Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    deprecated IPv6 address

    IPv6
    6
    16
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JeGrJ
      JeGr LAYER 8 Moderator
      last edited by

      @da370338 said in deprecated IPv6 address:

      each system will have two gateways as well - that's something i really want to avoid if somehow possible.

      Doesn't have to, depends on your setup.

      I want to use IPv6 without NAT

      I don't know how you even configured IPv6 with NAT?

      Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @da370338
        last edited by

        @da370338 said in deprecated IPv6 address:

        public addresses only and nothing else, but that's not possible with this provider.

        If your provider keeps changing your IPv6 prefix on you, and you telling pfsense not to release it, etc.. Then just get a tunnel from hurricane electric - now your IPv6 prefix, you can get a /48 from them even for free will be yours.. I have had the same IPv6 /48 from them since like 2011, and have changed multiple ISPs since then - my current isp doesn't even have ipv6 support.. Doesn't matter to me since I have my tunnel to HE and use my /48 however I want on my network, for my vpn clients, etc. etc.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        D 1 Reply Last reply Reply Quote 1
        • D
          da370338 @johnpoz
          last edited by da370338

          @JeGr well, basically the same way you would when using IPv4 - I just created a NAT rule like this and it works without any issues. fd00:6151:1337:181::/64 is my local prefix.

          NATv6.png

          However, as already mentioned I'm aware that this is not "best practice" and I tried a regular delegation for the internal network without NAT first, but I can't get it running. Here's what I did, maybe I forgot something?

          On the AVM device:

          • disabled unique local addresses (the device shall only use global addresses for delegation, but also tried with ULA enabled)
          • allowed ipv6 announcements of other gateways
          • enabled avertisement of the prefix (IA_PD)

          On pfSense:

          • set the WAN interface to DHCP6
          • Enabled "Use IPv4 connectivity as parent interface" (also tried with this option disabled)
          • Enabled "Request only an IPv6 prefix"
          • Set "DHCPv6 Prefix Delegation size" to 60 (my public prefix has a netmask of /56)
          • Enabled "Send IPv6 prefix hint"
          • Enabled "Do not allow PD/Address release"
          • Set the LAN interface IPv6 Configuration Type to "Track Interface" and the Tracking Interface to "WAN"
          • Enabled the DHCPv6 Server, set the Range from :: to ::ffff:ffff:ffff:ffff and set the Prefix Delegation Size to 64

          After this procedure, when I check Status > Interfaces I see no global or local IPv6 addresses anymore. Only the fe80:: / link local addresses are shown. My devices get no IPv6 addresses. I must be doing something totally wrong....

          Update: When i disable "Use IPv4 connectivity as parent interface", the WAN interface gets an IPv6 address. But this address still does not renew when I reconnect the AVM device. The old address is still shown as deprecated. I'm running our of ideas :(

          JeGrJ 1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott @da370338
            last edited by

            @da370338 said in deprecated IPv6 address:

            and I don't want to use both local and global addresses in parallel

            There is nothing wrong with doing that. IPv6 is designed to support it. As I mentioned, I have both on my LAN.

            There are a lot of differences in the way IPv4 and IPv6 do things and people just have to get used to the new ways of doing things. For example, with both GUA and ULA addresses and privacy addresses, after my computer has been up for a week, it will have 17 addresses, including link local. You'd never imagine doing such a thing with IPv4, but it's entirely normal with IPv6.

            Does your ISP say why they can't provided consistent prefixes?

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 1
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              @da370338 said in deprecated IPv6 address:

              my public prefix changes every 24 hours (provider limitation)

              If that is truly the case, your best bet is to use an HE.net tunnel and forget about that broken ISP implementation.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              D 1 Reply Last reply Reply Quote 0
              • D
                da370338 @Derelict
                last edited by da370338

                @Derelict said in deprecated IPv6 address:

                If that is truly the case, your best bet is to use an HE.net tunnel and forget about that broken ISP implementation.

                I have no doubts that this is a cool solution and it will sure work for me, but I would like to figure out which way I can go to get it running. But I think I will try it out, as soon as IPv6 works basically. At the moment, I can't get it working at all.

                @JKnott

                Does your ISP say why they can't provided consistent prefixes?

                No, they just don't offer this. I also thought it's not helpful to discuss this with the hotline guys. That might be a reason for me to change to another ISP, indeed. But then I have to switch to a business contract which is much more expensive. None of the ISPs in my country offer static addresses (IPv4 or IPv6) for standard contracts. I actualy have no idea why they can't just give a static prefix to everyone. It's not that hard!

                May I ask you guys to take a look at my procedure for prefix delegation in my post with the screenshot? A standard delegation should (in my opinion) work even with a dynamic prefix but it seems not to work at all. Is the procedure to configure prefix delegation and the tracking interface basically correct how I did it?

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  What I will say from my own personal experience is that most ISPs I have had to deal with, their IPv6 deployments are pretty shoddy at best... You would save yourself a whole lot of grief and aggravation by just going with HE..

                  I agree there is no reason why clients could not be given a /48 to use, that doesn't change.. Its not like there is a shortage of IPv6 space that the ISP has to work with..

                  The cost of IPv6 /24 is $4k a year from arin... That is 16 Million /48's pretty sure any ISP that is doing anything with IPv6 could afford that ;)

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  JKnottJ 1 Reply Last reply Reply Quote 1
                  • JKnottJ
                    JKnott @johnpoz
                    last edited by JKnott

                    @johnpoz said in deprecated IPv6 address:

                    What I will say from my own personal experience is that most ISPs I have had to deal with, their IPv6 deployments are pretty shoddy at best.

                    Quite so. As I described a while ago, I had problems with my ISP almost a year ago and I found myself having to teach the support people and tech about IPv6. They had a general idea, but didn't know enough to solve the problem.

                    @da370338

                    Many ISPs do not yet properly implement IPv6. There is absolutely no valid reason for your prefix to change daily. Either they're incompetent or they're being nasty. With my ISP, I get a /56 prefix which does not change and even on IPv4 my address rarely changes, to the point it's virtually static. So yes, you should contact their support and file a complaint about the prefix changing daily. If they tell you it's intentional, then you should take your business elsewhere and let them know why.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    1 Reply Last reply Reply Quote 0
                    • JeGrJ
                      JeGr LAYER 8 Moderator @da370338
                      last edited by

                      @da370338 said in deprecated IPv6 address:

                      On the AVM device:

                      • disabled unique local addresses (the device shall only use global addresses for delegation, but also tried with ULA enabled)
                      • allowed ipv6 announcements of other gateways
                      • enabled avertisement of the prefix (IA_PD)

                      On pfSense:

                      • set the WAN interface to DHCP6
                      • Enabled "Use IPv4 connectivity as parent interface" (also tried with this option disabled)
                      • Enabled "Request only an IPv6 prefix"
                      • Set "DHCPv6 Prefix Delegation size" to 60 (my public prefix has a netmask of /56)
                      • Enabled "Send IPv6 prefix hint"
                      • Enabled "Do not allow PD/Address release"
                      • Set the LAN interface IPv6 Configuration Type to "Track Interface" and the Tracking Interface to "WAN"
                      • Enabled the DHCPv6 Server, set the Range from :: to ::ffff:ffff:ffff:ffff and set the Prefix Delegation Size to 64

                      After this procedure, when I check Status > Interfaces I see no global or local IPv6 addresses anymore. Only the fe80:: / link local addresses are shown. My devices get no IPv6 addresses. I must be doing something totally wrong....

                      Update: When i disable "Use IPv4 connectivity as parent interface", the WAN interface gets an IPv6 address. But this address still does not renew when I reconnect the AVM device. The old address is still shown as deprecated. I'm running our of ideas :(

                      Don't know which provider it is in your case but with mine I use:

                      AVM: (activate advanced settings view first)

                      • Home Network > Network > Network Settings > IPv6-Addresses
                        • ULA: recommeded (first setting, use ULA as long as there's no IPv6 internet)
                        • no manual ULA prefix - don't need it anyways (most of the time)
                        • additional IPv6 routers:
                          • allow IPv6 prefixes announced by other routers
                          • This box provides the default gateway
                          • medium advertising preference
                        • DNSv6 servers:
                          • announce DNSv6 server via RA (RFC5006)
                        • DHCPv6 server
                          • activate DHCPv6 for your home network
                          • select last item: DNS servers, prefix (IA_PD) and address (IA_NA)

                      pfSense:

                      • interfaces / WAN
                        • IPv6 config: DHCP6
                        • DHCP prefix size: /60 (to play it safe as there are different sizes communicated by different ISPs. /56 should(!) be good, but I went with /60 to be sure not to request more than I get)
                        • Send IPv6 prefix hint
                        • Start in client debug mode (to see more intel if it doesn't work)

                      besides this, nothing in DHCP6 client config is selected or configured. That works fine with my cable provider, gets me a global IPv6 on WAN (blah:blah:blah:aa00:/64) and via tracking interface on my lab vlan I get another /64 there (blah:blah:blah:aaf7) and on my guest vlan (blah:blah:blah:aafb). So the tracking (aaf0-aaff) works just fine within the defined /60. If your provider is some VDSL thing, the IPv6 settings for DHCP6 on WAN may vary as different providers need slightly different settings. Some may need the "request only prefix" or the request sent via IPv4 or no prefix hint at all.

                      But I had problems in the past, too so I just got myself a he.net tunnel with a /48 delegation that worked super-easy. Only thing that I see is that using the IPv6 via the tunnel, it's (much) slower (in some cases) then an IPv4 link. I suppose it's either the v6 is slow because of tunnel overhead etc. or the v6 address resolves to servers with lower bandwith. Especially had that with streaming (YT etc.) that got incredibly slow after running v6 in my media network so I disabled it in that VLAN and got instant speedups. (seems YT servers via v6 are either slow as fuck or the tunnel overhead/MTU is playing dirty tricks).
                      Besides that, connections via e.g. SSH or such are working great. Big file transfers are slower than v4 though. Perhaps the same problem as above (pointing to the tunnel being slower than native v4).

                      BTW: I get deprecated IP6s sometimes, too. That is nothing bad. It is specified, that these are IP6s that are "old" and soon to be removed but there may still be traffic arriving for them, so they remain on the interface for a bit. Same thing is used for IP6 clients with privacy extensions enabled. Those rotate through on the interface without problem. Getting a new prefix would always result in a deprecated older address but that shouldn't be a problem for IP6 connectivity at all. Perhaps you don't get the right GW from the AVM box? Normally that should be an fe80::aa:bb:cc:dd* (the box own suffix) and that should remain valid even after IP6 rollover.

                      Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

                      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                      1 Reply Last reply Reply Quote 1
                      • D
                        da370338
                        last edited by

                        Yep, the gateway address is the address of the AVM box (fe80: ...).

                        Man, things could be so easy. Let's get rid of that old IPv4 crap and move on to the future. Can't understand why this causes so much trouble at the ISP's site.

                        Thank you all for your help and thanks to @JeGr for describing the prefix delegation config. I will walk trough this once more to see if I find some config that works for me. But yes, I will check out what other providers can offer. If I find one that is not too expensive and provides a static prefix, I'm gone.

                        Have a nice weekend!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.