Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why do I have to 'Track Interface' on LAN to WAN for IPv6 to work?

    Scheduled Pinned Locked Moved IPv6
    ipv6
    60 Posts 6 Posters 26.2k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bearhntrB Offline
      bearhntr
      last edited by

      I have searched and searched and I cannot get a 'good' answer as to why I have to set this to make IPv6 in my home work.

      My setup:

      • ISP is Comcast - and WAN is set to DHCP/DHCP6 (with /60 prefix - confirmed with them for residential this is good) - utilizing Prefix ID '0' My COMCAST WAN IPv6 is 2001:558:6011:a5: {remainder masked} with a 128 prefix The LAN when I use Track - is 2601:c4:c501:7aa0 {remainder masked} with a 64 prefix.
      • pfSense 23.05.1-RELEASE (amd64) - running on HP t620+ ThinClient with added 2-port NIC (not utilizing the on-board currently - DNS Forwarder enabled with "ALL" Interfaces chosen
      • DHCP/DHCP6 enabled and pointing to the STATIC addresses for the 2019 AD/DS
      • Server 2019 AD/DS, DNX, DHCP (working as best I can determine)
      • I used an IPv6 address (I have tried fdxx:xxxx:xxxx:xxxx::/64 - and I have tried 2001::xxxx:xxxx:xxxx::/64) - creating my own after performing a WHOIS on them - they both came back as valid
      • DNS and DHCPv4/v6 on the AD/DS server is handing out addresses to everything on the network...no problems there (well the Android devices in my home do not pull one (1xPhone 3xTablets) - but the 2xFireSticks do as do my 3x Smart TVs
      • pfSense GENERAL >> DNS is pointing to IPv4 and IPv6 of AD/DS box
      • AD DNS is pointing to COMCAST and CloudFlare DNS (as I have an account there to get my HomeAssistant to work outside my home
         
        I have tried everything - Setting LAN in pfSense to DHCPv6 - and it does indeed pull an address from the AD/DS server. I have given it a STATIC IP as well from the scope I setup (either fdxx or 2001). This seems to work as well - until I reboot.

      pfSense RA is enabled, and I have tried ROUTER ONLY, MANAGED, ASSISTED and even STATELESS (but I am trying to do a STATEFUL IPv6). Everything seems to work if Track Interface/WAN is set - I change to anything else - and reboot pfSense ... it all 'hits the fan'.

      Someone has to have done this. I have watched nearly 100 videos and read just as many 'how to' sites - nothing discusses doing this without "Track Interface" When you do is, all of the TEST IPv6 sites fail miserably.

      Anything I left out - please just ask.

      JKnottJ GertjanG 2 Replies Last reply Reply Quote 0
      • JKnottJ Offline
        JKnott @bearhntr
        last edited by

        @bearhntr

        The IPv6 prefix is provided through the WAN interface as part of DHCPv6-PD.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        bearhntrB 1 Reply Last reply Reply Quote 1
        • bearhntrB Offline
          bearhntr @JKnott
          last edited by

          @JKnott said in Why do I have to 'Track Interface' on LAN to WAN for IPv6 to work?:

          @bearhntr

          The IPv6 prefix is provided through the WAN interface as part of DHCPv6-PD.

          I get that part of it - but it makes no sense at all. If I have a DHCPv6 server and it can assign an IP address (IPv6) to things - why do I need "TRACK INTERFACE". I pretty much understand the principle of UniCast/MultiCast and the need for an RA. But not this need/reasoning.

          If someone can just point me to some knowledge/training/courses - behind this 'need'.

          johnpozJ JKnottJ 3 Replies Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator @bearhntr
            last edited by

            @bearhntr so your isp delegates to you use a /56 or 60 prefix for your IPv6..

            You then need to tell pfsense what /64 prefix to put on a specific interface.. How would pfsense know what /64 to use on your lan interfaces if your don't "track" and state which /64 to use, the first 1, 2nd, 3rd etc.. A /56 is has 256 /64s in it..

            If they gave you a /60 you would have 16 /64s to work with..

            This is no different really than IPv4 in a basic sense.. If your isp routed say a /24 to you, you could break that up into 2 /25s or 4 /26s etc..

            With ipv6 and delegation they have somewhat automated this - since with IPv6 the smallest prefix you can use on a network interface is a /64.. I can delegate some /60 to you, and then you can tell pfsense what subnet (/64) out of that /60 to use on each interface.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

            bearhntrB 1 Reply Last reply Reply Quote 2
            • bearhntrB Offline
              bearhntr @johnpoz
              last edited by

              @johnpoz

              I understand the prefix thing (I believe). When I plug in the pfSense to the modem and I set WAN to DHCP and DHPC6 (as Comcast suggests -- I get an address in both - see below (but masked partially) - the 2001 address on the WAN - from what my records indicate has not changed in months. The 2601 address (which looks to be SLAAC - as fe8b:cb26 look like part of the MAC Address on that NIC) changes every time I reboot (slightly) or if I change the 0 to something else in the IPv6 Prefix ID (with a /60 delegation from Comcast - I can use 0-f)

              b688d89b-2403-4c64-866c-46c645377c31-image.png

              f7704dbe-a660-4041-a856-8c162a2d3637-image.png

              This is when I set TRACK INTERFACE - Given that I would assume that the 2001: address would be my Internet Access - just as the 24.30. address is. I should be able to set any IPv6 address I want on the LAN (statically - like I did the 10.9.28.254 address which is in my home's network and the DHCP server hands out 10.9.28.0/24 addresses to the other devices just fine). I have also setup Server 2019 DHCP6 multiple ways - and once a device phones home - it will get an address in the 'designated' scope active at the time for v6. Conceivably I should be able to set DHCPv6 on the LAN port and let it get an address -- then set a reservation on it at the server, and then for safety use that same address as STATIC IPv6 on the LAN. (if as you state IPv6 is no different)

              This much I understand - and things work for a while this way (until I either a) reboot pfSense as a test, b) reboot/restart DHCP services on the server, c) wait 1-2 hours. Then nothing works to the OUTSIDE. Inside my home things work fine both v4 and v6 - it is that nothing v6 to the outside goes.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator @bearhntr
                last edited by

                @bearhntr the IPv6 your wan gets, quite often is not part of the network that is delegated to you.. Now it could maybe be in the first prefix of the delegated range.. Or it could be something completely different.

                Just because your wan doesn't change, doesn't mean your delegated prefix didn't.

                When your ISP delegates something to you via dhcp - there is nothing saying that might not change.. You can't just get an delegation, and then set that as static and hope that to always work.

                Just leave it as track and you should be fine, you can use the "alias net" for that range - the alias will change if your delegation changes, etc..

                if you want static IPv6 - get with your isp for that. Or you could always use a free tunnel from HE.. They will give you a /48 that never changes.. Then you can assign whatever /64s you want on your internal networks out of that /48..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                bearhntrB 1 Reply Last reply Reply Quote 1
                • JKnottJ Offline
                  JKnott @bearhntr
                  last edited by

                  @bearhntr said in Why do I have to 'Track Interface' on LAN to WAN for IPv6 to work?:

                  I get that part of it - but it makes no sense at all. If I have a DHCPv6 server and it can assign an IP address (IPv6) to things - why do I need "TRACK INTERFACE".

                  One thing to bear in mind is some ISPs change the prefix they assign. This means you cannot just configure a DHCPv6 server on your own. You need some mechanism to follow what the ISP assigns. That mechanism is track interface.

                  PfSense running on Qotom mini PC
                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                  UniFi AC-Lite access point

                  I haven't lost my mind. It's around here...somewhere...

                  bearhntrB 1 Reply Last reply Reply Quote 1
                  • bearhntrB Offline
                    bearhntr @johnpoz
                    last edited by

                    @johnpoz

                    John I truly appreciate your attempt at an explanation - but it is not helping me to understand "WHY" I have to use this setting. I am sure there are 100s or 1000s of people who do this.

                    I do realize that I am a residential ISP subscriber and probably not given the same services as a business customer would have, it still makes no sense to me why I have to use the setting I am questioning if I have my own DNS and DHCP server in my home that points not only to CloudFlare (i.e. one.one.one.one and also to Comcast DNS server IPs).

                    I am not setting anything at the WAN - that is and always has been DHCP/DHCPv6. The LAN IPv4 is statically set by me (or I can let it pull an address from my DHCP server and it works just fine. I have tried this by disabling the IPv6 completely...letting pfSense pull any address that it wants from my DHCP server...and things just work. DHCP updates the DNS portion of my server with the new 'gateway' address and things just work.

                    I completely understand that IPv6 uses RA instead of a gateway, but as 'I understand it' - is is basically the same thing only having multicast capabilities.

                    1 Reply Last reply Reply Quote 0
                    • bearhntrB Offline
                      bearhntr @JKnott
                      last edited by

                      @JKnott

                      That is what I am trying to understand. If pfSense is 'in essence' my "Path" to the Internet - why does this not work? I am able to SET my Gateway for the IPv4 address to be anything in my network 'subnet segment' and granted it is a one-to-one relationship (basically) - it works.

                      I feel that I should be able to do the same thing in pfSense with IPv6. Comcast setup a WAN link and an address (just like it did for IPv4).

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ Offline
                        johnpoz LAYER 8 Global Moderator @bearhntr
                        last edited by johnpoz

                        @bearhntr If the isp hands you network X to use via a delegation.. And you use setup X that works fine.. But if they change that network to Y.. your X network is no longer going to work..

                        I am not getting what part of this you do not get??

                        I am sure there are 100s or 1000s of people who do this.

                        Yup all have to use track and let the delegation set the IP range to what the ISP delegates to them..

                        The isp routes X to you.. But then they don't route that too you any more and only route Y.. You still using X isn't going to work..

                        If you want to set static on your network - then like I said get a static from your isp, or use HE..

                        I am able to SET my Gateway for the IPv4 address

                        Ahhhh - your failing to grasp that IPv6 is not natting.. The prefix you set on the lan side interface via a track, is not natted to the IPv6 address you get on the wan.. Its a GUA that is "routed" to you.. When the isp no longer routes that network to you because they changed the delegation.. Not going to work, you can't just put some random public IPv4 address on your pfsense wan can you ;)

                        If you want to do that, then use a ULA ip range on your lan side networks and setup it to NAT to your IPv6 IP the isp gives you on your wan.. But that really defeats the whole purpose of IPv6.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                        1 Reply Last reply Reply Quote 1
                        • bmeeksB Online
                          bmeeks
                          last edited by bmeeks

                          @bearhntr: residential IPv6 does not generally work the same was as residential IPv4 does. To expound upon what @johnpoz is saying --

                          With most residential ISPs, they give the customer only a single public IPv4 address. Your pfSense firewall will then use NAT (network address translation) to map your internal LAN IP addresses over to your single public IPv4 WAN address.

                          IPv6 works differently. It does not use NAT at all with most configurations. Only a complete idiot ISP would use NAT for IPv6. Your ISP is allocating a /60 IPv6 subnet block to you. That block contains 295,147,905,179,352,825,856 public IPV6 addresses you can use for internal hosts! The smallest legal IPv6 subnet is a /64. The /60 your ISP is giving you allows you to have sixteen /64 subnets, all with public routable IPv6 addresses. But you must use the IPv6 addresses your ISP gave you. You can't choose your own with your own DHCPv6 server on the LAN. That's what the "Track Interface" setting is doing. It's letting the LAN side of pfSense know what is the currently "proper" IPv6 /64 prefix to use for public Internet traffic.

                          Your ISP gives you a different pool of those 295,147,905,179,352,825,856 IPv6 addresses each time your connection with the ISP resets. They give you a new /60 prefix. So all of your devices on the LAN will need new IPv6 addresses assigned from that new /60 address space.

                          JKnottJ 1 Reply Last reply Reply Quote 0
                          • JKnottJ Offline
                            JKnott @bmeeks
                            last edited by

                            @bmeeks said in Why do I have to 'Track Interface' on LAN to WAN for IPv6 to work?:

                            Your ISP gives you a different pool of those 295,147,905,179,352,825,856 IPv6 addresses each time your connection with the ISP resets

                            Not necessarily. A customer will have a DUID, which tells the ISP what prefix they get so that it doesn't change. Some ISPs honour that and some don't. There is also a setting in pfSense that controls it for those that do. I've had the same prefix for almost 5 years, even though both my modem and the computer I run pfSense on have been changed.

                            PfSense running on Qotom mini PC
                            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                            UniFi AC-Lite access point

                            I haven't lost my mind. It's around here...somewhere...

                            bmeeksB 1 Reply Last reply Reply Quote 0
                            • JKnottJ Offline
                              JKnott @bearhntr
                              last edited by

                              @bearhntr said in Why do I have to 'Track Interface' on LAN to WAN for IPv6 to work?:

                              If I have a DHCPv6 server and it can assign an IP address (IPv6) to things

                              Forgot to mention, you normally use SLAAC and not DHCPv6 on your LAN. Also, thanks to some genius at Google, Android devices don't work with DHCPv6.

                              The 2601 address (which looks to be SLAAC - as fe8b:cb26 look like part of the MAC Address on that NIC) changes every time I reboot

                              Your prefix, as assigned by your ISP may be changing. Make sure System / Advanced / Networking / Do not allow PD/Address release is selected. If it is and the prefix still changes, you can use Unique Local Addresses on your LAN, to provide addresses that won't change. You then use those in your DNS.

                              PfSense running on Qotom mini PC
                              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                              UniFi AC-Lite access point

                              I haven't lost my mind. It's around here...somewhere...

                              1 Reply Last reply Reply Quote 0
                              • bmeeksB Online
                                bmeeks @JKnott
                                last edited by bmeeks

                                @JKnott said in Why do I have to 'Track Interface' on LAN to WAN for IPv6 to work?:

                                A customer will have a DUID, which tells the ISP what prefix they get so that it doesn't change. Some ISPs honour that and some don't.

                                Yeah, did not clarify my statement and made it overly broad.

                                However, I believe there are ISPs that are passive aggressive "hostile" to users hosting anything on their residential networks; and those ISPs can do things like making any public IP address or addresses they give you change as often as possible. They may also block certain inbound ports (port 25 being a favorite that is almost universally blocked now). They pretty much all have a policy prohibiting hosting of services on residential accounts, but there are varying degrees of enforcement. Having "non-sticky" public IPs is another tool in the ISP's arsenal.

                                johnpozJ 1 Reply Last reply Reply Quote 0
                                • johnpozJ Offline
                                  johnpoz LAYER 8 Global Moderator @bmeeks
                                  last edited by

                                  @bmeeks said in Why do I have to 'Track Interface' on LAN to WAN for IPv6 to work?:

                                  like making any public IP address or addresses they give you change as often as possible.

                                  That is a quite possible reason for why they do it.. Never thought of it - but a always changing IP would make it more difficult to host services..

                                  My IPv4 only has changed when they made a big IP range change when current cable company got bought by a different company and they changed their name even.

                                  My IPv6 prefix hasn't ever changed because I just use HE tunnel and have a /48 that I can just setup static IPv6 on my interfaces vs having to worry about tracking..

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                  1 Reply Last reply Reply Quote 0
                                  • bmeeksB Online
                                    bmeeks
                                    last edited by bmeeks

                                    There are likely several reasons for residential public IPs being transitory.

                                    1. There would be some labor overhead in keeping up with IPs assigned to specific users, and then modifying all that when one subscriber dropped and another was added. You could automate that to some degree, but human oversight would still be necessary.

                                    2. With IPv4, the majority of ISPs simply do not have enough free network addresses to make all their users quasi-static. Of course with IPv6 this is no longer an issue, but old paradigms die slowly. This is why CGNAT is growing on the IPv4 side.

                                    3. It can make hosting services much more difficult with changing public IPs on residential accounts.

                                    bearhntrB JKnottJ 2 Replies Last reply Reply Quote 0
                                    • bearhntrB Offline
                                      bearhntr @bmeeks
                                      last edited by

                                      @bmeeks @johnpoz @JKnott

                                      Let me start off by saying thanks - I am truly not trying to be 'daft', just trying to get a better grasp on it (which I mentioned in my first message). I am not wanting to come across as an ass, either. Just for reference, when I first setup pfSense with IPv6 and it was doing DNS, DDNS (with CloudFare) and DCHP/DHCPv6 (as server and resolver) - I tracked for nearly 90 days the IPv6 on the WAN and LAN in pfSense (copying and pasting into a file daily) - they never changed. I had set the setting mentioned above Do not allow PD/Address release is 'Enabled'

                                      Even as mentioned - I get my own HE 'tunnel' (static per say) - I am not sure it is going to fix things, as for the most part...my addresses already seem to be "static" as I mentioned I kept up with them for 90+ days and they never changed - even through modem and pfSense reboots. Never seemed to have any problems until I want to add AD/DS to the mix.

                                      I have been working on, with and around computers for about 45 years (since 1977 when I built first one at age 9). I feel that I have a pretty good grasp on things network related (and just wanting to 'sure-up' my IPv6 understanding). Again, I do appreciate your insights/input.

                                      Let me see if I can clarify some my questions - and the information already provided has helped immensely. I simply trying to grasp this whole TRACK INTERFACE. If I take IPv6 out of the picture, here is what I understand (let me state upfront - I am a Windows guy, can do MacOS and Linux with guidance) :

                                      1. "I" set my Gateway address and subnet (which I am using 10.9.28.0/24 - this I completely understand gives me 'one' segment - and I know how to make a change to get more. I give pfSense this as my LAN IP Address and all is good. The WAN is set by Comcast and pfSense handles (via its NAT and firewall the traffic from my network to the Internet. Everything in 10.9.28.xxx is under my control.

                                      2. I am trying to utilize AD/DS as a singular (LDAP, etc.) means of logging into multiple things - so as not having to maintain individual logins to many, many things/apps/services as I expand my SmartHome. I already have pfSense setup to use an LDAP login on my 2019 AD/DS server with the steps I found in the NETGATE KB (this works just fine). AD/DS highly recommends the use of 'its' DNS and DHCP to keep up with things. This is why I am trying to get a better grasp on this. I tried to find something on using AD/DS with pfSense doing all of (like I had setup before - but nothing seemed to make sense or work). I guess I am trying do a STATEFUL configuration, which by reading all the comments, it fruitless and I should just give up.

                                      3. I have tried many things in setting up a DHCPv6 scope on the server...using the LAN address as a 'template' if you want to call it that, and then making a reservation for the address which is on that address on the AD/DS scope...and statically setting it in the IPv6 properties in the Ethernet settings for the adapter (with 64) prefix and repeating it in the DNS block. It will work for a while and then stop.

                                      What I simply cannot grasp is the 'static' --- and WHY I cannot do this (in some fashion) with the IPv6 (on "MY" network - anything inside pfSense). I have tried every possible combination that I can think of for the settings (using fdxx: or 2001: or 2601: as addresses) never can get fdxx: - no matter what I do to work... all IPv6 test sites will fail with this scope. Comcast appears to be give me a 2001: /128 address on my WAN (and when Track Interface is on, a 2601: /64 address on the LAN). I feel I have some understanding of the /60 setting that Comcast had me set in pfSense under the WAN setup. Under the LAN is with setting Track Interface It has '0' (I know I can use 0-f there).

                                      I find myself rambling - just say why, Why, WHY must I use Track Interface??? 😁 I just do not understand why; if pfSense is my 'portal' to the Internet, and works just fine with IPv4 and I get to control everything on LAN.

                                      bmeeksB johnpozJ JKnottJ 3 Replies Last reply Reply Quote 0
                                      • bmeeksB Online
                                        bmeeks @bearhntr
                                        last edited by bmeeks

                                        @bearhntr said in Why do I have to 'Track Interface' on LAN to WAN for IPv6 to work?:

                                        just say why, Why, WHY must I use Track Interface??? I just do not understand why; if pfSense is my 'portal' to the Internet, and works just fine with IPv4 and I get to control everything on LAN.

                                        Bottom line reason for "why" you have to use Track Interface is this --

                                        Your ISP configures a specific routing table in their network for the prefix they give you. Because there is no NAT, your IPv6 address segment from your ISP is your public IP subnet. But in order for it to route correctly through your ISP and on to the Internet, your LAN hosts must be using an IPv6 address from the correct prefix. So long as your ISP does not change your prefix (the /60 block they provide), then you should be able to configure an IPv6 subnet in the DHCPv6 server for Windows AD and have that work. But the instant your ISP makes a routing change on their side of the network (beyond your pfSense box) and assigns your connection a new IPv6 prefix, then your IPv6 traffic may cease to be able to get routed to and from the Internet and back to your LAN hosts if they are using the previous IPv6 prefix.

                                        You can't just pick a DHCPv6 address scope out of the blue on your side when there is no NAT. What you choose must be recognized and routed correctly by your ISP. An analogy is even if you have a static IPv4 address, you can't just choose any other IPv4 address or subnet you desire on your WAN. You must use the address and subnet provided by your ISP because their end of the connection is routing only exactly what they give you. Similarly, you must use the IPv6 prefix your ISP has assigned on your LAN because there is no NAT. Your ISP expects all of your LAN hosts to be sending and receiving traffic on an IPv6 address from the IPv6 prefix the ISP assigned to your connection. The ISP signals what that prefix is via the "Track Interface" setting.

                                        As has been mentioned in this thread, most ISPs will honor some IPv6 client settings that say "please let me keep this same IPv6 prefix". But not all ISPs will do that, and there are some situations where they need to change the prefix they gave you. In that scenario, if you were using static hard-coded IPv6 subnets on your side, your IPv6 traffic could stop working because the ISP would no longer be routing that prefix for you (since they changed it to a different one on their end). What "track interface" does is help the LAN side of pfSense, and all the hosts there, recognize when (or if) the ISP changes the IPv6 prefix. That triggers all the hosts there to obtain new addresses in the new prefix.

                                        Later Edit: one more thing that might be confusing to you -- the IPv6 address that your ISP assigns for your WAN interface is usually NOT in the same subnet as the one they give for your prefix. The ISP may give your WAN firewall interface an IPv6 address for its own use, but then will assign a large block of IPv6 addresses in a prefix for use on your local networks behind the firewall. "Track Interface" is a bit of a misnomer because it does not literally mean "use what the WAN has", it instead means "here is a prefix for internal interfaces, use it for LAN and other internal interfaces". It is associated with the WAN interface because that's where the DHCPv6 client is running that receives and processes the "track interface" command sequence the ISP's system sends to pfSense.

                                        And in fact, in many Track Interface setups, the WAN interface gets no public IPv6 address at all -- only the internal interfaces get a public IPv6 address via the "track interface" protocol. The WAN is stuck using a link-local address and communicates only with the far-end local segment gateway.

                                        bearhntrB 1 Reply Last reply Reply Quote 3
                                        • johnpozJ Offline
                                          johnpoz LAYER 8 Global Moderator @bearhntr
                                          last edited by

                                          @bearhntr said in Why do I have to 'Track Interface' on LAN to WAN for IPv6 to work?:

                                          and works just fine with IPv4 and I get to control everything on LAN.

                                          As always @bmeeks is very articulate and spot on in his assessments and explanations.. Great post going into why your having an issue.

                                          But I am going to suggest something that will drive our resident fanboy of ipv6 up the wall ;) Turn IPv6 off and forget about if it is causing you grief and your not understanding how it is different than your typical IPv4 nat setup that you are use too.

                                          Why do you need IPv6? There is currently zero reason to actually "need" IPv6.. Name one resource that you use that requires IPv6.. I have been asking for this for years - nobody has been able to name one..

                                          Unless you can name a resource that "requires" you to use IPv6 - it comes down to play and learning.. Until such time that some major resource turns off IPv4.. Which is what like 20 years down the road to be honest.. Using IPv6 really gets you nothing but grief and added complexity.

                                          I have been using IPv6 for like 13 years or something.. Still have not actually found a "need".. Sure it is cool to not have to nat, and sure it is the future - don't get me wrong.. And if your in specific parts of the world where IPv4 is scare, and you want to host something to other IPv6 users - sure it has use.. Look at the mobile phone industry - they have billion of devices, IPv6 has been great for them - but they also provide natting/conversion into the IPv4 space. So while your phone might only get IPv6 - it can talk to any IPv4 address.

                                          Sure if your isp went cgnat - its a easy way to get to your network while your out and about if you have a IPv6 address to use.. But to currently most people have zero "need" for IPv6.

                                          My isp doesn't even provide IPv6.. I have to use a HE tunnel if I want IPv6 - which while I do want it, to play with. And help others that might have questions about it.. But I honestly have "zero" need for it.. I could just turn off my tunnel - and nothing would change from my use of the internet.

                                          If its causing you grief - and confusing you, just do yourself a favor and forget about.. Come back to it in say 10 years ;)

                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                          If you get confused: Listen to the Music Play
                                          Please don't Chat/PM me for help, unless mod related
                                          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                          JKnottJ 1 Reply Last reply Reply Quote 0
                                          • JKnottJ Offline
                                            JKnott @bmeeks
                                            last edited by

                                            @bmeeks said in Why do I have to 'Track Interface' on LAN to WAN for IPv6 to work?:

                                            There would be some labor overhead in keeping up with IPs assigned to specific users, and then modifying all that when one subscriber dropped and another was added. You could automate that to some degree, but human oversight would still be necessary.

                                            What labour? It's just providing the addresses associated with the DUID.

                                            With IPv4, the majority of ISPs simply do not have enough free network addresses to make all their users quasi-static. Of course with IPv6 this is no longer an issue, but old paradigms die slowly. This is why CGNAT is growing on the IPv4 side.

                                            My IPv4 address is virtually static, but the host name is as permanent as my hardware, as it's based on the modem and router MAC addresses. I also get 2 IPv4 addresses.

                                            PfSense running on Qotom mini PC
                                            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                                            UniFi AC-Lite access point

                                            I haven't lost my mind. It's around here...somewhere...

                                            bmeeksB 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.