DHCP IPv6
-
Why would you be enabling dhcpv6 server on your "WAN" ???
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
Would it not be more hassle to use DHCP on LAN with IPv6?
-
Huh??
Your wan is the "internet" side, ie you get ipv6 address from your ISP.. You would normally then an IP range on your LAN side for your clients to use.. They would then get their IPv6 address via RA or dhcpv6, etc..
Why would you want to be serving dhcpv6 to devices on the wan (internet) side?
-
So that I don't have to bother with NAT.
I'm trying to provision IPv6 address's to my Proxmox (virtual machine) clients. -
What??
Don't even know what to say to something like that..
No ipv6 you don't need nat.. But your clients would be behind pfsense, ie on your LAN... the WAN side is the internet side, ie the network connection that gets you to other networks..
Please draw up how you have your stuff connected.. And where pfsense is in the mix.
-
-
I have been moving clients to WAN side for some time now to simplify VM management.
Firewall rules are now managed by Proxmox and pfsense is basically used only for routing. -
How and the F would that routing work?? Makes ZERO sense!
-
So I can't use DHCP6 on WAN side? Only on LAN?
-
Dude draw up you network!! You seem to have a MESS if you think you should be handing out dhcpv6 to the wan side of pfsense.
If you have clients on the wan side of pfsense any your routing them to pfsense wan to get out to the internet via some other device on pfsene wan its going to be an asymmetrical mess.
Even if your just routing to pfsense for networks behind pfsense, its going to be asymmetrical if you are not doing host routing on each devices in the wan network of pfsense.
Is your network something like this?
-
I only want pfsense to deliver IPv6 addresses. No routing, no NAT. No need to draw up network. If pfsense dies or malfunctions it won't kill client connectivity.
-
That is BORKED!!
So you want to use pfsense as just a dhcpv6 server? How do you think that will work as its RA would be handing clients self as a gateway.
If dhcpv6 dies, then yeah connectivity will die as well - since clients will not be able to get an IP.. etc..
Clients in IPv6 find their gateway via RA.. not dhcpv6.
-
I only want pfsense to deliver IPv6 addresses. No routing, no NAT. No need to draw up network. If pfsense dies or malfunctions it won't kill client connectivity.
Use DHCPv6-PD on the WAN. Use SLAAC or DHCPv6 on the LAN. The "PD" in DHCPv6-PD provides the prefix for use on your LAN. The only thing that should be on the WAN side is your ISP. The users MUST be on the LAN. If you put a DHCP server on the WAN side, you could be providing it to other customers, which means you could be disrupting their service. Most ISPs take a dim view of that!
Also, there is no need for NAT on IPv6. You should be getting a block of at least 2^64 address from your ISP, possibly many more. I get 256 /64 blocks with my /56 prefix.
-
Looks like he has a /48 from his ISP.
-
I do.
-
You could have a /32 from your ISP, has zero to do with any of this..
