opnsense · Monviech · Jan 19, 2026 · Jan 14, 2026 · Jan 14, 2026 · Jan 14, 2026
diff --git a/source/manual/dhcp.rst b/source/manual/dhcp.rst
@@ -16,6 +16,11 @@ There are different DHCP servers/relays to choose from:
     - :ref:`Dhcrelay <dhcrelay>`
     - :ref:`ISC <isc-dhcp>` (EOL)
 
+For DHCPv6 these services can offer Router Advertisements:
+
+    - :doc:`radvd </manual/radvd>`
+    - :ref:`Dnsmasq <dnsmasq-dhcp>`
+
 .. _dnsmasq-dhcp:
 
 

diff --git a/source/manual/radvd.rst b/source/manual/radvd.rst
@@ -2,13 +2,84 @@
 Router Advertisements
 ==========================
 
+.. contents:: Index
+
+
 radvd (the service responsible for this functionality) is the router advertisement daemon for IPv6.
 It listens to router solicitations and sends router advertisements as described in
 "Neighbor Discovery for IP Version 6 (IPv6)" (`RFC 4861 <https://tools.ietf.org/html/rfc4861>`__).
 With these advertisements hosts can automatically configure their addresses and some other parameters.
 It also defines "Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)"
 (`RFC6775 <https://tools.ietf.org/html/rfc6775>`__).  They also can choose a default router based on these advertisements.
 
+.. Attention::
+
+      :doc:`Dnsmasq </manual/dnsmasq>` is the default RA daemon in new installations, deactivate its *Router Advertisement*
+      setting if you want to use radvd.
+
+-------------------------
+General Settings
+-------------------------
+
+The service can be configured in :menuselection:`Services --> Router Advertisements`.
+
+.. tabs::
+
+    .. tab:: General Settings
+
+        ========================================= ====================================================================================
+        **Option**                                **Description**
+        ========================================= ====================================================================================
+        **Enabled**                               Enable or disable this entry. If "Track Interface (legacy)" is used, an existing
+                                                  disabled entry will also deactivate advertisements on that interface. Alternatively,
+                                                  switch to "Identity association" for full manual configuration if needed.
+        **Interface**                             Choose the interface that should send Router Advertisements. A prefix will be constructed
+                                                  from the primary IP of that interface, which is assigned by "Identity association" or
+                                                  "Track interface (legacy)" IPv6 modes of said interface. If additional virtual IP addresses exist on
+                                                  this interface, their prefixes will also be advertised.
+        **Mode**                                  Select which flags to set in Router Advertisements sent from this interface.
+        **Minimum interval**                      The minimum time allowed between sending unsolicited multicast router advertisements
+                                                  from the interface, in seconds.
+        **Maximum interval**                      The maximum time allowed between sending unsolicited multicast router advertisements
+                                                  from the interface, in seconds.
+        **Recursive DNS Servers (RDNSS)**         The default is to use this interface IP address with an enabled DNS service or the
+                                                  configured global DNS servers. You may specify up to three explict servers here instead.
+        **DNS Search List (DNSSL)**               The default is to use the domain name of this system as the DNSSL option.
+                                                  You may specify explicit domains here instead.
+        **Routes**                                Routes are specified in CIDR format. The prefix of a route definition should be network prefix;
+                                                  it can be used to advertise more specific routes to the hosts.
+        ========================================= ====================================================================================
+
+    .. tab:: Advanced Settings
+
+        ========================================= ====================================================================================
+        **Option**                                **Description**
+        ========================================= ====================================================================================
+        **Constructor**                           Per default, the primary prefix of the given *Interface* in
+                                                  *General Settings* is used. When setting a constructor,
+                                                  the primary prefix of a WAN interface can be used instead.
+                                                  An :doc:`NDP proxy </manual/ndp-proxy-go>` is required if the same WAN prefix is
+                                                  shared by multiple LAN interfaces.
+        **Preference**                            Select the Priority for the Router Advertisement (RA) Daemon.
+        **Deprecate Prefix**                      Deprecate advertised prefixes on shutdown by announcing a zero preferred lifetime.
+        **Shutdown Advertisement**                Upon shutdown, send a final advertisement with zero router lifetime.
+        **Default Lifetime**                      Lifetime in seconds this router is considered a valid default router.
+        **Preferred Lifetime**                    Lifetime in seconds addresses remain preferred for new connections.
+        **Valid Lifetime**                        Lifetime in seconds addresses remain valid before becoming unusable.
+        **Source Address**                        Select the source address embedded in the RA messages.
+                                                  If a CARP address is used DeprecatePrefix and RemoveRoute are both set to "off" by default.
+        **NAT64 prefix**                          The NAT64 prefix included in the router advertisements.
+                                                  The "well-known prefix" reserved for this service is 64:ff9b::/96.
+        **Link MTU**                              Advertise a specific MTU to clients. Must be equal or greater than 1280 and valid for the link.
+        **Enable DNS**                            Control the sending of the embedded DNS configuration (RFC 8106).
+        **Recursive DNS Servers Lifetime**        Lifetime in seconds for advertised recursive DNS servers.
+        **DNS Search List Lifetime**              Lifetime in seconds for advertised DNS search domains.
+        **Route Lifetime**         	              Lifetime in seconds for advertised routes.
+        **Remove Route**                          Withdraw advertised routes on shutdown by sending a zero lifetime.
+        ========================================= ====================================================================================
+
+
+.. _radvd-mode:
 
 --------------------------------
 Router Advertisements (Mode)
@@ -50,47 +121,63 @@ A detailed overview of the :code:`radvd` settings determined by the mode can be
       Technical details about the options can be found in the `man <https://www.freebsd.org/cgi/man.cgi?query=radvd.conf>`__ page of radvd
 
 --------------------------------
-General
+Configuration examples
 --------------------------------
 
 
-====================================  ===============================================================================
-Priority                              The  preference  associated  with	 the default router,
-                                      as	either "low", "medium" (default), or "high".
-RA Interface                          Interface to use prefix from.
-Advertise Default Gateway             uses :code:`AdvDefaultLifetime` to disable advertising as default router when
-                                      unset.
-Advertise Routes                      Advertise more specific specific routes to the clients.
-====================================  ===============================================================================
+Advertise a prefix on LAN
+--------------------------------------------------
 
+The most common configuration would be DHCPv6 on the WAN interface and receiving a routed prefix via DHCPv6-PD.
+When setting the LAN IPv6 configuration to either of "Track Interface (legacy)" or "Identity association" with a unique prefix ID,
+router advertisements can send that prefix and a default route to clients.
 
---------------------------------
-DNS
---------------------------------
+Go to :menuselection:`Services --> Router Advertisements` and add a new entry:
 
-For supported clients, DNS settings can also be propagated by radvd as detailed in `RFC 8106 <https://tools.ietf.org/html/rfc8106>`__
+========================================= ====================================================================================
+**Option**                                **Description**
+========================================= ====================================================================================
+**Enabled**                               X
+**Interface**                             LAN
+========================================= ====================================================================================
 
-====================================  ===============================================================================
-DNS servers                           Define which dns servers to publish to the clients, either the ones
-                                      defined here or (when **Use the DNS settings of the DHCPv6 server** is set)
-                                      the ones defined in the DHCPv6 server for this interface.
-                                      (:code:`RDNSS` in :code:`radvd`)
-Domain search list                    Domain search list to push to the clients, when not specified the local
-                                      domain name from this firewall is used. (:code:`DNSSL` in :code:`radvd`)
-====================================  ===============================================================================
+Press **Save** and **Apply**
 
---------------------------------
-Intervals
---------------------------------
+Per default, RDNSS and DNSSL options will be sent to clients, containing the IPv6 address of the LAN interface, and the default system domain.
 
-The time between unsolicited multicast router advertisement can be configured, using the following settings,
-usually these are left default.
 
-====================================  ===============================================================================
-Minimum Interval                      The  minimum  time allowed between sending unsolicited multicast
-                                      router advertisements from the interface,	in seconds.
-                                      Must be no less than 3 seconds and no greater than 0.75 *	 "Maximum Interval".
-Maximum Interval                      The  maximum  time allowed between sending unsolicited multicast
-                                      router advertisements from the interface,	in seconds.
-                                      Must be no less than 4 seconds and no greater than 1800 seconds.
-====================================  ===============================================================================
+Advertise multiple prefixes on LAN
+--------------------------------------------------
+
+If an ULA (Unique Local Address) prefix should be sent in addition to a GUA (Global Unicast Address) prefix, create a virtual IPv6 address
+in :menuselection:`Interfaces --> Virtual IPs`. Configure it on the LAN interface, make sure the prefix length is /64.
+
+Afterwards, applying the configuration in :menuselection:`Services --> Router Advertisements` will configure the additional prefix.
+
+
+DHCPv6
+--------------------------------------------------
+
+Router Advertisements are sufficient for clients to auto-generate a SLAAC address, receive a default gateway and a DNS server.
+These are the basic requirement for IPv6 connectivity.
+
+There can be advanced requirements like hostname registration, static reservations and DHCPv6 options.
+
+For these cases, there are two DHCPv6 servers available: :doc:`KEA </manual/kea>` and :doc:`Dnsmasq </manual/dnsmasq>`.
+As Dnsmasq is best used with its own router advertisement functionality, KEA is the most logical choice to pair with radvd.
+This is especially true for HA setups, as KEA can synchronize IPv6 leases.
+
+.. Attention::
+
+    A combination of KEA and radvd requires a static WAN prefix, as KEA cannot track prefixes dynamically.
+
+
+To advertise a DHCPv6 server to clients, configure the available :ref:`modes <radvd-mode>` to your requirements.
+
+
+High availability
+--------------------------------------------------
+
+For high availability with IPv6, static prefixes are a requirement for seamless failover.
+
+You can follow this setup example: :doc:`Configure CARP </manual/how-tos/carp>`