So I read the article Proxmox + OPNsense + IPv6 and OPNsense/PFsense IPv6 and VIPs – VIPs not routable – OVH network and ran into issues getting this to work.
I found that by running `tcpdump -n ip6` on proxmox I could see Neighbor Sollicitation packets but without an answer for the IP address on the OPNsense router. So at that point I could connect to Proxmox over IPv6 but not yet to OPNsense.
So I was wondering what I needed and then found ndproxy and that closed the gap.
You need to do the following additional steps:- Install ndproxy on your OPNsense router as indicated.
- Put the WAN interface in promicious mode.
- Configure the ndproxy:
- Put you OPNsense MAC address in the “Downlink MAC Address” field.
- Copy the IPv6 addresses of the router sending the ‘neighbor sollicitation packets into the “Uplink IPv6 Addresses” field.
- Put your Proxmox IPv6 address (and other IPv6 address that do not need to go through OPNsense in the field “Exception IPv6 Addresses” to prevent OPNsense from stealing them.
- Enable the service and restart the service.
Now you can ping you OPNsense box and all of a sudden get a reply (unless your firewall rules prevent it).
With tcpdump you will now see:
IP6 fe80::fe34:xxxx:xxxx:xxxx > 2001:41d0:XXXX:XXff:ff:ff:ff:ff: ICMP6, neighbor solicitation, who has 2001:41d0:XXXX:XXff:ff:ff:ff:ff, length 32 IP6 2001:41d0:XXXX:XXff:ff:ff:ff:ff > fe80::fe34:xxxx:xxxx:xxxx: ICMP6, neighbor advertisement, tgt is 2001:41d0:XXXX:XXff:ff:ff:ff:ff, length 32
I hope this will help other to get this combination working.
Reacties
Er zijn nog geen reacties op dit artikel.
Feedback