My ISP recently made IPv6 available and I’m trying to figure out how to make it work with my network. The setup I have is an OPNsense box connected to my ISP’s router and I’m using it to isolate my homelab from the rest of the network. However, the machines on my OPNsense LAN aren’t being assigned IPv6 addresses that allow them to connect to the internet.
I can ping IPv6 sites from my OPNsense box and I see that it’s being assigned a /64 prefix from the ISP router. If I use my laptop to connect to my ISP’s router, I can visit IPv6 sites just fine as well. My devices in the OPNsense LAN also have IPv6 addresses and can ping each other using IPv6 but not the internet.
Are there special settings that I need to set for OPNsense to make this setup work? I’ve tried reading up on the different modes like SLAAC but I’m not quite grasping the concepts.
Confirm the ipv6 addresses your clients in the LAN are being assigned an ipv6 address within the scope of what your ISP is assigning.
If you are check default routes and firewall rules.
If you aren’t, investigate “router advertisement”.
I did forget to mention that. The IP addresses of the devices on the LAN do not share the same first half of the address as the IP on the ISP router. I have the OPNsense LAN set to track WAN interface, but the DHCP server is stuck saying “No available address range for configured interface subnet size.”. I also noticed that my WAN for OPNsense has a global routable IP starting with 2402 as well as a LLA starting with fe80 but my LAN only has a LLA.
Which routes and firewall rules should I be checking?
If your lan devices only have a fe80, your clients are not receiving a proper router advertisement.
Which routes and firewall rules should I be checking?
Since the OPNsense device is getting a ipv6 address and is able to ping ipv6 devices on the internet.
It sounds like you don’t have ipv6 configured for the LAN. Try enabling “Assisted” mode.
Hey I just had another thought. Do you have your ISP provided router in bridge mode? That would help if you’re not using it for anything else.
If you’re getting a /64 from your ISP via DHCPv6, you likely need to send a prefix hint. I’d guess /60. Then you’ll have multiple /64s to work with on your inside interfaces.
Who is the ISP?
If it’s any use, here are the WAN IPv6 options (auto, manual, or IPv6CP Extension) for the ZTE-ZXHN-F670, it’s set to auto right now:
And these are the available LAN settings:
I’m located in Vietnam; the ISP is Viettel (probably not useful information, but hey, why not).
Is it possible to send the hint from OPNsense itself? I mentioned in the original post that OPNsense is behind the ISP router (ZTE-ZXHN-F670) which I kind of don’t want to touch due to the fact that the terminology is quite different and that the ISP people come over to run tests on it whenever there are service issues. Either way, I’ve already tried to search through the settings and couldn’t find any options for setting the prefix hint on the WAN side. I’m open to digging though those settings again if you’re familiar with the router.
Is it possible to send the hint from OPNsense itself?
Yes, to me it sounds like you’re already getting a big enough prefix from your ISP (all devices getting a /64), but you’ll have to request a bigger prefix from OPNsense. I believe it should give you the options to do this when you set the IPv6 mode to DHCPv6 on OPNsense, but I can’t say if your ISP router will handle it.
