Use of both dhcp and slaac, advanced configuration
-
@crc_error_79 said in Use of both dhcp and slaac, advanced configuration:
I used your guide and it worked to, but in that way (with my skills) I can't easy manage the devices connected to the network since with slaac all devices get only the prefix and not the entire address.
What is it you're trying to manage? When you use the consistent address for DNS, you will always be able to reach it, no matter what the privacy addresses are.
-
@JKnott
you are right but how can I set an host override on the dns resolver if I don't know the ipv6 address?
I must go around the house and check every devices.. If I use dhcpv6 all is "centralized" since the router knows every ip it leases
Or am I wrong?
-
You don't set a host override. You just use the address as is. I mentioned I had to determine the consistent address recently for a new tablet. The way I did that was set up Packet Capture to capture the tablet MAC address and only IPv6. Then whatever address turned up when I used a browser to access the Internet was not the persistent address. Since there was only 2 address displayed in the settings, I had a good idea which one was persistent. You can easily grab the MAC address when you convert an IPv4 DHCP address, found in the DHCP log, to host override.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
Here's another way to determine the persistent address. This is on Linux, using the ip -6 address show command.
inet6 fd48:1a37:2160:0:90b4:60da:a900:2997/64 scope global temporary dynamic
inet6 fd48:1a37:2160:0:d37b:1ca2:4d85:a38d/64 scope global temporary deprecated dynamic
inet6 fd48:1a37:2160:0:76d4:35ff:fe5b:f5fa/64 scope global dynamic mngtmpaddrI used grep to display only my ULA addresses. You can tell by reading the text which is the persistent address. It's the last one. Similar can be done with the ifconfig command on Linux and FreeBSD or ipconfig on Windows.
-
It is a valid option, but to me is more complicated than what I used..
Since it requires packet capture (I know what it is but I don't know how to use it) or the physical access.
As said many times maybe it is because I am comfortable with dhcp and ipv4. -
It's no more complicated than setting up a DHCPv6 server. Also, packet capture is a very useful tool for solving problems. I frequently use either Packet Capture or Wireshark.
-
@JKnott
I will take a look about it.This morning I had a strange problem I never had with the ipv4.
The state table size was completely filled (198000 rows), cpu at 100% (proxmox i7 7700 with 4 cores assigned) and internet down.
What could be the cause? What do you think?Firewall rules are the same for both ipv4 and ipv6, only block inter-vlan traffic and allow anyware (unless pfBlocker says no) on internet
-
I have no idea what would cause that.
-
@JKnott
I am not in front of the pfsense (because I am at work now) but could it be the virtual ip or something related to the internal lan that tries to access to internet? -
I don't think so. I have a virtual IP as described in my ULA article and it's used all the time. However, I am not using pfBlocker.
-
@JKnott
I will check tomorrow, after the reboot I did the issue has gone. Maybe it was caused by the temporary nic I am using (an usb 2.5 gb) for the wanThanks again ;)
