Configure IPv6 on multiple LAN interfaces
-
I don't show a subnet mask IPv6 on my WAN interface.
I don't think I picked anything on Router Advertisement other than default.
Here's the one for LAN.
Here's my DMZ (called WWW).
Here's my LAN config. It shows a /60 (probably because that's what I put in the settings).
My windows (netstat -rn) shows a /60 as well.
-
@DrPhil well that is wrong.. A /60 on an interface is wrong, the only thing that should be on a interface unless like a wan link should be a /64
If you want a simple solution - I always got frustrated with isp deployment of IPv6, is just run a HE tunnel.. You get a /48 and stuff is static assigned by you ;)
And my current isp doesn't even have IPv6, but I still do via HE.
-
I think my /60 DHCPv6 Prefix Delegation size on the WAN interface was causing some issues. I changed it to 56.
And also the 0 prefix ID for LAN was throwing someone off. I changed it to 1 (and just for fun, DMZ to f).
Now my LAN and DMZ are both showing a subnet mask of 64.
Now all seems to be working fine (I've thought that before as well, so can't be too sure).
My clients on LAN show three global dynamic v6 IPs. One is /64, two are /128.
My Linux client on DMZ shows two global dynamic v6 IPs. One is /64, other is /128. Both show as noprefixroute.
I am able to ping from LAN to DMZ (by default it's v6 now), and access websites hosted on the Linux server from LAN (besides browser, also checked with curl -6).
I'll test some more, but I think I got where I wanted to. Thank you @johnpoz and @JKnott so much!
-
@DrPhil yeah temp IPv6 ips can come up with those /128.. I always disable using temp Ipv6.. Not a fan ;)
So your all sorted - good to hear!
-
@DrPhil said in Configure IPv6 on multiple LAN interfaces:
My clients on LAN show three global dynamic v6 IPs. One is /64, two are /128.
I have never seen a /128 on my LAN, only on the WAN interface.
Here are my ULA addresses:
ifconfig|grep fd48
inet6 fd48:1a37:2160:0:9d7c:5104:f34a:6866 prefixlen 64 scopeid 0x0<global>
inet6 fd48:1a37:2160:0:b9f:591:2bc7:d579 prefixlen 64 scopeid 0x0<global>
inet6 fd48:1a37:2160:0:ef38:748:d8d8:af1a prefixlen 64 scopeid 0x0<global>
inet6 fd48:1a37:2160:0:8799:673:5d34:d481 prefixlen 64 scopeid 0x0<global>
inet6 fd48:1a37:2160:0:76d4:35ff:fe5b:f5fa prefixlen 64 scopeid 0x0<global>
inet6 fd48:1a37:2160:0:10a7:8006:82e8:8b9e prefixlen 64 scopeid 0x0<global>Not a single /128 among them. Same with my GUA.
Do you have something else that's assigning those /128s?
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
Do you have something else that's assigning those /128s?
What could it be?
-
@JKnott said in Configure IPv6 on multiple LAN interfaces:
have never seen a /128 on my LAN
See my output above - while I get my /64, there are 2 temp addresses there that are /128
This is a windows 10 machine, I normally would disable temp addresses on them.. But was playing with something a while back with Ipv6 and had reset windows network stack, etc.
-
I just checked on Windows 10 and also see /128, where I should see /64. I guess this is another example of where Microsoft does something weird (stupid?). Again, you should not see /128 on a LAN. Linux & pfSense (FreeBSD) show the correct /64.
-
@JKnott not going to disagree with you.. Was just pointing out that you can see that.. In MS infinite wisdom they don't even show you the prefix just looking at the IPs.. with say ipconfig, to see the prefix for IPv6 you have to look at the routing table..
I mean - sure the prefix should pretty much always be a /64, so I could see maybe leaving it off - but why not just show it.. So its easy to see there is a 64 on there and not some issue like what the OP was having with a /60 etc.
BTW if you couldn't tell my MS comment and wisdom is being sarcastic - heheh
-
@DrPhil said in Configure IPv6 on multiple LAN interfaces:
Hi,
I am trying to configure IPv6 on multiple LAN interfaces (LAN and DMZ).
Did you ever get this sorted? The thread seemed to peter out at the end...
What works for me on Verizon FIOS
Interfaces / Wan
- IPv4 Configuration Type dhcp
- IPv6 Configuration Type dhcp6
- DHCPv6 Prefix Delegation size 56
- Send IPv6 prefix hint checked
- Do not wait for a RA checked
it ends up looking a bit weird -- only a link local (FE80::something) configured on the Wan interface, but it works (you can probably find the RFC about using only ipv6 link local addresses on routers - I'm not going to bother searching)
Then on the LAN interfaces
- IPv6 Configuration Type Track interface
and under "Track IPv6 Interface" - IPv6 Interface WAN
- IPv6 Prefix ID <pick a unique number -- I like using the vlan #>
Then under "Services / DHCPv6 Server"
- DHCPv6 Server gets checked
- Range pick something
- Prefix Delegation Size is 64
- Default lease time I used the 7200 default
- Max lease time I went with 28800. I started with one day but the dhcpv6 address occasionally showed up as deprecated and 'valid_lft forever preferred_lft 0sec'
Hopefully that's a good enuf description :)
