IPv6 and default gateway quirks

TrueNAS General
1

Here are some IPv6 quirks I encountered with TrueNAS.
Maybe it helps someone else.
The corresponding JIRA Ticket

What is the situation
My TrueNAS has multiple VLAN interfaces.
Only my VLAN interface 50 had a static IPv6.
The other interfaces only had IPv4.
The default Gateway for IPv6 is the link local IPv6 of my OPNsense firewall.
I created a replication task to an IPv6 destination.
That worked fine for weeks.

What happened
Today when I logged in, I noticed that the replication job failed. The e-mail alert was also stuck. The update check still worked, so I wrongfully assumed I had working IPv6.
But in the shell I noticed that I can’t curl or ping any IPv6 destination.

How I solved it
After assigning each interface an IPv6, everything works again.

What I think did happened
I think that TrueNAS somehow decided to use another VLAN than my VLAN50 for WAN access, for example VLAN51, which then failed. I wasn’t able to find a setting to say which interface should be the default interface.

Another possible solution I have not tested
The link local IPv6 gateway of my OPNsense is the same IPv6 for all devices. By using the GUA instead, TrueNAS would know which interface to use, because only one interface has the same prefix as that gateway.

An untested assumption I have
The Updater is IPv4 only, does not do happy eyeball or has a fallback to IPv4.

2

The ticket was unfortunately closed without any comment.
I am still not sure what is the best practice to combat this issue.

A: Use GUA instead of Link local as gateway
B: Define which interface is the default interface that should be used for connections. That option is currently missing(?) from TrueNAS.
C: something else completely

The issue is not only to reaching something online, but also about Firewall rules. If the destination Firewall has a rule to only allow incoming traffic for a replication task from a certain IPv6, TrueNAS has to use the same interface (equals same IPv6) every time for this to work. I could workaround that by allowing the whole prefix, but it is not as nice as allowing a single IPv6 IMHO.