IPv6 WAN Track Interface not assigning addresses to LAN/Public LAN
-
@smitheo1 said in IPv6 WAN Track Interface not assigning addresses to LAN/Public LAN:
I was here to help the gentleman at the beginning of this thread.
I don't recall him asking to use NAT. You were the first to mention it. He was having issues and some of what he said indicates he doesn't fully understand how certain things work, such as not realizing that a link local address is entirely valid as a gateway address, as I have to my ISP. On my local network, the gateway is pfSense with an address fe80::1:1. Yep, that's another link local address as provided by pfSense to devices on my LAN. While the OP may have issues, NAT is not the answer.
As for myself, I have been working with networks, going back to 1978 (Air Canada reservation system on a proprietary Rockwell Collins network). I first learned about IPv4 in 1995, incidentally about the same time I first heard of IPv6. In addition to IP & Ethernet, I have also worked with SNA, token ring, DECnet and IPX. I also worked at IBM, providing 3rd level support, including on network issues. I have also completed network courses at a couple of local colleges and IBM, along with a lot of self study.
-
The biggest problem are dynamic prefixes. With that you can't assaign a static LAN interface. You also can't use NPt because pfSense can't handle with dynmic prefixes.
-
@mrsunfire said in IPv6 WAN Track Interface not assigning addresses to LAN/Public LAN:
The biggest problem are dynamic prefixes. With that you can't assaign a static LAN interface.
With DUID, the prefix should be essentially static. There's a setting "Do not allow PD/Address release" on the WAN page to prevent the prefix from being released.
-
True, but if the connection is failing for more than 1 hour my ISP give me a new prefix whatever I do.
-
@JKnott said in IPv6 WAN Track Interface not assigning addresses to LAN/Public LAN:
Here is my gateway: fe80::217:10ff:fe9a:a199
That sure looks like a link local address to me.That routes to nowhere. Quit kidding yourself.
-
@smitheo1 said in IPv6 WAN Track Interface not assigning addresses to LAN/Public LAN:
@JKnott said in IPv6 WAN Track Interface not assigning addresses to LAN/Public LAN:
Here is my gateway: fe80::217:10ff:fe9a:a199
That sure looks like a link local address to me.That routes to nowhere. Quit kidding yourself.
Here's what my computer, running Linux, shows:
ip -6 route show
2607:fea8:4c81:673::/64 dev eth0 proto kernel metric 256 expires 86389sec pref medium
fd48:1a37:2160::/64 dev eth0 proto kernel metric 256 expires 86389sec pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::1:1 dev eth0 proto ra metric 1024 expires 49sec hoplimit 64 pref mediumNotice that default route at the bottom? That's a link local address pointing to pfSense.
Now, on my pfSense box for the default route to my ISP:
/root: route -6 show default
route to: default
destination: default
mask: default
gateway: fe80::217:10ff:fe9a:a199%re0
fib: 0
interface: re0
flags: <UP,GATEWAY,DONE>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1500 1 0Take a look at the gateway. That's also a link local address, pointing to my ISP.
On IPv6, link local addresses are often used for routing, as shown in both examples above. With routing, all routing, all you need to know is how to get to the next hop. This could be a routeable address, link local address (IPv6 only) or in the case of a point to point link, the interface that connects to the next hop.
My pfSense box also has a routeable address, assigned by my ISP. However, it's a /128, which means it can't be used to communicate with anything, without being routed by pfSense.
Please stop proving you're clueless about IPv6.
-
Let me get this right.. Your suggesting the OP use whatever they want - ie just pull some address block out of the air and use it locally.. And then nat that to the IPv6 wan address he gets..
That is your solution?
Sorry dude but that is not a solution, that is a HACK... And not what the OP was asking for at all, that is not teaching anyone anything..
Why did this thread get brought back from the dead in the first place - this is from oct 2018??
If someone is having a problem with ipv6 working on pfsense, then it should be correctly troubleshot to figure out why.. Not setup some nonsense ipv6 nat..
-
@johnpoz said in IPv6 WAN Track Interface not assigning addresses to LAN/Public LAN:
ie just pull some address block out of the air and use it locally.. And then nat that to the IPv6 wan address he gets..
I guess this "engineer" hasn't heard of Unique Local Addresses, which is what would be used for that sort of thing.
-
^ exactly! suggesting they use part of the global space 2000/3 is just not right... 2000 has not been allocated yet.. Doesn't mean you can just freaking use whatever space you want in it.
Concur if you were going to do such a hack, which I wouldn't suggest at all. Then yes ULA space would be the way to go, prob look into central assigned... have to lookup the rfc - its to prevent overlap how you can run into with rf1918 space..
If what you want is to use ula internal - then sure go for it, and do your Npt with that.. If he is having issues with his isp and getting prefix to work, etc. I would bet some serious money its the isp doing something wrong! ;)
The correct solution would be to figure out what is wrong, so maybe the isp can be informed, pfsense can be setup to allow for whatever is causing the issue, etc. etc.
But no some nat to whatever his isp gives him via some /64 on his wan and natting that is not the path.. Might be something you could do if hey need this up NOW... But this isn't production, the OP has zero actual "need" for ipv6.. Since really nobody actually does.. Unless there was some black site p0rn site he needed to get to that only is on ipv6 ;)
So figure out what the actual problem is and fix correctly..
-
So much bad information in this thread. I'm locking it. Start another one with whatever the current problem is. Thanks.
