Issues with OPNsense and IPv6 configuration
Issues with OPNsense and IPv6 configuration
Hey there! I see you're working with an Opnsense router behind a double NAT setup. You're trying to connect via IPv6 from outside, but it seems like your router doesn't expose an IPv6 address. Since IPv4 isn't available due to your ISP's configuration, you're exploring DHCPv6 as a workaround. It might help to check if your router supports IPv6 natively or if there are any firmware updates available. Also, consider verifying the network settings on your device to ensure it's using the correct IP address range. Let me know if you need more guidance!
From a quick check of their forums, it seems DS-Lite isn't officially supported on OPNsense and would require some workarounds. It appears they rely on IPv4 CG-NAT and tunneling IPv6 over IPv4 via ISP endpoints. The challenge is knowing the exact IP addresses and allocations, which feels like a tricky workaround. It might be better to use a service like Tailscale for the VPN instead, as it would simplify things rather than forcing you to run it on OPNsense.
DS-Lite setup appears to differ significantly from what my ISP uses. I receive a public IPv6 address but no usable prefix for internal use—this is typical in Japan where DS-Lite is widespread, and there’s no public IPv4 available. Your OPNSense configuration seems similar to 192.0.0.2/32, which would act as the client endpoint for a DS-Lite tunnel and isn’t DHCP-based. I’ve set up OPNSense to manage the DS-Lite connection, but it failed after about 25 minutes and was later removed by updates. I wouldn’t recommend this configuration. Without it, OPNSense can’t reach my DS-Lite ISP, so I’m unsure if it’s actually active on your line. I gave up and installed a FriendlyElec NanoPi R4S running OpenWRT between OPNSense and the ISP, as OpenWRT supports DS-Lite. A simple solution is to add a Tailscale Subnet router inside your local network for easier access.