DHCP IPv6

SamTzu

So that I don't have to bother with NAT.
I'm trying to provision IPv6 address's to my Proxmox (virtual machine) clients.

johnpoz

What??

Don't even know what to say to something like that..

No ipv6 you don't need nat.. But your clients would be behind pfsense, ie on your LAN... the WAN side is the internet side, ie the network connection that gets you to other networks..

Please draw up how you have your stuff connected.. And where pfsense is in the mix.

kiokoman

@johnpoz said in DHCP IPv6:

Why would you be enabling dhcpv6 server on your "WAN" ???

didn't noticed that

@SamTzu
you need to enable the dhcp on the lan side only, ipv6 does not need nat but your device that need the address are on the lan side not on the wan

SamTzu

I have been moving clients to WAN side for some time now to simplify VM management.
Firewall rules are now managed by Proxmox and pfsense is basically used only for routing.

johnpoz

How and the F would that routing work?? Makes ZERO sense!

SamTzu

So I can't use DHCP6 on WAN side? Only on LAN?

johnpoz

Dude draw up you network!! You seem to have a MESS if you think you should be handing out dhcpv6 to the wan side of pfsense.

If you have clients on the wan side of pfsense any your routing them to pfsense wan to get out to the internet via some other device on pfsene wan its going to be an asymmetrical mess.

Even if your just routing to pfsense for networks behind pfsense, its going to be asymmetrical if you are not doing host routing on each devices in the wan network of pfsense.

Is your network something like this?

SamTzu

I only want pfsense to deliver IPv6 addresses. No routing, no NAT. No need to draw up network. If pfsense dies or malfunctions it won't kill client connectivity.

johnpoz

That is BORKED!!

So you want to use pfsense as just a dhcpv6 server? How do you think that will work as its RA would be handing clients self as a gateway.

If dhcpv6 dies, then yeah connectivity will die as well - since clients will not be able to get an IP.. etc..

Clients in IPv6 find their gateway via RA.. not dhcpv6.

JKnott

@SamTzu said in DHCP IPv6:

I only want pfsense to deliver IPv6 addresses. No routing, no NAT. No need to draw up network. If pfsense dies or malfunctions it won't kill client connectivity.

Use DHCPv6-PD on the WAN. Use SLAAC or DHCPv6 on the LAN. The "PD" in DHCPv6-PD provides the prefix for use on your LAN. The only thing that should be on the WAN side is your ISP. The users MUST be on the LAN. If you put a DHCP server on the WAN side, you could be providing it to other customers, which means you could be disrupting their service. Most ISPs take a dim view of that!

Also, there is no need for NAT on IPv6. You should be getting a block of at least 2^64 address from your ISP, possibly many more. I get 256 /64 blocks with my /56 prefix.

NogBadTheBad

@JKnott

Looks like he has a /48 from his ISP.

SamTzu

I do.

johnpoz

You could have a /32 from your ISP, has zero to do with any of this..