Which IP adress should I assign to the opt(VLAN) interfaces?
-
Hi,
my WAN interface has a public ipv6 IP assign by DHCPv6 (provider). But which IP adress should I assign to my local OPT (VLAN) interfaces? A link local, unique local or a public IP adress? Please keep to things in mind: every PC in my network should obtain a public IPv6 Adress and every OPT should be an isolated subnet (with optional routing between them)
What's the proper way to do it?
-
@Thisisme
I assume you're getting something larger than a single /64 from your ISP. If so, then on each interface, select an "IPv6 Prefix ID". Use a different one for each interface. The main LAN is typically 0, though it doesn't have to be and choose whatever you want for the other interfaces. Since I get a /56 from my ISP, I can choose anything from 0 to ff for the prefix ID.
-
Yes I get something larger than /64. The IP of the WAN interface is assigned via the provider DHCPv6. But to enable LAN DHCPv6 I have to assign an IPv6 to the LAN (OPT) interface of pfsense. My public IPv6 Prefix isn't static so I can't assign a static IP to the LAN interface of my pfsense. If I select the option "via DHCPv6" I can't select the subnet I want to have.
Can I use something like Prefix delegation for the WAN (OPT) interfaces of pfsense?
-
@Thisisme said in Which IP adress should I assign to the opt(VLAN) interfaces?:
my WAN interface has a public ipv6 IP as
I just split my /48 into /64's.
xxxx:xxxx:xxxx:1::/64 LAN
xxxx:xxxx:xxxx:2::/64 USER. << vlan2
xxxx:xxxx:xxxx:3::/64 GUEST << vlan 3etc ...
-
@Thisisme
The typical method is with DHCPv6-PD. This provides a WAN address and prefix for the LAN. You can specify the prefix size, up to what the ISP provides, on the WAN page with the "DHCPv6 Prefix Delegation size" setting. On the same page, you can select "Do not allow PD/Address release", so that you should always get the same prefix. All interfaces work the same way. You just have to choose a different prefix ID. If after all that, your prefix still changes, you can also use Unique Local Addresses, in addition to the global addresses. ULA are similarr to the IPv4 RFC 1918 addresses in that they're not routeable over the Internet.
-
@JKnott So there ist no way to assign the Prefix of the pfsense LAN interface dynamic like this
[dynamic provider Prefix from the WAN /57] + [my own static Prefix for the subnet /7] + [static device part /64] (first part is dynamic and comes from the provider dhcp, second part is defined by me, third part: I don't care how it is defined]
-
@Thisisme said in Which IP adress should I assign to the opt(VLAN) interfaces?:
@JKnott So there ist no way to assign the Prefix of the pfsense LAN interface dynamic like this
[dynamic provider Prefix from the WAN /57] + [my own static Prefix for the subnet /7] + [static device part /64] (first part is dynamic and comes from the provider dhcp, second part is defined by me, third part: I don't care how it is defined]
Yes, I already told you. When you select the prefix ID for an interface, you are specifying part of the prefix. With a /57, you have 128 /64s to choose from. You then assign whatever prefix ID you want to each interface. Also, the prefix has absolutly nothing to do with the WAN IP address. Try setting up just the LAN with prefix ID 0. Any device attached to the LAN will receive that prefix. You can then enable another interface and assign it a different ID. It is always your choice of those 128 prefixes you want to use, on any interface. In this way, a device address will consist of 57 bits from your assigned prefix, 7 bits from your choice of prefix ID and 64 bits for the device.
-
Maybe you don't understand me. Maybe I don't understand you. Forget a moment about the DHCPv6 for the LAN. I can't setup a DHCP if the interface hasn't an ip adress. So there is NO DHCP beside the one from the provider. (No DHCP I can set/define/change anything. NO DHCP any client could contact)
Anyway I have to set the IP Adress of the LAN interface. But I can't set it static because the provider Prefix (/57) changes regulary. So I can't set a static IP. I can't setup a DHCP and I want to assign a public IP to the LAN interface. If I can't use a static IP the only other option I can choose for the LAN Interface is "request an IP as DHCP CLIENT". When I enable this option I can't set define the last /7 anywhere. So this isn't an option either.
If you answered this please tell me which buttons I have to press in the pfsense GUI. Maybe I understand you then.
//edit
I'm taking about the option marked in this Screenshot
Today my Prefix starts with 2001:. Maybe tomorrow it's 4001: (I took the Screenshot from Google. I know 2001: is a reserved adress. Just assume it's 3001 today and 4001 tomorrow)
-
@Thisisme
I mentioned that "Do not allow PD/Address release" on the WAN page. Is that enabled? If not, your prefix may change. As for IPv6 connection type, I use DHCP6. On the LAN page, I have IPv6 configuration type set to track interface. You shouldn't need to set up a static config, as everything is handled by DHCPv6-PD.
Also, any reason why your MTU is set to 9000? Unless your ISP supports that, you will cause problems.
-
@JKnott I finally figured it out. "Track Interface" is the option that seems to be the right way to solve my problem.
