In the meantime, I have turned my back on the pfSense project and switched fully to OPNSense. The reasons for this are manifold, but first of all I like the interface of the OPNSense much better. Whether you use a pfSense or an OPNSense VM, however, should be completely irrelevant – only the menu items could be found in different places.
Hetzner assigns each dedicated server a /64-IPv6 network, which can be freely routed to its MAC addresses. For this you have to click on the small computer behind the IPv6 subnet in the robot. Here we change the routing to the MAC address of the router VM.
Configuration WAN interface
The configuration of the WAN interface is very simple, so I just want to show a screenshot:
As you can see we are using DHCP6 here and have the IP address for the WAN assigned to us by Hetzner. I needed to restart the VM after enabling IPv6 on the WAN. In the dashboard you can see the newly assigned IPv6 addresses on the WAN interface – in my case this was the fe80::250:56ff:fe00:222c.
The DHCPv6 client configuration (Request only to IPv6 prefix, Send IPv6 prefix hint and Use IPv4 connectivity) has to be set – without these options I had no success.
LAN Interface Configuration
Also here I would like to use a screenshot to show the configuration.
Unfortunately, the OPNSense didn’t always reach me via IPv6, so I puzzled for some time what was going on.
Under System -> Gateways the error was hidden. Here I have adapted the gateway accordingly:
I didn’t set the gateway as default gateway and I entered the static IPv6 address instead of leaving the gateway on „dynamic“ – but the real problem resulted from the missing default gateway.
After finishing the work I restarted the OPNSense and tested the IPv6 availability again: with success.
Configuration of a VM
Finally, I would like to show you how to make a Ubuntu or Windows VM accessible via IPv6 in this setup. I have decided against the use of DHCP6 in the internal network and configure the virtual machines statically.
The configuration of a Ubuntu-/Debian-VM is usual easy to manage. For this we add our IPv6 configuration block to the file /etc/network/interfaces:
iface ens18 inet6 static address 2a01:4f9:2a:129e::2 # freely selectable IPv6 address netmask 64 gateway 2a01:4f9:2a:129e::1 # IPv6 address of pfSense/OPNSense
Pretty simple, isn’t it?
The configuration of the Windows VM is also quite simple for once. Enable IPv6 in the adapter settings, if this has not already been done, and enter the same data there as under Linux:
- Address: freely selectable IPv6 address from the subnet
- Subnet Mask: /64
- Gateway: IPv6 address of pfSense/OPNSense
In both configurations you may have to enter one or more IPv6 name servers in order for the name resolution to work properly.
On the internet you can read many horror stories about the configuration of IPv6 at Hetzner – but if you are occupied with the whole setup the setup isn’t difficult at all in the end and done pretty quickly.
I will be happy to answer any questions or to receive information about my setup. It’s certainly not perfect, I know that, but it works reliably for me, which is why I actually think about it. I’m very happy. If somebody has a good tip for you: please feel free to add it to your comments!