DHCP6, SLAAC and Apple OSs

yobyot

More newbie questions about pfSense and IPv6 I hope some kind forum reader will be kind enough to educate me on.

I'm trying to learn the uses and differences between local LAN usage of SLAAC and DHCPv6 in pfSense, with a particular emphasis on Apple OSs and devices, between the various settings for the pfSense "router mode".

In assisted mode, wired interfaces on macOS Monterey receive two SLAAC addresses (which I presume are the temporary and privacy addresses) as well as a DHCPv6 address. Wireless interfaces on macOS Monterey and iOS receive only SLAAC addresses.

In managed mode, wired devices receive a DHCPv6 address (verified in pfSense's status screen) but not SLAAC addresses (obviously). And of course, wireless and iOS devices, because there's no SLAAC, they do not receive IPv6 addresses at all.

I'd vastly prefer to have only DHCPv6 interface addresses on my local LAN, not least for DNS purposes. But if I can't get wireless Apple adapters (on Macs, iPhones and iPads) to request them, it kinda throws a monkey wrench in the works.

Apologies if I sound confused -- it's a newcomer to IPv6 and it's very different approach to interface address assignment.

JKnott

@yobyot

I'm allergic to Apple gear, so I can't help you with that. However, generally SLAAC, with RDNSS, is all you need, though you could use stateless DHCPv6 for the extra stuff such as NTP server address, etc..

As for DNS, you use the consistent address for that. It's often based on the MAC address, though it could be a random address.

Normally, with SLAAC, you also get up to 7 privacy addresses, with a new one every day. Those are used for outgoing connections.

Bottom line, start with SLAAC alone and add stateless DHCPv6 if you need it.

yobyot

@jknott Thanks!

Can you shed any light on how pfSense handles registering DHCPv6-provided interface addresses in the local DNS resolver?

I'm hoping there's a way to do local lookups by name for local interface addresses in the same or similar way that pfSense handles IPv4 addresses: by registering them in the pfSense DNS resolver.

JKnott

@yobyot

No, I don't use DHCPv6 for addresses. I use SLAAC and enable RDNSS. I just manually add an address to the resolver. I just checked and there are no addresses listed under DHCPv6 leases. But then I didn't expect there to be any.

NogBadTheBad

@yobyot Are you doing DHCPv6 Static Mappings, it should just work.

andy@mac-pro ~ % ifconfig en0
en0: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=50b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV,CHANNEL_IO>
	ether 00:3e:e1:c1:af:07 
	inet6 fe80::463:1284:1620:f62f%en0 prefixlen 64 secured scopeid 0x4 
	inet 172.16.2.20 netmask 0xffffff00 broadcast 172.16.2.255
	inet6 2a02:XXXX:XXXX:2::14 prefixlen 64 dynamic 
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect (1000baseT <full-duplex,energy-efficient-ethernet>)
	status: active
andy@mac-pro ~ % host mac-pro
mac-pro.XXXXXXXXXX.net has address 172.16.2.20
mac-pro.XXXXXXXXXX.net has IPv6 address 2a02:XXXX:XXXX:2::14

NogBadTheBad

Gertjan

Like @nogbadthebad

I've :

and added all the devices that I wanted to give a DHCP static IPv6 lease, like @NogBadTheBad

Apple devices play very well with this. Zero issues for the last ... decade or so ?!
( I never had to use an Android based device in my life )
Even if the DUID are not added to the DHCPv6 static mappings list, it works well, an Ipv6 from the pool is used.