How to setup ipv6 DHCPv6

[mausy5043]

  If you could just clarify if you're trying to get LAN IPv6 addresses allocated or something else.

What I want to achieve is:
1. The clients on my LAN get issued an IPv4 AND an IPv6 address
2. On every client on my LAN this should work:

Code Select Expand


$ ping6 google.com
connect: Network is unreachable


Code Select Expand


$ ping6 google.com
ping6: UDP connect: No route to host

On OPNsense it already works:

Code Select Expand


$ ping6 google.com
PING6(56=40+8+8 bytes) 2001:985:509c:1:20e:c4ff:DEAD:DEAD --> 2a00:1450:4002:808::200e
16 bytes from 2a00:1450:4002:808::200e, icmp_seq=0 hlim=53 time=20.743 ms


[phoenix]

You need to configure the LAN interface to have a fixed IP address, that will allow you to enable the DHCPv6 server on that interface to allocate IPv6 addresses for your LAN.

[mausy5043]

OK. I now have a fixed IPv6 address configured for the LAN interface:
xxxx:yyyy:zzzz::2/118

On Services > DHCPv6 > [LAN] I now have an available range of
xxxx:yyyy:zzzz:: - xxxx:yyyy:zzzz::3ff

I've entered a Range of:
xxxx:yyyy:zzzz::3 - xxxx:yyyy:zzzz::3f0

No leases are being handed out.

The IPv6 address on the WAN interface is xxxx:yyyy:zzzz:1:20e:c4ff:fed0:9f95
I assume that's okay.

[phoenix]

Do you have the router advertisements service enabled on the LAN interface?

[mausy5043]

Do you have the router advertisements service enabled on the LAN interface?

I do now :-D
Managed, priority: normal

[sigrme2449]

I also have Spectrum/Ex time Warner and I am unable to get DHCPv6 on lan host with OPNsense. However, Openwrt, and PFsense do work and hand out local ipv6 adresses.


using this to test: http://ipv6-test.com/
Also ping6 google.com fails
also ping6 2001:4860:4860::8888 (google dns) fails.
So its nothing related to dns/unbound/dnsmasq, its likely a gateway/addressing issue.

I've also tried mimicking ip wan6 :track  and pointing my RA assisted and making a local dhcpv6 server by overrides, but my understanding of IPv6 IPS and link local and other addressing schemes is limited based on my knowledge/experience. I know ipv6 doesn't use nat, but when I look at my OPENWRT/pfsense IPv6 address/gateway im rather perplexed how to mimic it to work on OPNsense.


Has OP solved his problem? if so what are the steps that you did?
I might consider making a new topic if none replies

[marjohn56]

First things first, are you using 18.7?


What settings did you have in the WAN interface for pfsense, they should be the same for Opnsense.


In the lobby page, are you showing an IPv6 address on the WAN and/or LAN?


Once you give us that information, we can take it further.

[sigrme2449]

@marjohn56 Yes running 18.7, tried 18.1.x (same issue) and on pfsense: 2.4.3

On the lobby pages of both pfsense/opnsense I was given a ipv6 address, however only for OPNsense the IPv6 on the lan side refused to resolve or reach any ipv6 addresses with opnsense. One thing of interest from the OPNsense shell, ping6 was able to work with IPv6 addresses, but not anything on the lan side. It was giving me IPv6 addresses on lan, just refusing to not work with anything IPv6 from the lan

With PFsense everything was configured properly., was able to use IPv6 from the host and lan. Did you need screenshots/config notes from PFsense to tell me what to input?

[marjohn56]

OK, so are you running static IPv6 on the WAN/LAN or dhcp and Track6?


Are all the services showing green?

[sigrme2449]

Im so sorry have wasted your time. The issue isn't with OPNsense but rather on the end user (me). I just googled and found this forum because I assumed the issue was with OPNsense and charter spectrum's ipv6 or OPNsense routing, since my backup worked on PFsense (didnt try it for long just enough to test the website). I tried everything, manually adjusting the RA to assisted with a Lan ipv6 DHCP server, in the config
I got it to work. I feel so dumb.


The solution:
I've deployed this both pfsense and opnsense to a physical machine (athlon II x2) with actual nics, and problem gone. Both receive IPv6.
Now going to deploy opnsense to a Pentium4 i386 with these pci realtek based nics. Probably not the idea candidate, but its a way to recycle old hardware for the time being. Sorry for the long pauses, usb 2.0 is slow on these old machines

My setup was a thinkpad t510 (1st gen intel mobile) with 1g ram allocated to it, and having my hypervisor (proxmox) route the vlans to it and feeding wan ethernet to my switch/router (archer c7 v2) control the switches. This worked with ipv6 and everything as far as i can remember for a while, so I just assumed the firewall when ipv6 failed recently, i'm guessing my PFsense reverting that VM kept some older settings and worked.  I cannot explain why the old backup passed through ipv6 traffic, will investigate further. I know this isn't a Ideal setup, but I don't want to buy a usb dongle for two nics in a mobile laptop, and besides it keeps power $ lower. So I will look for the appropriate help where i find the actual issue with hypervisor/switch setup.

So sorry to have wasted your time chasing around a non existent issue in my OPNsense setup, and thank you OPNsense for being better than PFsense to the devs, and not reverting to the tactics that Netgate often tries on you. At least with your product I can still use my i386 hardware to run the latest versions, real shame what Netgate is forcing users to swallow requiring 64bit and soon AES support.

[marjohn56]

You're not wasting our time. glad you got it working.