Hello,
I followed the following guide: https://blog.firewallonline.nl/how-to-en-tutorials/xs4all-pfsense-opnsense-ipv6/
But I don't get an IPv6 IP on my WAN interface. Somehow it seems DHCP not handing out an IP to my router. Any ideas how I can force a lease?
Thanks
Beste antwoord door wjb
Bekijk origineel
I don't even want an IPv6 address on my WAN interface as long as the LAN interfaces on my router and devices on my network get IPv6 addresses.
Do your devices get an IPv6 address?
Edit: I see that you got an IPv6 Prefix so everything seems to be fine.
Yeah, but if I don't get a IPv6 IP on the WAN interface, I don't really have IPv6 connectivity.
I do get an IPv6 IP on my device though. What's missing then?
You don't need an IPv6 address on the WAN interface of your router.
The screenshot in this topic is of my EdgeRouter and as you can see, i have no IPv6 address on my WAN/pppoe interface.
I do however get a score of 20 out of 20.
Did you assign a /64 prefix to your LAN interface?
Do you use slaac to "assign" IPv6 addresses to your devices?
Edit: That fe80 address is a local IPv6 address and not the global IPv6 address which starts with 2a02.
Thanks for your reply, very informative 
I did not know that my WAN interface didn't need an IPv6 IP. I'm pretty good at knowing my way around IPv4, but IPv6 is new to me :)
On my LAN interface, I'm using "track interface", and I'm tracking WAN. This is just according to the guide above.
I have no experience with opnsense but when you share screens it should be possible to find the cause.
I assume you don't block multicasts on your local network as slaac needs router advertisements which are multicast messages.
Can you select the WAN interface for tracking?
Is the pppoe connection one of the options?
No, I'm not blocking multicast. I'm already taking WAN. There was a typo on the previous post.
I'm not using SLAAC on the LAN interface. I tried that as well, didn't help.
I'm already taking WAN.
What other options do you have?
Is there an option pppoe as well?
I'm not using SLAAC on the LAN interface.
You must use slaac on your LAN interface in order to provide the /64 prefix through router advertisements to your devices.
Can you provide screenshots of the IPv6 setting for your LAN.
I'm already taking WAN.
What other options do you have?
Is there an option pppoe as well?
I'm not using SLAAC on the LAN interface.
You must use slaac on your LAN interface in order to provide the /64 prefix through router advertisements to your devices.
Can you provide screenshots of the IPv6 setting for your LAN.
There's no PPPoE for IPv6 config on LAN. I have tried SLAAC and Tracking WAN. Both don't give me working IPv6.
Here's the screenshot.
If you use "Track Interface" and then reboot your router does your LAN interface then have an IPv6 address starting with 2a02?
Yes.
Okay weird. Now with track interface WAN, it shows up IPv6 support 🤷
But thanks for your help! Now I get a score of 18/20 with ICMP filtered. I think I just need a firewall rule to fix that?
That looks fine.
I however see that you use a MTU size of 1500 on the LAN where the MTU size on the pppoe connection is set to 1492.
For kpn you can use a MTU size of 1500 on the pppoe interface.
Okay, I'll set MTU of 1500 on PPPoE. It should be possible to manually configure router advertisements on opnsense as well.
Now I get a score of 18/20 with ICMP filtered. I think I just need a firewall rule to fix that?
Correct, just allow icmpv6 echo requests to pass the firewall on the device.
Now I get a score of 18/20 with ICMP filtered. I think I just need a firewall rule to fix that?
Correct, just allow icmpv6 echo requests to pass the firewall on the device.
Yeah, that fixed it. Now getting 20/20! Thanks a lot for your help :)
Hello
One last query. Is this correct for router advertisements? My android device seems to drop IPv6 gateway. RA was disabled before. I've now set it to unmanaged.
Check on your PC if the IPv6 DNS servers are configured.
If they are not configured you need to provide them through the router advertisement by either configuring them on this page or tagging the Use DNS settings of the DHCPv6 server.
The other options look fine to me but please check the opnsense documentation.
Also check the configuration of the IPv6 firewall on your router as you don't want your devices to be accessible from the internet.
RA: You might want to change the advertisement type to “Managed” or “Assisted”
No IPv6 WAN IP: In the screenshot you’ve been assigned a very large range of addresses. KPN has delegated the assignment to you (your router can hand out addresses in this range). Clients on the LAN side will get an address in this range and when they request things from the internet that client address is the origin (not the routers IP like in IPv4). All your IPv6 traffic is routed through your IPv4 PPPoE connection.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
