Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Private IPv6 addressing on my LAN?

    Scheduled Pinned Locked Moved IPv6
    15 Posts 6 Posters 11.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      solignis
      last edited by

      So…. yeah.  Comcast is telling me that do not allocate IPv6 blocks of any kind to residential connections. This I believe means I need to keep bugging them. I don't think the person I spoke to through their chat program knew what I was after.

      Just in case they say no, is there any other options I have?

      Can I do anything by requesting a prefix from them? I was able to get my router to do that and bind it to the WAN interface.

      1 Reply Last reply Reply Quote 0
      • P
        priller
        last edited by

        There is absolutely NO WAY Comcast is going to assign static IPv6 addressing to a residential customer.  What's wrong with a DHCP-PD /60?  Even business customers get their /56 via DHCP-PD.

        virgiliomi explained how it works very clearly.  It not like your DHCP-PD assignment is going to be changing.

        If you want true assigned static IPv6 address space, then you need to move to a tunnelbroker like Hurricane Electric.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          I am labbing this up right now using two pfSense VMs.  One posing as the ISP, the other as an ISP client.

          I am running into something I am not sure how to deal with.  That is DHCPv6/RA configuration for the ISP client's subnets.

          DHCPv6 is out because you can't set up DHCPv6 on a dynamic interface, which a "Track Interface/WAN" is.

          Because you can't get into that menu, you can't set any RA characteristics for that segment either.

          And while it will relieve us of NAT, we are still going to be stuck with Dynamic DNS if we are going to advertise any services at all.

          Just because DHCP-PD is the mechanism for setting the router's IPv6 addresses doesn't mean Comcast cannot say "This is your /60" and assign the same addresses every time.

          pfSense+IPv6.png
          pfSense+IPv6.png_thumb

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • H
            hda
            last edited by

            @Derelict:

            I am running into something I am not sure how to deal with.  That is DHCPv6/RA configuration for the ISP client's subnets.

            Indeed that should be available with dynamic too, if cascading is in the basic design specs. ?

            I.e. I have a cascaded setup with AVMfritzbox7360 and a pfSensebox. It works because the 7360 can act as a DHCPv6 server for the homenetwork, which has the pfSensebox among others.

            The 7360 gets its IPv6 (/48), "static", from ISP by delegation (PD) AIUI. Next the pfSensebox-LAN gets a /64 prefix (other subnet than 7360-LAN, decided/issued by 7360) from the 7360 with pfSense WAN DHCPv6(PD)+TrackIface.

            1 Reply Last reply Reply Quote 0
            • S
              solignis
              last edited by

              So I should be able to have my WAN interface grab an address from Comcast. Have the LAN interface track the interface. Then run RA on the LAN interface to divvy up the IPv6 subnet assigned to me to all of my LAN clients?

              So I have this right?

              1 Reply Last reply Reply Quote 0
              • H
                hda
                last edited by

                @solignis:

                So I should be able to have my WAN interface grab an address from Comcast. Have the LAN interface track the interface.

                Sofar yes.
                If Comcast says /60, then set pfSense-WAN DHCP6 and to /60 and "prefix hint". And set pfSense-LAN to Track Interface.

                Result should be the pfSense-LAN gets a /64 prefix assigned.
                The last 64 bits is for your client(s) using RA and SLAAC to have its/(their) own unique 128 bit number(s).

                1 Reply Last reply Reply Quote 0
                • S
                  solignis
                  last edited by

                  Ok I get it now… at least somewhat. Looks I got some configuration to play with tonight.

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    For what it's worth, I spent considerable time thinking I wasn't getting SLAAC when I checked the "Only request a IPv6 prefix, do not request a IPv6 address" box.  Status->Interfaces and the dashboard show the link-local address so I thought it was failing.  But the SLAAC address is assigned.  You just have to look at the ifconfig.

                    I have also taken to rebooting when changing these settings.  I don't think everything that needs to be reset is getting reset.  Seems to work fine once it's set.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • H
                      hda
                      last edited by

                      @Derelict:

                      I have also taken to rebooting when changing these settings.  I don't think everything that needs to be reset is getting reset.  Seems to work fine once it's set.

                      Important point. You have to respect the DHCP-server lease-time renewal and IP regs. pfSense-LAN does halfanhour. My ISP does 1h for prefix and 2 hours for acceptance of a new subnetvalue ( /57 ~ /63 ). So yes, if no respect then flush-all by rebooting.

                      1 Reply Last reply Reply Quote 0
                      • P
                        priller
                        last edited by

                        @Derelict:

                        DHCPv6 is out because you can't set up DHCPv6 on a dynamic interface, which a "Track Interface/WAN" is.

                        Because you can't get into that menu, you can't set any RA characteristics for that segment either.

                        There is a way to run DHCPv6 on a dynamic LAN interface.  It is probably considered unsupported and exploitation of a bug.  But, mine has been running this way for over a year.  This is with 2.1.x

                        1. Configure your LAN for a static IPv6 address (just make something up).

                        2. Enable DHCPv6 Server/RA.

                        3. Go back and change the LAN interface to dynamic with WAN Tracking.    It will prompt you to disable DHCPv6 Server.  Do so and then finish the LAN interface configuration.

                        config.xml will be left with a remnant like …

                         <dhcpdv6><lan><ramode>assist</ramode>
                        		<rapriority>high</rapriority>
                        		 <rainterface><radomainsearchlist><range><prefixrange><defaultleasetime><maxleasetime><netmask><failover_peerip><domain><domainsearchlist><ddnsdomain><tftp><ldap><nextserver><filename><rootpath><dhcpv6leaseinlocaltime>yes</dhcpv6leaseinlocaltime></rootpath></filename></nextserver></ldap></tftp></ddnsdomain></domainsearchlist></domain></failover_peerip></netmask></maxleasetime></defaultleasetime></prefixrange></range></radomainsearchlist></rainterface></lan> 
                        
                        4) The DHCPv6 Server will continue to run and hand out address on the dynamic IPv6 network.  To make any changes to the DHCPv6 Server/RA you need to directly edit the config.xml.
                        
                        **Caveats**
                        
                        + I have not tried to make a lot of edits to the config,  have just let it run on "auto-pilot".   No advanced configurations.
                        
                        + This is apparently "unsupported" and may stop working at anytime, due to code changes to the base system.
                        
                        + Not recommended to production environments.  
                        
                        **Other** 
                        
                        This explains why I noticed this behavior:  https://forum.pfsense.org/index.php?topic=83534.0
                        
                        It is possible that this behavior lead to major problem when I upgraded to 2.2-BETA:  https://forum.pfsense.org/index.php?topic=83256.0</dhcpdv6> 
                        
                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.