Setting up ULA and GUA addresses
-
@gwabber said in Setting up ULA and GUA addresses:
Do I have to turn off DHCPv6?
No, this will work for the GUA without a problem.
The good thing with the DHCPv6 is you can make static mappings with hostnames, even with a dynamic prefix. Then you can create firewall rules with an alias containing that hostname and it will change accordingly, so no real need for ULA.Only DDNS can't be done with pfSense and IPv6-host, unless they consider my feature request.
-
Sounds promising! I have a lot to learn, but this is a great start. Thanks!
-
It's working, partly.
I've setup my subnets as trackinterfaces. The devices get an IPv6 GUA, so that is working! Also I can ping between subnets via GUA's.
But, I also setup the virutal IP's met the ULA's and added the prefix to the RA.
The devices now also get an ULA, but I can't ping between subnets.This worked in my old setup. How do I fix that?
-
@gwabber Shouldn't be an issue, maybe show the rules and the subnet-sizes etc. and do a reboot, unless it is a known bug...
-
In the firewallrules there's only an allow all rule for ipv6....
I allready tried a reboot. Maybe there is a setting missing?
UPDATE
now I see I am not even able to ping the firewall via ULA... -
@gwabber The vip should be /64 I think. Also let us see the RA config.
-
Allright, I will check that out! login-to-view
-
@gwabber Looking good.
-
@bob-dig awesome! the /64 did it! I can ping inside the subnet now
I'm going to tinker further tomorrow for pinging between the subnets. Will post the results! :)
Thanks!
-
@bob-dig mind. blown.
Weeks of trouble and you gave the solution in about 10 minutes. It works!
The only thing I am still puzzling with, is how to give a static ULA to a device. I see I can do it with GUA's with the DCHPv6. Is there a similiar solution for the ULA's?
And you told me something about firewall rules via hostnames instead of IP's. Is there a good tutorial for that. I can't find it in Netgates manual, but maybe I use the wrong searchterms.
Thanks!
-
@gwabber I think it is one or the other. If you have GUA with DHCPv6 you would assign the "static" ULA in those hosts directly.
@gwabber said in Setting up ULA and GUA addresses:
And you told me something about firewall rules via hostnames instead of IP's.
Just create an alias with the hostname. You can use the same hostname with IPv4 and IPv6. If you look at the table of that alias, it will contain both IP-addresses (maybe the first time a restart is required). Now if the prefix changes, the DHCPv6 will change that prefix for the static mapping too and so will that alias. That means you can create firewall rules with that alias no problem, it will change automatically if the prefix changes, no need for a static ULA.
-
Cool! going to try that !
-
@gwabber If you are not aware, you can have a look at your aliases in "Diagnostics > Tables". Here you can check if this alias is already up to date or if maybe a restart is required, also give it some time.
-
@gwabber said in Setting up ULA and GUA addresses:
The only thing I am still puzzling with, is how to give a static ULA to a device.
With SLAAC, the addresses are static, based on either the MAC or a random number. There are also optional privacy addresses, which change every day. This is determined by the client.
-
-
You'd use the consistent address for DNS, for incoming traffic and the privacy addresses are used for outgoing.
-
@jknott works like a charm now! thanks!
-
@gwabber hey all,
I was having problems with my ULA routing when my track interface goes down, for example when my internetconnection has an error. Since you guys helped me with setting up ULA routing in the first place, I refer you to this New topic I started.
Maybe you experience the same problem. @NightlyShark helps me with the issue in this topic:
https://forum.netgate.com/topic/186787/ula-routing-stops-when-trackinterface-is-down?_=1710756586659