Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCPv6 assigns static IP to both interfaces on my Mac

    Scheduled Pinned Locked Moved IPv6
    12 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JKnottJ
      JKnott
      last edited by

      Generally, when you assign an address via DHCP, you map the desired address to the MAC address, which should be different for both interfaces.  This means you assign 1 address to the Ethernet port and a different one to the WiFi interface.  Incidentally, you don't need to use DHCP to assign an IPv6 address.  IPv6 supports something called "SLAAC" which automagically assigns IPv6 addresses by combining the network address, provided via router advertisements and either the MAC address or a random number, could also be both, to obtain 1 or more IPv6 addresses on an interface.

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      1 Reply Last reply Reply Quote 0
      • LucaTNTL
        LucaTNT
        last edited by

        Thanks for your reply, but I'd really want all my hosts to have fixed addresses on each interface, and setting them up on each device is far less conveniente than managing everything through pfSense.
        I suspect that the issue is that the DUID is unique per-machine, while I'd need it to be unique per-interface.

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          No, DUID is not per interface. That's IAID.

          1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott
            last edited by

            Thanks for your reply, but I'd really want all my hosts to have fixed addresses on each interface

            SLAAC will provide fixed addresses, based on the network address and MAC address and no configuration required at all.  Further, should your prefix change, the addresses will follow.  With SLAAC, you can have MAC based, random number based or both.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • LucaTNTL
              LucaTNT
              last edited by

              Thanks, I'll try SLAAC as soon as I get back home on Saturday.

              With SLAAC, though, I won't be able to choose which address the device gets, correct?
              So in order to create the proper AAAA record in the DNS server I'll need to connect the device to the network and see what address it assigns itself.
              That's pretty inconvenient, though: I always did assign "ranges" to my devices (e.g. 110-119 is for Phones, 120-129 for tablets, etc), it looks like it won't be possibile anymore with IPv6.

              1 Reply Last reply Reply Quote 0
              • K
                kpa
                last edited by

                You don't get to choose anything with SLAAC. Depending on how the host is set up you get either one or two addresses out of the prefix the router advertises. First one is directly based on the MAC address of the NIC, this is the static address because it is derived from the MAC address. The second one is a random address and you get it only if you have the IPv6 privacy extensions turned on the host. *)

                *) https://tools.ietf.org/html/rfc4941

                1 Reply Last reply Reply Quote 0
                • JKnottJ
                  JKnott
                  last edited by

                  With SLAAC, though, I won't be able to choose which address the device gets, correct?
                  So in order to create the proper AAAA record in the DNS server I'll need to connect the device to the network and see what address it assigns itself.

                  Wtih SLAAC, you'd have the DNS point to the MAC based address, which will not change, unless your prefix does.  The random number based addresses are called "privacy addresses" as they cannot be tied to a specific piece of hardware, the way a MAC based address can.  They also change periodically.  Normally, a privacy address is used for outgoing connections.

                  A MAC based SLAAC address is created by taking the MAC address, inserting FFFE in the middle, inverting the 7th bit.and prepending the prefix.  However, should you desire to create an address, you can use a locally assigned MAC address of your choosing.  Incidentally, here's where we get to why that 7th bit is inverted.  When you create a MAC address, that 7th bit is normally a 1.  But by inverting it, it becomes a 0 and makes the resulting address a bit simpler, so that if you set the MAC to, for example, 5, the local host portion of the address will also be 5, without worrying about that 7th bit messing things up.

                  PfSense running on Qotom mini PC
                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                  UniFi AC-Lite access point

                  I haven't lost my mind. It's around here...somewhere...

                  1 Reply Last reply Reply Quote 0
                  • LucaTNTL
                    LucaTNT
                    last edited by

                    Thanks kpa and JKnott!

                    So, to recap:

                    • With DHCPv6 address reservations:

                      • I can choose each address (one per machine, though)

                      • I have issues on machines with multiple NICs due to the DUID being unique per-machine rather than per-interface

                      • I get DNS hostnames "for free"

                      • Each machine will use that address to access the internet

                    • With SLAAC

                      • I cannot choose any addresses,  they are chosen by the devices themselves, but they are fixed per interface (assuming my prefix doesn't change)

                      • No issues with multi-NIC machines: each gets its own address

                      • I can manually set up DNS hostnames

                      • Each machine will use the random, always changing "privacy" address to access the internet, if that feature is enabled

                    So as long as I disable the privacy feature I should also be able to easily set rules for each client (e.g. no access to certain hosts/ports, etc), which would be impossibile if it used a randomly changing address to get online.

                    1 Reply Last reply Reply Quote 0
                    • JKnottJ
                      JKnott
                      last edited by

                      So as long as I disable the privacy feature I should also be able to easily set rules for each client

                      If pfSense supported MAC filtering, you could even do that with privacy addresses.

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      1 Reply Last reply Reply Quote 0
                      • K
                        kpa
                        last edited by

                        You can use both the static address and the random address at the same time. If you need to open any inbound traffic you use the static address based on the MAC address and for all outgoing traffic that is going beyond the pfSense router the random address gets used automatically. Best of the both worlds.

                        1 Reply Last reply Reply Quote 0
                        • LucaTNTL
                          LucaTNT
                          last edited by

                          @kpa:

                          You can use both the static address and the random address at the same time. If you need to open any inbound traffic you use the static address based on the MAC address and for all outgoing traffic that is going beyond the pfSense router the random address gets used automatically. Best of the both worlds.

                          It's the way I think I'm gonna go, the only thing is that I can't set per-host rules and, more importantly, if the Traffic Graph section ever gets updated to support IPv6, I'll have no clue who is hogging my bandwidth, which is something I often rely upon (only 20 down/2 up).

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.