Skip Navigation

Help with IPv6

My ISP recently made IPv6 available and I'm trying to figure out how to make it work with my network. The setup I have is an OPNsense box connected to my ISP's router and I'm using it to isolate my homelab from the rest of the network. However, the machines on my OPNsense LAN aren't being assigned IPv6 addresses that allow them to connect to the internet.

I can ping IPv6 sites from my OPNsense box and I see that it's being assigned a /64 prefix from the ISP router. If I use my laptop to connect to my ISP's router, I can visit IPv6 sites just fine as well. My devices in the OPNsense LAN also have IPv6 addresses and can ping each other using IPv6 but not the internet.

Are there special settings that I need to set for OPNsense to make this setup work? I've tried reading up on the different modes like SLAAC but I'm not quite grasping the concepts.

16

You're viewing a single thread.

16 comments
  • I'm no expert on IPv6 but here's how I did it on my OPNsense box:

    • Activate IPv6 on your WAN interface (probably already done)
    • Activate IPv6 on the LAN interface, use Track interface on IPv6, track the WAN interface and choose a prefix ID like 0x1
    • Activate DHCPv6 under Services -> ISC DHCPv6 for your LAN interface (you can shorten the range like ::eeee to ::ffff, you don't have to type the full IP)
    • Activate Router advertisments under Services -> Router Advertisments for your LAN interface (set Advertisments to Managed and Priority to High

    After that your DHCP server should serve public IPv6 addresses inside of your prefix and clients should be able to connect to the internet.

    A few notes:

    • Don't forget to add an allow rule for IPv6 on your LAN as well if you only have one for IPv4
    • Repeat the steps above for every VLAN you have, always use a different prefix ID
    • You don't have to use NAT rules with IPv6 anymore and can just directly add a regular firewall rule to WAN with the target IP and port and you are done
    • Make sure you don't have any of the various "Disable IPv6" toggles enabled, there's a few in the firewall settings and general settings for example
16 comments