• 0 Votes
    6 Posts
    615 Views
    GertjanG

    @IonutIT

    I re edit my post above.
    kea2unbound is innocent 👍
    The issue is deep in the GUI, and identical to my initial pfBlockerng issue.

    I'll have a patch some where next week.

  • 0 Votes
    16 Posts
    846 Views
    johnpozJ

    @NickyDoes yeah a /56 is lot of /64s for testing and playing with ;)

    Best practice is /64 for any segment you want to break out.. Even if it only has a couple of devices on it.. It seems insane when you first start playing with Ipv6 to be honest.. Since a /64 is so freaking huge when it comes to how many IPs..

  • Recurring internet disconnect when using iPV6

    IPv6
    1
    0 Votes
    1 Posts
    199 Views
    No one has replied
  • Unable to set raw DUID for WAN

    IPv6
    1
    0 Votes
    1 Posts
    393 Views
    No one has replied
  • pfSense and disapling prefix delegation for LAN side

    IPv6
    1
    0 Votes
    1 Posts
    408 Views
    No one has replied
  • 1 Votes
    4 Posts
    1k Views
    A

    Thanks @jimp for the fix. I've re-tested with 23.01.b.20221221.1946 snapshot and the issue seems to be resolved.

  • 0 Votes
    7 Posts
    948 Views
    C

    @bob-dig Yes, what you say is true. Luckily my prefix(es) are not dynamic and I'd need to do quite a few changes to flip to what you suggest. I'll probably think about that as a longer-term project but for now this solution works for my specific use case.

  • 0 Votes
    7 Posts
    1k Views
    J

    @jarrodsfarrell Did fix the DNS IPv4+6. Post filter is getting tripped so I can't edit my post.

  • 0 Votes
    15 Posts
    2k Views
    JKnottJ

    @joe90

    If it is assigning an address from with your prefix, then that address will start with your /56 prefix.

    I don't have any experience with IPv6 on PPPoE or with OpenWRT, so I don't know what else to check.

    However, you don't need a WAN GUA. If you want to access pfSense from elsewhere, you can use the LAN interface address.

  • LAN interface static IPv6 trouble

    IPv6
    7
    0 Votes
    7 Posts
    1k Views
    A

    @andicniko

    EDIT: After a factory reset and trying again, it seems it will work if 1) I state the DHCPv6 range in full (including the prefix), and 2) I state the subnet in the router advertisements settings.

    For anyone else struggling to make this work, the specific settings are:

    Services / DHCPv6 Server & RA / LAN / DHCPv6 Server
    Range = [your desired IPv6 range in full, e.g. 1000:1000:1000:1000::2000 to 1000:1000:1000:1000::3000]

    Note: DO NOT omit the prefix when stating the range. This is one of the issues that seemed to prevent my DHCPv6 server working properly (if the LAN interface is set to IPv6 Configuration Type = Static IPv6). By default, the range is stated excluding the prefix, e.g. ::2000 to ::3000. I'm not sure why this should matter, if the subnet field is already populated and aware of 1000:1000:1000:1000::, and omitting the prefix does no harm when the LAN interface is set to IPv6 Configuration Type = Track interface. Also note: I also had some trouble keeping the "Provide DNS servers to DHCPv6 clients" checkbox ticked. It is ticked by default, but seemed to untick by itself when changing and saving settings on this page. When ticking it again and saving, it would just disappear. However, it was ticked after navigating to another page and coming back. So I didn't have an issue in the end.

    Services / DHCPv6 Server & RA / LAN / Router Advertisements
    Subnets = [your IPv6 prefix 1000:1000:1000:1000::/64]

    Note: DO NOT leave this blank. This is one of the issues that seemed to prevent my DHCPv6 server working properly (if the LAN interface is set to IPv6 Configuration Type = Static IPv6). By default this is blank, and it does no harm leaving it blank when the LAN interface is set to IPv6 Configuration Type = Track interface. I'm not sure why this should matter.

    I don't know if the above are supposed to be necessary or not - apologies if I'm posting something that should be obvious. But I hope that helps someone!

  • 0 Votes
    21 Posts
    3k Views
    T

    @mickman99 Sorry mal wieder die späte Rückmeldung. Habe jetzt Urlaub und kann mich dem Thema wieder expliziter widmen.

    Tatsächlich wird der Präfix einwandfrei auf die Interfaces verteilt und stimmen auch mit dem Präfix mit dem der FRITZ!Box überein. Laut Log der FRITZ!Box wird das verteilte Netz an das LAN Interface auch erkannt und als Exposed Host freigegeben.

    Ich vertraue allerdings der Firewall der FRITZ!Box nicht so ganz. Ich richte parallel bei einem Nachbar einen OpenVPN Server über IPv6 ein. Auch dort wird der eingehender Verkehr trotz Exposed Host (natürlich nur zum Test so freigegeben) rejected. Sinn macht das nicht.

    Zusätzlich ist bei meiner pfsense das Problem aufgetreten, wenn viele Daten auf einmal verarbeitet werden müssen, dass der interne DNS Server abschmiert. Da habe ich auch die Vermutung, dass es an der FRITZ!Box liegt. Der Log der Fritte verrät da allerdings nicht so viel...

  • Multiple ipv6-nets on LAN with DHCPv6

    IPv6
    20
    1 Votes
    20 Posts
    4k Views
    JKnottJ

    @bob-dig

    All the addresses appear automagically. One of each type is consistent, based on the MAC address. The privacy addresses are based on random numbers. The only thing I configure is the DNS entries, which I point to the consistent addresses. I do not ever use a privacy address for DNS, as it would only last for a week. It is also possible to have consistent addresses based on a random number, for those who are worried about someone tracking their MAC address.

  • 0 Votes
    2 Posts
    2k Views
    jimpJ

    So what does the config on pfSense look like vs your external server config? There must be some difference in the formatting or naming of the option to explain what is happening.

    Look in /var/dhcpd/etc/dhcpdv6.conf