.