Private IPv6 addressing on my LAN?
-
So…. yeah. Comcast is telling me that do not allocate IPv6 blocks of any kind to residential connections. This I believe means I need to keep bugging them. I don't think the person I spoke to through their chat program knew what I was after.
Just in case they say no, is there any other options I have?
Can I do anything by requesting a prefix from them? I was able to get my router to do that and bind it to the WAN interface.
-
There is absolutely NO WAY Comcast is going to assign static IPv6 addressing to a residential customer. What's wrong with a DHCP-PD /60? Even business customers get their /56 via DHCP-PD.
virgiliomi explained how it works very clearly. It not like your DHCP-PD assignment is going to be changing.
If you want true assigned static IPv6 address space, then you need to move to a tunnelbroker like Hurricane Electric.
-
I am labbing this up right now using two pfSense VMs. One posing as the ISP, the other as an ISP client.
I am running into something I am not sure how to deal with. That is DHCPv6/RA configuration for the ISP client's subnets.
DHCPv6 is out because you can't set up DHCPv6 on a dynamic interface, which a "Track Interface/WAN" is.
Because you can't get into that menu, you can't set any RA characteristics for that segment either.
And while it will relieve us of NAT, we are still going to be stuck with Dynamic DNS if we are going to advertise any services at all.
Just because DHCP-PD is the mechanism for setting the router's IPv6 addresses doesn't mean Comcast cannot say "This is your /60" and assign the same addresses every time.
-
I am running into something I am not sure how to deal with. That is DHCPv6/RA configuration for the ISP client's subnets.
Indeed that should be available with dynamic too, if cascading is in the basic design specs. ?
I.e. I have a cascaded setup with AVMfritzbox7360 and a pfSensebox. It works because the 7360 can act as a DHCPv6 server for the homenetwork, which has the pfSensebox among others.
The 7360 gets its IPv6 (/48), "static", from ISP by delegation (PD) AIUI. Next the pfSensebox-LAN gets a /64 prefix (other subnet than 7360-LAN, decided/issued by 7360) from the 7360 with pfSense WAN DHCPv6(PD)+TrackIface.
-
So I should be able to have my WAN interface grab an address from Comcast. Have the LAN interface track the interface. Then run RA on the LAN interface to divvy up the IPv6 subnet assigned to me to all of my LAN clients?
So I have this right?
-
So I should be able to have my WAN interface grab an address from Comcast. Have the LAN interface track the interface.
Sofar yes.
If Comcast says /60, then set pfSense-WAN DHCP6 and to /60 and "prefix hint". And set pfSense-LAN to Track Interface.Result should be the pfSense-LAN gets a /64 prefix assigned.
The last 64 bits is for your client(s) using RA and SLAAC to have its/(their) own unique 128 bit number(s). -
Ok I get it now… at least somewhat. Looks I got some configuration to play with tonight.
-
For what it's worth, I spent considerable time thinking I wasn't getting SLAAC when I checked the "Only request a IPv6 prefix, do not request a IPv6 address" box. Status->Interfaces and the dashboard show the link-local address so I thought it was failing. But the SLAAC address is assigned. You just have to look at the ifconfig.
I have also taken to rebooting when changing these settings. I don't think everything that needs to be reset is getting reset. Seems to work fine once it's set.
-
I have also taken to rebooting when changing these settings. I don't think everything that needs to be reset is getting reset. Seems to work fine once it's set.
Important point. You have to respect the DHCP-server lease-time renewal and IP regs. pfSense-LAN does halfanhour. My ISP does 1h for prefix and 2 hours for acceptance of a new subnetvalue ( /57 ~ /63 ). So yes, if no respect then flush-all by rebooting.
-
DHCPv6 is out because you can't set up DHCPv6 on a dynamic interface, which a "Track Interface/WAN" is.
Because you can't get into that menu, you can't set any RA characteristics for that segment either.
There is a way to run DHCPv6 on a dynamic LAN interface. It is probably considered unsupported and exploitation of a bug. But, mine has been running this way for over a year. This is with 2.1.x
-
Configure your LAN for a static IPv6 address (just make something up).
-
Enable DHCPv6 Server/RA.
-
Go back and change the LAN interface to dynamic with WAN Tracking. It will prompt you to disable DHCPv6 Server. Do so and then finish the LAN interface configuration.
config.xml will be left with a remnant like …
<dhcpdv6><lan><ramode>assist</ramode> <rapriority>high</rapriority> <rainterface><radomainsearchlist><range><prefixrange><defaultleasetime><maxleasetime><netmask><failover_peerip><domain><domainsearchlist><ddnsdomain><tftp><ldap><nextserver><filename><rootpath><dhcpv6leaseinlocaltime>yes</dhcpv6leaseinlocaltime></rootpath></filename></nextserver></ldap></tftp></ddnsdomain></domainsearchlist></domain></failover_peerip></netmask></maxleasetime></defaultleasetime></prefixrange></range></radomainsearchlist></rainterface></lan> 4) The DHCPv6 Server will continue to run and hand out address on the dynamic IPv6 network. To make any changes to the DHCPv6 Server/RA you need to directly edit the config.xml. **Caveats** + I have not tried to make a lot of edits to the config, have just let it run on "auto-pilot". No advanced configurations. + This is apparently "unsupported" and may stop working at anytime, due to code changes to the base system. + Not recommended to production environments. **Other** This explains why I noticed this behavior: https://forum.pfsense.org/index.php?topic=83534.0 It is possible that this behavior lead to major problem when I upgraded to 2.2-BETA: https://forum.pfsense.org/index.php?topic=83256.0</dhcpdv6> -
