WAN with /64 Delegation
-
@JKnott said in WAN with /64 Delegation:
The gateway should be provided automagically by pfSense, using router advertisements.
That is true, you should activate Services>Router Advertisement on all interfaces with IPv6. Unmanaged probably will do.
-
@Bob-Dig
I'm using RA in Managed mode. I also have enabled DHCPv6 Relay. I have a DHCP server that hands out IPv6 addresses because I prefer to have managed IPv6 addresses so I know the IPv6 address of each client statically. I then assign IPv6 addresses based on UUID.My servers I have set for STATIC IPv6 addresses instead of DHCP.
Only problem I have seen with this setup is some devices (Like Google Display Hub) do not get an IPv6 address. I am not really sure as to why though since all my Windows/Linux devices can get an IP via my IPv6 DHCP Server.
-
@meluvalli said in WAN with /64 Delegation:
I have a DHCP server that hands out IPv6 addresses because I prefer to have managed IPv6 addresses so I know the IPv6 address of each client statically.
I only do that for my servers. But in a NAT scenario I wouldn't care.
Thanks to @JKnott everyone around here knows that Android is not supporting DHCPv6.
-
Yah. I think I remember reading that somewhere :) But, my AppleTV doesn't either (Odd considering my Macbook and iPhone both do though.). So... Google isn't alone...
-
@meluvalli said in WAN with /64 Delegation:
I have a DHCP server that hands out IPv6 addresses because I prefer to have managed IPv6 addresses so I know the IPv6 address of each client statically.
Use SLAAC. It just works. Thanks to some genius at Google, Android doesn't support DHCPv6. Also, with SLAAC, you get 1 consistent address, which can be based on the MAC address or a random number. You also get up to 7 privacy addresses, with a new one every day. The most recent is used for outgoing connections. Use the consistent address as static, as it is, unless you change the prefix.
-
@JKnott
On my network I am using dnsdist and use specific DNS servers based on source Address (local client). If I use SLAAC and the IPv6 address changes on the client, then dnsdist wouldn't be able to determine the client and would use the wrong DNS server for that client. That's why I am using DHCPv6 with assigned IPv6 addresses based on UUID. -
OT: Maybe you don't want IPv6...
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 -
@Bob-Dig
Why not? They apparently fixed it! ROFL :) -
@meluvalli said in WAN with /64 Delegation:
If I use SLAAC and the IPv6 address changes on the client, then dnsdist wouldn't be able to determine the client and would use the wrong DNS server for that client.
Make sure Advanced / Networking / Do not allow PD/Address release is selected. Otherwise your prefix will change. If your prefix is changing, it makes no difference whether you're using SLAAC or DHCPv6. As I mentioned, with SLAAC, you get a consistent address, which is what you point your DNS to. If your prefix still changes, despite that setting, then you may want to consider Unique Local Address, as they won't change unless you change them. You can have both global and ULA addresses on the same interface.
BTW, I've had the same prefix for around 5.5 years. It has survived changing, at different times, both my pfSense computer and modem.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@Bob-Dig said in WAN with /64 Delegation:
OT: Maybe you don't want IPv6...
Yeah, well who uses Windows anyway?
-
@JKnott said in WAN with /64 Delegation:
BTW, I've had the same prefix for around 5.5 years.
I have the same prefix since my parents met.
