IPv6 access to site behind OpnSense

cn flag

I am new to IPv6. I have dedicated server with both IPv4 (single external IP 135.x.y.z) and IPv6 network 2a01:abc:def::/64).

Within this server I have few VMs and 2 networks (WAN and LAN).

OpnSense connected to both WAN (135.x.y.z) and LAN (

There is also VM with WebServer (connected to LAN

And other VMs in LAN (192.168.1.X) In DNS I have A record site.domain.tld A 135.x.y.z.

At OpnSense I also setup NAT port forwarding for 80 and 443 to WebServer VM (

IPv4 works perfectly.

Now I want to enable IPv6. At OpnSense WAN adapter I added static IPv6 address from ISP network (2a01:abc:def::2).

It is reachable and pingable from outside (Internet).

But what should I do with my LAN servers?

What should write to site’s DNS AAAA record?

Ron Maupin avatar
us flag
The `/64` network may be the transit network, and your ISP should delegate something like a `/48` prefix from which you get 65,536 `/64` networks. Use those networks for your servers and route on the router. Be sure your firewall is properly configured to allow the necessary ICMPv6.
cn flag
Maximum they give is /64
Ron Maupin avatar
us flag
That is only for residential networks, not business networks.

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.