Just want IPv6 on LAN for now - is this correct?
-
Also if you go to assisted mode your devices may get multiple iPv6 addresses.
Just changed my network from managed to assisted, lol my iPad now has 3 IPv6 addresses.
Back to managed it is for me :)
-
What clients are you using on this network, windows what? Linux?
Actually just windows 2016 servers. There are windows PCs too (7, 8 and 10) but not bothered about them.
Why do you want to use IPv6 locally? Seems pointless.. Locally ipv6 would just use the link local addresses out of the box.. What IPv6 range are you going to use - some ULA?
I don't really want to enable ipv6, it's a bit forced on me as the network has AD, sharepoint and exchange server (2016) and the best practice is that these only behave nicely when ipv6 is enabled.
Appreciate the advice from you both.
-
I'm with johnpoz here. Just about all operating systems and devices will assume that if there's an IPv6 address assigned to the system there is also a working IPv6 gateway (well more like they don't care because the existence of a gateway is never the concern of an application) and you'll get all kinds of problems when applications that expect a fully working dual-stack IPv4/IPv6 can't get anywhere with IPv6 and fall back to IPv4 only after timeouts occur.
-
OK let me come at this a different way.
Let's say I keep ipv6 off the router completely - how can I make the network assume it's a 64 bit subnet prefix?
I realise this isn't a pfsense question but maybe someone else has had this requirement previously -
Wouldn't it be defined by the DHCP server ?
-
If you're not using SLAAC or DHCPv6 there's nothing that would tell the clients what the available prefixes are, you're then down to manual configuration on the clients.
-
OK thanks for all the input.
For now I will leave ipv6 off the pfsense until I am ready to route through it.
Will deal with my issues (actually dhcp forcing a 128 bit prefix on my server) another route (pun intended).
-
Not sure where you think you need IPv6 for your servers or exchange to work? Seems you don't have ipv6 now and are things working?
MS can say you should have IPv6 all they want - doesn't make it actually true ;) There is no "requirement" that ipv6 be enabled for anything you have mentioned to work.
Now if you wanted to use say directaccess or something - then ok.. But then you would need ipv6 to the internet, not just local. Can tell you for fact that in my org, try as might to get some ipv6 going. IPv6 is not setup on any client, nor any servers and there for sure isn't any dhcpv6 setup and it sure and the hell does not route between all the server segments and user segments, etc. And sharepoint and exchange work just freaking fine ;)
-
I don't believe everything I read on the internet - other than this particular forum of course - but this is an example of myraid posts saying almost the same thing:
http://www.anexinet.com/blog/ipv6-its-here-to-stay-and-if-you-want-to-use-exchange-you-better-get-used-to-it/
-
I don't believe everything I read on the internet - other than this particular forum of course - but this is an example of myraid posts saying almost the same thing:
http://www.anexinet.com/blog/ipv6-its-here-to-stay-and-if-you-want-to-use-exchange-you-better-get-used-to-it/
It's really sad that people have no idea of what they are talking about but yet pose as experts of the field making claims that are clearly not researched at all.
The IPv6 implementation in MS Windows is no different to let's say the one in FreeBSD or Linux and applications determine the need to use IPv6 based on configured IPv6 addresses on the system and if the IPv6 features are on or off on the interface(s). On FreeBSD and pfSense for example the interfaces can be in IFDISABLED state and this tells the applications (indirectly with the assistance of the OS) that IPv6 is not usable and the application drops the attempt to bind to an IPv6 socket. Applications running on MS Windows follow the same pattern when they decide if IPv6 is available or not.
There is of course the possibility that MS Exchange developers are also morons, it's not unheard of but dealing with the dual stack IPv4/IPv6 properly is not rocket science anymore and the procedures are well documented by now.
-
While I completely agree IPv6 is here to stay, and yes you would be better off joining the fun. That does not mean the same thing as requirement for something to function.
IPv6 is a bit more involved then just a longer IPv4 address ;) So until such time you are fully up to speed on all the things that change with the use of IPv6 - creating something that would require it to function for stuff like exchange and sharepoint, AD would be beyond stupid. Not saying MS has not pulled their fair share of utter bat shit crazy shit ;) But talk about shooting yourself in the freaking foot if you required IPv6 for exchange to work ;)
I am on exchange now – do you see an IPv6 address on my machine? Also joined to AD domain, also access sharepoint ;)
While a very large portion of the internet does have ipv6 access - there are plenty of spots and companies and networks that do not.. So if exchange "required" ipv6 to work.. How exactly would it talk to the large chunk of the internet that does not have ipv6 connectivity?
While the ipv6 adoption grows with every passing day, it is far from complete - shoot many isps don't even know how to correctly deploy it. Recent multiple threads about them require NDP proxy, directly assigning customers /48 without any sort of transit, etc. etc.
I would highly suggest you spend some time learning about all the new stuff that ipv6 brings/changes before any attempt at deployment on your network.
-
For now I will leave ipv6 off the pfsense until I am ready to route through it.
Keep in mind that you can have a descent IPv6 setup even when your ISP is still "thinking about it" or "trying to make it roght in 202x".
Drop in over here :https://www.tunnelbroker.net/
Know that pfSense has everything on board to make a connection to "he.net". "he.net" will give you a full /64 - no - better - a full /48.https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker
Most of my devices (PC's - smartphones - printers, whatever) grab a IPv4 and a IPv6 now.
It takes some time to set it all up, IPv6 is more as an "IPv4 with more bits", I advise you to take this course : https://ipv6.he.net/certification/ - when done they WILL send you a nice T-Shirt (no joke). -
^ Agreed HE is a great place to get started with IPv6.. Be it your isp has not started with IPv6, or they are doing something stupid or just not stable, etc.
HE is rock solid stable. And yes you can get a /48 clickity clickity.. And you can even edit the PTRs for these IPv6 - many a isp will not do that for you..
I love my t-shirt.. While their certification is not the end all sort of thing, it is a great way to get you exposed to the different aspects of ipv6 and you will have to demonstrate that you can perform certain things via IPv6 like run a web server on it, email server - setup glue on your domain, etc.. To get your sage and then free tshirt. If you have a good handle on ipv6 already you can do it couple of hours on a lazy sunday afternoon while you suck down beers ;) That is how I got mine back in Jan of 2011.. I still sport the tshirt when at geeky sort of functions - even though it is starting to show its age ;)
https://ipv6.he.net/certification/scoresheet.php?pass_name=johnpoz -
For now I will leave ipv6 off the pfsense until I am ready to route through it.
Keep in mind that you can have a descent IPv6 setup even when your ISP is still "thinking about it" or "trying to make it right in 202x".
Drop in over here :https://www.tunnelbroker.net/
Know that pfSense has everything on board to make a connection to "he.net". "he.net" will give you a full /64 - no - better - a full /48.https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker
Most of my devices (PC's - smartphones - printers, whatever) grab a IPv4 and a IPv6 now.
It takes some time to set it all up, IPv6 is more as an "IPv4 with more bits", I advise you to take this course : https://ipv6.he.net/certification/ - when done they WILL send you a nice T-Shirt (no joke). -
HE.net sounds like a great resource once I get time to throw myself into the world of 128 bits.
Being in the UK, can you explain about Hurricane Electric? Their name pops up all over the place while I've been conifguring the pfsense, pfblocker, etc. They are obviously a major player on the "internetz" yet their website looks like it's from the 90s (not in a clean functional way but in an old fashioned designed by a student way), and the News page was last updated in 2014, and FAQ wiki in 2015.
I had the original impresion they were a power company who branched out into IP services but that's probably just a misinterpretation due to the name.
-
….. yet their website looks like it's from the 90s (not in a clean functional way but in an old fashioned designed by a student way), and the News page was last updated in 2014, and FAQ wiki in 2015.
Their site tend to be accessible for any device - any country, not only the most recent gadgets we use to surf on the net.
You only visit their site twice :- Sign up and do the thing : https://ipv6.he.net/certification/
- When done with 1), sign up https://www.tunnelbroker.net/ and enjoy your /48
I had the original impresion they were a power company who branched out into IP services but that's probably just a misinterpretation due to the name.
https://www.he.net/about_us.html
-
As to visiting the site only twice - I find myself using their looking glass interface now and then https://lg.he.net/ very handy… And if your leveraging their FREE dns you will need to go there, or if you want to edit any of your IPv6 PTR records.
So prob a bit more than twice for some of us ;)
BTW they also make a handy app for your iphone/android
http://networktools.he.net/
