Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 EUI-64??

    Scheduled Pinned Locked Moved IPv6
    32 Posts 5 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JonathanLeeJ
      JonathanLee @johnpoz
      last edited by JonathanLee

      @johnpoz test it you can see the DUID change and it will show a MAC address. The only reason pfSense would let you adapt the DUID in that way is to save time with static IPv6 dhcp addressing. If the directives are turned on the MAC address is inside the DUID in clear text without it on it’s seems to only include two parts of the MAC address in DUID on my system. New to me… again I could be wrong. PfSense would allow you adapt the DUID, just like pfSense gives you the ability to create private addresses and subnets. this adjustment is on the IPv6 dhcp so it’s this is used for private addresses or lan side assignments side. With Non SLAAC.

      Is SLAAC public assignments? SLAAC is stateless management right?

      I am talking about dhcp of ipv6 where duid is used. They have an algorithm that does not mask the MAC address makes it clear in duid before the ipv6 dhcp lease and creations.

      IMG_0982.jpeg
      https://datatracker.ietf.org/doc/html/rfc6939
      https://datatracker.ietf.org/doc/html/rfc6355
      https://www.rfc-editor.org/rfc/rfc8415

      They do have RFC info for DUID and Mac addressing. IPv6 still makes my head hurt. Again If you can spoof a Mac what good is the secure side of it …

      Make sure to upvote

      1 Reply Last reply Reply Quote 0
      • JonathanLeeJ
        JonathanLee @johnpoz
        last edited by

        @johnpoz your right they do change the MAC addresses your right they also spoof them today. Again if a 48 mac is hard coded into a network interface there must be a way to know the differences. Vendor ID is key

        Make sure to upvote

        JKnottJ 1 Reply Last reply Reply Quote 0
        • JKnottJ
          JKnott @JonathanLee
          last edited by

          @JonathanLee said in IPv6 EUI-64??:

          Don’t quote me on this part, I think every IPv6 has the MAC address ciphered into the address temp or not it just is masked better.

          Ooops! I quoted you! 😉

          An IPv6 address can use either the MAC address or a random number, your choice. As I mentioned, with SLAAC, you can have up to 8 global addresses. One is consistent and would be used for servers, etc.. The other 7 are always based on a random number and used when you connect to somewhere else. So, when you go to a web site, you will be using the most recent of the 7 temporary addresses.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 1
          • JKnottJ
            JKnott @JonathanLee
            last edited by

            @JonathanLee said in IPv6 EUI-64??:

            Vendor ID is key

            So, you're saying a vendor couldn't make, for example, both an Ethernet and Firewire interface? I doubt it.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            JonathanLeeJ 1 Reply Last reply Reply Quote 0
            • JonathanLeeJ
              JonathanLee @JKnott
              last edited by

              @JKnott part of the 48 bit MAC address has vendor information you can use part of the 48 bit mac and find who made the device by way of online database.

              Make sure to upvote

              johnpozJ JKnottJ 2 Replies Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @JonathanLee
                last edited by

                @JonathanLee pretty sure kea dhcpv6 allows for reservation of ipv6 via mac vs duid.. If that will help you out.. at some point here that will prob make it to pfsense integration.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                JonathanLeeJ 1 Reply Last reply Reply Quote 1
                • JonathanLeeJ
                  JonathanLee @johnpoz
                  last edited by

                  @johnpoz I made a feature request for it but

                  https://redmine.pfsense.org/issues/15632

                  Jim pingle closed it

                  Make sure to upvote

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @JonathanLee
                    last edited by

                    @JonathanLee its not going to do it for any IP out of the pool.. It would be for a reservation..

                    https://kb.isc.org/docs/what-are-host-reservations-how-to-use-them

                    hardware address is one of the options of the host-reservation-identifiers

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    JonathanLeeJ 1 Reply Last reply Reply Quote 0
                    • JonathanLeeJ
                      JonathanLee @johnpoz
                      last edited by

                      @johnpoz maybe I should reopen it as a host reservation feature request

                      Make sure to upvote

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator @JonathanLee
                        last edited by

                        @JonathanLee not even sure why you are putting in a feature request at this point.. I would wait til kea is out of preview.. I would think since it is a clearly defined option in kea, that it would most likely be available once they out of preview mode for kea.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 1
                        • JKnottJ
                          JKnott @JonathanLee
                          last edited by

                          @JonathanLee

                          Yes, I've been aware of that for coming up on 30 years.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.