ISP Delegates /64 Multiple Times But No /56 or /60

vader9000

@Bob-Dig

The only one it works is /64
wen i go /63 / 62 /60 /56 it doesn't work

Bob.Dig

@vader9000 said in ISP Delegates /64 Multiple Times But No /56 or /60:

The only one it works is /64
wen i go /63 / 62 /60 /56 it doesn't work

Then your out of luck I think.

vader9000

@Bob-Dig

Thank You

I was hoping that maybe could be possible to make the requests coming from the other interfaces look like different devices ... maybe vlans on the wan side ... i don't know that's beyond my abilities.

Thanks just the same
FC

Bob.Dig

@vader9000 Now what you can do is trying NAT with NPt. This will work ok with outbound connections but only partially with unsolicited inbound connections.

vader9000

@Bob-Dig

Can you please explain how i can do that on the pfsense so i can give it a try.

thks

Bob.Dig

@vader9000 Check the docs.
You have to roll out ULAs on all other Interfaces but the LAN, which still gets the one /64 that is working for you.

One example:

You have to create these rules for every other interface than LAN and change the Source accordingly.

vader9000

@Bob-Dig

Thank You Im Going to Try it

vader9000

@Bob-Dig

On The Interface Lets call it TEST(igb1.5) VLAN tag 5 i Set the interface as STATIC IPV6?
If so wen the ISP changes the ips for the router this will stop working correct?

Bob.Dig

@vader9000 said in ISP Delegates /64 Multiple Times But No /56 or /60:

On The Interface Lets call it TEST(igb1.5) VLAN tag 5 i Set the interface as STATIC IPV6?

Yes and you give it an ULA with /64 like shown above.

If so wen the ISP changes the ips for the router this will stop working correct?

No, LAN is still handled via Track Interface so in general it should work.

JKnott

@Bob-Dig said in ISP Delegates /64 Multiple Times But No /56 or /60:

You have to roll out ULAs on all other Interfaces but the LAN, which still gets the one /64 that is working for you.

Actually, you can add ULA to the LAN, along with GUA. In fact, I don't think ULA is allowed to route to GUA addresses.

Using Unique Local Addresses

vader9000

@Bob-Dig

Hello,

Thank you for the help, I managed to get it working on my test box so I will be setting up my live box.

Best regards,
FC

Bob.Dig

@JKnott said in ISP Delegates /64 Multiple Times But No /56 or /60:

Actually, you can add ULA to the LAN, along with GUA.

True but at least with Track Interface you need a patch for pfsense and this patch is only working partially.

In fact, I don't think ULA is allowed to route to GUA addresses.

Someone has to test this. I ditched my ULAs because of the mentioned problems, so it won't be me.

JKnott

@Bob-Dig said in ISP Delegates /64 Multiple Times But No /56 or /60:

Someone has to test this.

RFC 6724 describes priority when you have multiple addresses to choose from, but doesn't appear to get into the GUA <> ULA situation. However, I seem to recall reading elsewhere that it wasn't allowed. Can't say for certain though.

Anyway, I have both GUA and ULA on my subnets.

JKnott

@Bob-Dig said in ISP Delegates /64 Multiple Times But No /56 or /60:

Someone has to test this.

I just did and I can reach ULA from GUA. I tested from my VPN, which only has GUA to my desktop computer and it's ULA address.