Set up OPNsense on Unifi and just thought might as well share the process.


Go to Interfaces > Other Types > VLAN
Parent Interface > select WAN port, VLAN tag 500.


Go to Assignments > under WAN select vlan500 on (WAN port)


Go to [WAN] > ipv4 = PPPoE, ipv6 = DHCPv6. under PPPoE configuration, enter your Unifi username and password.
Scroll down under DHCPv6 client configuration, check
> Request only an IPv6 prefix
> Prefix Delegation Size 64
> Send IPv6 Prefix Hint
> Use IPv4 connectivity
edit NOV 2022


Go to [LAN] under IPv6 configuration type > Track Interface.
Track IPv6 interface > select WAN.
to use NDP, check [Allow manual adjustment of DHCPv6 and Router Advertisements]
then go to [Services] > Router Advertisements. select Stateless for Router Advertisements

May have to reboot system to bring DHCPv6 server up and running.

enjoy

This post has been edited by papyrous: Nov 4 2022, 08:15 AM

Prefer pfsense.

Take note that iOS and Android dislike DHCPv6 Server, your phone wont received IPv6, it's advisable to use NDP instead

iOS works fine for me with DHCPv6. I can't get SLAAC to work.

What is NDP ?

Thanks for the guide. Just started with this new company and they asked me to look into Opnsense and test it around.

Will keep this guide in my personal notebook.

neighbour discovery protocol

is like DHCP, either randomly generated or using EUI64 (MAC Address as IPv6 Address)

IPv6 has 2 type to hand out Address:
1. DHCPv6
2. NDP

DHCPv6 akin to IPv4 DHCP. Router are responsible to giving out address that you set.

NDP is different. Device ask router prefix and set own address either Randomly or EUI64.

EUI64 is Extended Unique Identifier, it using device MAC Address as IPv6 Address, good for Device Service like Printer & Server, NDP play well with EUI64, this way you can have Static IPv6

Plus, EUI64 + Link Local IPv6 will make your life easier, no matter what router/switch you choose or change, you still can connect without set anything.

I been using EUI64 + Link Local IPv6 on DBKL HP Printer, when they move other place, no need to configure even on new Router/Switch

EUI64 like Pendrive, Plug n Play.

updated to use NDP for ipv6

Anyone tested for Maxis fibre with the above ipv6 configuration? Currently I am using Opnsense as well but without ipv6.

i tested with maxis fibre
ping on opnsense diagnostic ipv6 works but when check on ipv6 test site not working

I see, I have another box coming in next week and will test it out. Thanks for the information.

this sounds like whichever client you’re testing on isn’t getting the ipv6 address handout from Opnsense

For most unifi users, a firewall adds no value.

The vast majority of security breaches are man-made. Like clicking on that link that says you have won a grand prize.

haha ya it's me my dhcpv6 services never enable
work fine now

edited got ipv6 tag in my post now

This post has been edited by kenjixx: Nov 4 2021, 08:01 PM

May I ask what kind of box you are using? Thinking to get one to install, but I cannot find it. At least can do hardware encryption for testing ipsec.

Currently I'm using 6 lan ports i5-7200u mini pc which bought from taobao 2 years back, actually it's too powerfully for my needs, iperf test with IPS enabled getting max throughput around 940Mb and cpu max @60%. I'm getting a J4125 4 lan port mini pc now for another project from taobao also, it's cheaper but there is a risk if want to claim warranty, seems like it's impossible to send back the item for warranty claim.

This post has been edited by erict68: Nov 5 2021, 09:01 AM

similar situation. i got a 6 port i5-8250u. hardly break a sweat.
so running Opnsense in Proxmox as a VM, add on a couple
of things on the same box as home server.

where can i buy it? i am lazy to find a mini pc then have to buy another pcie network card for additional ports. prefer one come with the ready made additional ports

I bought from taobao, here is the link https://detail.tmall.com/item.htm?id=612335...d=4736682625948
More products on their main page: https://cnction.tmall.com/index.htm?spm=a22....553b640aDHONHI
I'm using 3rd party forwarder to get it shipped to here.

This post has been edited by erict68: Nov 5 2021, 07:05 PM