Use of both dhcp and slaac, advanced configuration
-
@crc_error_79 This will not work for long if your IPv6 is dynamic... unless it never changes like JKnott's.
-
@Bob-Dig
what do you mean?
If my isp changes the prefix I can still have the dhcpv6 with the ULAs addresses defined by me.
The only thing I have to do is to change the virtual IP prefix as well as the slaac with the new one
Also, for the some devices I can set a static address like I did with my mac mini ::500 -
@crc_error_79 said in Use of both dhcp and slaac, advanced configuration:
what do you mean?
This, kinda:
The only thing I have to do is to change the virtual IP prefix as well as the slaac with the new one
-
@Bob-Dig
ah ok..
to me it is not a big deal, better change 2 parameters than at least 20 dhcpv6 static assigments..
Also I think that in this way I could have a public network and private one, I don't know if for security it is better..but as I said before maybe am I still too ipv4 focused
-
@crc_error_79 You could do it the other way around, use track interface for GUA and ULA in RA.
Or try NPt. -
@Bob-Dig
I can't use track interface because my isp assigns to the wan a local link.. Also I don't want to use nat..I think that this way or the one @JKnott suggested are the better, but maybe I am wrong (am an home user not an network engineer
)My goal is to have a single point where to control all the devices connected to the lan so I can set to each device a name and network information.
I can do it with dhcp (+dns) but not with slaac (or at least I think, I need some examples or try it) -
@crc_error_79 said in Use of both dhcp and slaac, advanced configuration:
I can't use track interface because my isp assigns to the wan a local link..
Does this defeat track interface?
-
@Bob-Dig
I don't know, as said am not an expert..but if I set track interface on the lan the only option is WAN and it has a local link, not routable.. see? I am using pppoe for the ipv4 connection
-
@crc_error_79 said in Use of both dhcp and slaac, advanced configuration:
but if I set track interface on the lan the only option is WAN and it has a local link, not routable.. see? I am using pppoe for the ipv4 connection
Just try it, ping an IPv6 address from an interface which "tracks". Do a reboot to be sure.
-
@Bob-Dig
Ok but I need a IPv6 Prefix ID, I never use track interface, where I can get it? -
@crc_error_79 Just use 0 on your first LAN. But on WAN you have to put in the delegation size to you. If you are uncertain, use 60.
-
@Bob-Dig
I tried but it is not work because (I think) the slaac can't autoassign an ipv6 if the gateway is a local link -
You seem to be creating your own problems. Use SLAAC to get the prefix for each interface for global addresses. Use my instructions for ULA and forget about DHCPv6, you don't need it.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@crc_error_79 said in Use of both dhcp and slaac, advanced configuration:
but if I set track interface on the lan the only option is WAN and it has a local link, not routable.. see? I am using pppoe for the ipv4 connection
Use SLAAC. Why are you worrying about the link local address? That's entirely normal. With IPv6, the link local address is frequently used for routing. That link local address is used only for reaching the next hop and has nothing to do with whatever addresses you are assigned.
-
@crc_error_79 said in Use of both dhcp and slaac, advanced configuration:
Ok but I need a IPv6 Prefix ID, I never use track interface, where I can get it?
With DHCPv6-PD, your prefix is assigned to you.
-
@Bob-Dig said in Use of both dhcp and slaac, advanced configuration:
Just use 0 on your first LAN. But on WAN you have to put in the delegation size to you. If you are uncertain, use 60.
I believe he said he gets a /56, so that's what he would use.
-
@crc_error_79 said in Use of both dhcp and slaac, advanced configuration:
I tried but it is not work because (I think) the slaac can't autoassign an ipv6 if the gateway is a local link
Where are you getting this nonsense from?
-
@JKnott said in Use of both dhcp and slaac, advanced configuration:
You seem to be creating your own problems. Use SLAAC to get the prefix for each interface for global addresses. Use my instructions for ULA and forget about DHCPv6, you don't need it.
On my post 16 my problems were solved, that was exactly my goal, then I asked if there were a better or more security / efficient etc way to do it.
I used your guide and it worked to, but in that way (with my skills) I can't easy manage the devices connected to the network since with slaac all devices get only the prefix and not the entire address.
So on router side if I don't know which ip has a device how can I manage it (firewall rules etc)I think that with slaac I can't do a thing like this below. I have to use dns with the hope that the address doesn't change.
Also if the prefix changes (for any reason) how can I be sure that the remaining part will stay the same?
@JKnott said in Use of both dhcp and slaac, advanced configuration:
With DHCPv6-PD, your prefix is assigned to you.
To configure the wan, I followed this guide from my isp link, ok it is in Italian but you can look at the pictures, they said to use "static ipv6", add the given /56 + the remain part to create the network and the gateway, and that is what I initially did.
@JKnott said in Use of both dhcp and slaac, advanced configuration:
I believe he said he gets a /56, so that's what he would use.
yes I get a /56
@JKnott said in Use of both dhcp and slaac, advanced configuration:
Where are you getting this nonsense from?
If I set "track interface" -> WAN instead of "static" but that interface has a local link it don't work, at least to me.
[edit] correct the post link (16, not 15)
-
C crc_error_79 referenced this topic on
-
@crc_error_79 It looks like you get a static prefix, that is great, so forget "track interface".
Also you can use the DHCPv6 Server for static mappings, it is almost the same as with IPv4.
If you really think that you will switch ISPs in the near future, use NPt. It is not regular NAT and will work just fine with ULAs, as long as you have (only) one ISP.
-
@Bob-Dig
Thanks I will read something about (because the only thing I know about is that it is a sort of nat)
