-
-
Save MCterra10/7e3930e54db0be10f42dd999e3263560 to your computer and use it in GitHub Desktop.
| #!/bin/sh | |
| # save previous working directory to preserve state | |
| PWD=$(pwd) | |
| # download the opnsense OS source | |
| echo ">>> Downloading OPNsense Source Code..." | |
| rm -r /usr/src | |
| git clone --recurse-submodules https://github.com/opnsense/src /usr/src | |
| cd /usr/src | |
| # Download the freebsd ports repo and get ready to build | |
| echo ">>> Downloading FreeBSD Ports Repository..." | |
| rm -r /usr/ports-upstream | |
| git clone --recurse-submodules https://git.FreeBSD.org/ports.git /usr/ports-upstream | |
| cd /usr/ports-upstream/net/ndproxy | |
| # build and install ndproxy again | |
| echo ">>> Building and Installing ndproxy..." | |
| make clean | |
| make install | |
| echo ">>> Done. Cleaning Up..." | |
| # restore PWD | |
| cd $PWD |
@MCterra10 I just set the LAN interface address to one of the /64 ranges and enabled DHCPv6, everything seems to be working now and I got 10/10 on test-ipv6.com. What kind of caveats do you recall? Thanks again for the help :)
Sorry for over half a year to reply; the issues I was having is that the ndproxy module has no ability to set a network whitelist; it will respond to ALL neighbor discovery packets on the interface, regardless of whether you are actually using those addresses or not. Because my hosting provider OVH implements IPv6 horribly, I actually receive ND packets for other people's servers, and ended up inadvertently performing a router hijack on their servers 😂
Because of that I had my server shut off a couple of times, and was forced to start using a NAT setup instead, which is horrible but at least my server stays on.
Thank you!
EDIT: Seems to work only if your WAN IP is not changing.
I got it to work also with that.
My setup and config for someone else with same issue, but please note that I have no idea what I'm doing:
I use DNA 5G with ZTE MC7010 in bridge mode.
WAN:
IPv6 Configuration Type -> DHCPv6
Prefix delegation size -> 64
Request prefix only -> Unchecked
Send prefix hint -> Unchecked
LAN
IPv6 Configuration Type -> Static
IPv6 address -> Based on WAN IP for example WAN IP is A:B:C:D:E:F:G:H/64 I have -> A:B:C:D::1/64. No idea about that why I did that but I'm afraid to change.
RA LAN
Router Advertisements -> Assisted
Router Priority -> High
Advertise Default Gateway -> Check
ISC DHCPv6: [LAN]
Enable -> Check
Range -> A:B:C:D::100 - A:B:C:D::FFFF
My ndproxyconf:
net.inet6.ndproxyconf_uplink_interface: -> re0
net.inet6.ndproxyconf_downlink_mac_address: -> LAN MAC
net.inet6.ndproxyconf_exception_ipv6_addresses: -> LAN Local IPv6;WAN Local IPv6
net.inet6.ndproxyconf_uplink_ipv6_addresses: -> WAN Local IPv6;Gateway (WAN) local IPv6
Save.
Now when i refreshed my IP on windows PC I noticed it came up to WAN interface in ISC DHCPv6 Leases. But then I rebooted the opnsense and everything just started to work. And the same MAC came to LAN interface in same page.