Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Use of both dhcp and slaac, advanced configuration

    Scheduled Pinned Locked Moved IPv6
    48 Posts 4 Posters 21.0k Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • crc_error_79C Offline
      crc_error_79 @JKnott
      last edited by crc_error_79

      @JKnott

      Hello, I think I did something wrong because following your guide I can't get any ipv6 addresses..

      I have tried with all the RA combination, also with enable dhcpv6 but nothing works.. on pc side I always have the auto-generated local link

      Where am I going wrong? 😕

      [EDIT] there was an error on the firewall rules on screenshot (the rule is for ipv4 instead ipv6). Anyway even with the right setting it doesn't work..

      This is the vlan 219 (test) configuration

      79d418c6-c8d2-487b-9d95-c03542ef4bee-image.png

      85e2923e-e198-471b-83c7-d201fa475316-image.png

      fc88949f-d1f7-4779-8562-a0560faa27c0-image.png

      c6fcb8ae-9bbb-4f0f-8794-f5e03a1c40d9-image.png

      21b28cf2-5a1e-48a5-bc7a-e9a63030c4bb-image.png

      crc_error_79C 1 Reply Last reply Reply Quote 0
      • crc_error_79C Offline
        crc_error_79 @crc_error_79
        last edited by

        @crc_error_79
        @JKnott

        [EDIT 2] i am an idiot, it is official..
        It wasn't working because I did some hw modifications (I removed the nic where the vlan was assigned) but I didn't change the assignment.. So the network was up on a nic that doesn't exist..

        I don't know if leave the upper post of my post or remove it.. anyway..

        now I get the address end :1451 that is the temporary address used for internet, the 63c7 (i don't know) and the ULA.

        now I have 2 questions:

        • how can I assign statically the ULA's if it is generated from the client?

        • If I set 7200 seconds on "Default valid lifetime" and "Default preferred lifetime", after 2 hours should I get another temporary address? right?

        55bd46a9-2928-4f25-a049-85418c9af2ff-image.png

        JKnottJ 1 Reply Last reply Reply Quote 0
        • JKnottJ Offline
          JKnott @crc_error_79
          last edited by

          @crc_error_79 said in Use of both dhcp and slaac, advanced configuration:

          I don't know if leave the upper post of my post or remove it.. anyway..
          now I get the address end :1451 that is the temporary address used for internet, the 63c7 (i don't know) and the ULA.
          now I have 2 questions:

          how can I assign statically the ULA's if it is generated from the client?

          If I set 7200 seconds on "Default valid lifetime" and "Default preferred lifetime", after 2 hours should I get another temporary address? right?

          One thing I noticed is you were assigning a static IPv6 address on a VLAN. You should use track interface and SLAAC to assign addresses. Also, what are you still doing with DHCP? Unless you have a specific need for it, don't use it.

          As for the static ULA, it works exactly the same as global addresses. You get one consistent address and one or more dynamic addresses. Just create your prefix, as described, and then do the same as with your global addresses.

          I have never found a need to change the lifetime. I get a new address every day and that's good enough for me.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          crc_error_79C 1 Reply Last reply Reply Quote 0
          • crc_error_79C Offline
            crc_error_79 @JKnott
            last edited by

            @JKnott

            @JKnott said in Use of both dhcp and slaac, advanced configuration:

            One thing I noticed is you were assigning a static IPv6 address on a VLAN. You should use track interface and SLAAC to assign addresses. Also, what are you still doing with DHCP? Unless you have a specific need for it, don't use it.

            Ciao
            I can't because the isp gives me a local link address on the wan, and a prefix /56 to use on the lans
            I must to set it in that way in order to get it work..
            The only way is set that /56 and create a gateway address on a /64 lan
            Also dhcpv6 is disabled and RA is set to "assisted"

            da47e539-40cb-4644-b013-8067fa61b663-image.png

            @JKnott said in Use of both dhcp and slaac, advanced configuration:

            As for the static ULA, it works exactly the same as global addresses. You get one consistent address and one or more dynamic addresses. Just create your prefix, as described, and then do the same as with your global addresses.

            I am a little bit lost.. Do I have to do it on the client side or in pfSense?
            Because the only way I found is on the dhcpv6 (also requires a DUID [i don't know what it is and how get it])

            f2a36522-b3e8-44cc-abf2-27ceeec16bd4-image.png

            About your guide: may I ask what the virtual ip on the same lan specified on the RA subnet is used for?

            @JKnott said in Use of both dhcp and slaac, advanced configuration:

            I have never found a need to change the lifetime. I get a new address every day and that's good enough for me.

            Yes after many reboot of the mac the address remain, even the temporary.. maybe 7200 second is a too short time?

            JKnottJ 1 Reply Last reply Reply Quote 0
            • JKnottJ Offline
              JKnott @crc_error_79
              last edited by

              @crc_error_79 said in Use of both dhcp and slaac, advanced configuration:

              I can't because the isp gives me a local link address on the wan, and a prefix /56 to use on the lans

              Does your ISP not use DHCPv6-PD? If so, you should be able to get the proper prefix for each interface. Have you set a unique prefix ID for each interface? With a /56 your choices are 0 - ff. Also, link local addresses are often used for routing, as a router only has to know how to reach the next hop. My ISP provides a global address for the WAN, but it's not used for routing. It can be used for things like a VPN or connecting directly to pfSense with SSH, etc., but it's not necessary even for that.

              Also dhcpv6 is disabled and RA is set to "assisted"

              I use unmanaged.

              I am a little bit lost.. Do I have to do it on the client side or in pfSense?
              Because the only way I found is on the dhcpv6 (also requires a DUID [i don't know what it is and how get it])

              You don't do anything on the client. It all happens automagically there. The DUID just happens on it's own.

              About your guide: may I ask what the virtual ip on the same lan specified on the RA subnet is used for?

              It's used to provide an address for the interface. It will not assign one for itself with SLAAC.

              Yes after many reboot of the mac the address remain, even the temporary.. maybe 7200 second is a too short time?

              As I said, I've had no reason to change it.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              crc_error_79C 1 Reply Last reply Reply Quote 1
              • crc_error_79C Offline
                crc_error_79 @JKnott
                last edited by

                @JKnott

                @JKnott said in Use of both dhcp and slaac, advanced configuration:

                It's used to provide an address for the interface. It will not assign one for itself with SLAAC.

                Thank you, this was the key to do what I want to do.
                I found this video about the ipv6
                Youtube: pfsense Setting Multiple Static WAN IP Addresses / Using Virtual IP's NAT Firewall Rules

                Below how I set the dhcpv6 and slaac

                interface
                a6726406-c742-4d49-8ef0-f6847daa4784-image.png

                dhcpv6
                02626fdd-2f77-4e83-a14a-0867445bc8a1-image.png

                RA and slaac
                55bcad99-003e-4211-b53d-d5cb8cee0d74-image.png

                virtual IP
                9e665527-787b-43b0-8f63-82e1b2a5895a-image.png

                firewall (temporary rules, I have to set the correct ones)
                91812369-b8be-46e7-b9e5-1df5d063381b-image.png

                and finally

                7da666a6-b00e-4bc6-aa42-da24f0e2cb29-image.png

                Bob.DigB 1 Reply Last reply Reply Quote 0
                • Bob.DigB Offline
                  Bob.Dig LAYER 8 @crc_error_79
                  last edited by

                  @crc_error_79 This will not work for long if your IPv6 is dynamic... unless it never changes like JKnott's.

                  crc_error_79C 1 Reply Last reply Reply Quote 0
                  • crc_error_79C Offline
                    crc_error_79 @Bob.Dig
                    last edited by

                    @Bob-Dig
                    what do you mean?
                    If my isp changes the prefix I can still have the dhcpv6 with the ULAs addresses defined by me.
                    The only thing I have to do is to change the virtual IP prefix as well as the slaac with the new one
                    Also, for the some devices I can set a static address like I did with my mac mini ::500

                    Bob.DigB JKnottJ 2 Replies Last reply Reply Quote 0
                    • Bob.DigB Offline
                      Bob.Dig LAYER 8 @crc_error_79
                      last edited by Bob.Dig

                      @crc_error_79 said in Use of both dhcp and slaac, advanced configuration:

                      what do you mean?

                      This, kinda:

                      The only thing I have to do is to change the virtual IP prefix as well as the slaac with the new one

                      crc_error_79C 1 Reply Last reply Reply Quote 0
                      • crc_error_79C Offline
                        crc_error_79 @Bob.Dig
                        last edited by

                        @Bob-Dig
                        ah ok..
                        to me it is not a big deal, better change 2 parameters than at least 20 dhcpv6 static assigments..
                        Also I think that in this way I could have a public network and private one, I don't know if for security it is better..

                        but as I said before maybe am I still too ipv4 focused

                        Bob.DigB 1 Reply Last reply Reply Quote 0
                        • Bob.DigB Offline
                          Bob.Dig LAYER 8 @crc_error_79
                          last edited by

                          @crc_error_79 You could do it the other way around, use track interface for GUA and ULA in RA.
                          Or try NPt.

                          crc_error_79C 1 Reply Last reply Reply Quote 0
                          • crc_error_79C Offline
                            crc_error_79 @Bob.Dig
                            last edited by

                            @Bob-Dig
                            I can't use track interface because my isp assigns to the wan a local link.. Also I don't want to use nat..

                            I think that this way or the one @JKnott suggested are the better, but maybe I am wrong (am an home user not an network engineer 😁 )

                            My goal is to have a single point where to control all the devices connected to the lan so I can set to each device a name and network information.
                            I can do it with dhcp (+dns) but not with slaac (or at least I think, I need some examples or try it)

                            Bob.DigB 1 Reply Last reply Reply Quote 0
                            • Bob.DigB Offline
                              Bob.Dig LAYER 8 @crc_error_79
                              last edited by

                              @crc_error_79 said in Use of both dhcp and slaac, advanced configuration:

                              I can't use track interface because my isp assigns to the wan a local link..

                              Does this defeat track interface?

                              crc_error_79C 1 Reply Last reply Reply Quote 0
                              • crc_error_79C Offline
                                crc_error_79 @Bob.Dig
                                last edited by

                                @Bob-Dig
                                I don't know, as said am not an expert..

                                but if I set track interface on the lan the only option is WAN and it has a local link, not routable.. see? I am using pppoe for the ipv4 connection

                                fd203c04-de7d-4384-aa77-8206e88a37e8-image.png

                                4fda769f-4270-467b-9ddb-18572fd4ecb6-image.png

                                Bob.DigB JKnottJ 2 Replies Last reply Reply Quote 0
                                • Bob.DigB Offline
                                  Bob.Dig LAYER 8 @crc_error_79
                                  last edited by Bob.Dig

                                  @crc_error_79 said in Use of both dhcp and slaac, advanced configuration:

                                  but if I set track interface on the lan the only option is WAN and it has a local link, not routable.. see? I am using pppoe for the ipv4 connection

                                  Just try it, ping an IPv6 address from an interface which "tracks". Do a reboot to be sure.

                                  crc_error_79C 1 Reply Last reply Reply Quote 0
                                  • crc_error_79C Offline
                                    crc_error_79 @Bob.Dig
                                    last edited by

                                    @Bob-Dig
                                    Ok but I need a IPv6 Prefix ID, I never use track interface, where I can get it?

                                    Bob.DigB JKnottJ 2 Replies Last reply Reply Quote 0
                                    • Bob.DigB Offline
                                      Bob.Dig LAYER 8 @crc_error_79
                                      last edited by

                                      @crc_error_79 Just use 0 on your first LAN. But on WAN you have to put in the delegation size to you. If you are uncertain, use 60.

                                      crc_error_79C JKnottJ 2 Replies Last reply Reply Quote 0
                                      • crc_error_79C Offline
                                        crc_error_79 @Bob.Dig
                                        last edited by

                                        @Bob-Dig
                                        I tried but it is not work because (I think) the slaac can't autoassign an ipv6 if the gateway is a local link

                                        JKnottJ 1 Reply Last reply Reply Quote 0
                                        • JKnottJ Offline
                                          JKnott @crc_error_79
                                          last edited by

                                          @crc_error_79

                                          You seem to be creating your own problems. Use SLAAC to get the prefix for each interface for global addresses. Use my instructions for ULA and forget about DHCPv6, you don't need it.

                                          PfSense running on Qotom mini PC
                                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                                          UniFi AC-Lite access point

                                          I haven't lost my mind. It's around here...somewhere...

                                          crc_error_79C 1 Reply Last reply Reply Quote 0
                                          • JKnottJ Offline
                                            JKnott @crc_error_79
                                            last edited by

                                            @crc_error_79 said in Use of both dhcp and slaac, advanced configuration:

                                            but if I set track interface on the lan the only option is WAN and it has a local link, not routable.. see? I am using pppoe for the ipv4 connection

                                            Use SLAAC. Why are you worrying about the link local address? That's entirely normal. With IPv6, the link local address is frequently used for routing. That link local address is used only for reaching the next hop and has nothing to do with whatever addresses you are assigned.

                                            PfSense running on Qotom mini PC
                                            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                                            UniFi AC-Lite access point

                                            I haven't lost my mind. It's around here...somewhere...

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.