IPv6 only on LAN
-
Actually, the DHCP server doesn't have to be turned off. There's nothing wrong with having multiple DHCP servers on a network and is often done on larger networks.
Yeah that is bad idea!! Most soho wifi routers dhcp server is very limited, many of them will not even allow you point to a different gateway other than its own IP. I would suggest TURN it off - you have zero use for it since pfsense would be your dhcp server.
-
ok, it's working!. I have sucessfully connected a HE tunnel and it's working, as I can ping from the pfSense box to ipv6 sites and it works (with horrible lantency, but it works).
But it seems I have not been able to make DHCP work as it should, because the DHCPv6 leases does not appear except for and iPad I have on my network, but when checking on the iPad it only seems to receive the ipv6 dns servers and no ipv6 address, and the test-ipv6.com check does not show any ipv6 address…
I can post the screenshots of my configuration if anyone can help me.
-
First, you need RADVD enabled and working (In Unmanged or Assisted mode). Leave DHCPv6 alone for now, it's badly broken on Windows, not implemented on Android, and used in whacky ways on Bitten Fruit Co. products.
-
First, you need RADVD enabled and working (In Unmanged or Assisted mode). Leave DHCPv6 alone for now, it's badly broken on Windows, not implemented on Android, and used in whacky ways on Bitten Fruit Co. products.
the services status shows radvd working, but I'm not sure if its well configured… I have tried in Managed and Assited mode and seems to make no difference.
-
the services status shows radvd working, but I'm not sure if its well configured… I have tried in Managed and Assited mode and seems to make no difference.
Automagical options for you for RA are: "Unmanaged" (SLAAC method)
Even with RA="Router Only", you can always manually give a host on a LAN an IPv6subnet/64-number yourself.
Config your LAN static as you like.
The /48-part is HE, the next Word-part is your-subnet, then the last 64-bits are up to you, like say ::abe 8) -
@hda:
the services status shows radvd working, but I'm not sure if its well configured… I have tried in Managed and Assited mode and seems to make no difference.
Automagical options for you for RA are: "Unmanaged" (SLAAC method)
Even with RA="Router Only", you can always manually give a host on a LAN an IPv6subnet/64-number yourself.
Config your LAN static as you like.
The /48-part is HE, the next Word-part is your-subnet, then the last 64-bits are up to you, like say ::abe 8)You mean that I'd better swich to "Unmanaged" and set up every device/computer IP manually?.
I have more that 20 devices/computers, I would like to leave that work to the DHCPv6 server. -
I have started a new thread because of my DHCP problems on https://forum.pfsense.org/index.php?topic=126054.0 because I think the subject has changed from the original one. Please follow it there.
Thanks.
Pablo -
You mean that I'd better swich to "Unmanaged" and set up every device/computer IP manually?.
There is no need to set up any addresses manually with RA set to "Unmanaged".
-
You mean that I'd better swich to "Unmanaged" and set up every device/computer IP manually?.
There is no need to set up any addresses manually with RA set to "Unmanaged".
Ah, ok, I see. And the addresses being leased by SLAAC cant't be viewed on the DHCPv6 lease status, right?
Because I have changed to Assisted (I understand that it somehow "includes" the "Unmannaged" behaviour, right?) and I think al least some devices are getting ipv6 addresses but they are not on the range I configured on DHCPv6 page (but they do are on my LAN) and also I think I'm not getting the defauylt ipv6 gateway on this clients as for example I can ping inside the LAN, but not outside. -
And the addresses being leased by SLAAC cant't be viewed on the DHCPv6 lease status, right?
SLAAC has nothing to do with DHCPv6. It gets the prefix via RADVD and provides the rest of the address, using either a MAC based or random 64 bit number. If DHCPv6 is used, it's generally for providing things like server addresses. However, it's not needed for DNS servers, as that can be provided by RDNSS.
-
And the addresses being leased by SLAAC cant't be viewed on the DHCPv6 lease status, right?
SLAAC has nothing to do with DHCPv6. It gets the prefix via RADVD and provides the rest of the address, using either a MAC based or random 64 bit number. If DHCPv6 is used, it's generally for providing things like server addresses. However, it's not needed for DNS servers, as that can be provided by RDNSS.
ok, and is there a way to check what IP addresses have been asigned by SLAAC? (like the way I can see the DHCP Leases)
-
And the addresses being leased by SLAAC cant't be viewed on the DHCPv6 lease status, right?
SLAAC has nothing to do with DHCPv6. It gets the prefix via RADVD and provides the rest of the address, using either a MAC based or random 64 bit number. If DHCPv6 is used, it's generally for providing things like server addresses. However, it's not needed for DNS servers, as that can be provided by RDNSS.
ok, and is there a way to check what IP addresses have been asigned by SLAAC? (like the way I can see the DHCP Leases)
No such way. The RA daemon that advertises the route and the prefix does absolutely nothing else but those functions, selection of the address from the advertised prefix happens completely on the client (of course assisted with duplicate address detection but even that does not involve the RA daemon).
-
@kpa:
And the addresses being leased by SLAAC cant't be viewed on the DHCPv6 lease status, right?
SLAAC has nothing to do with DHCPv6. It gets the prefix via RADVD and provides the rest of the address, using either a MAC based or random 64 bit number. If DHCPv6 is used, it's generally for providing things like server addresses. However, it's not needed for DNS servers, as that can be provided by RDNSS.
ok, and is there a way to check what IP addresses have been asigned by SLAAC? (like the way I can see the DHCP Leases)
No such way. The RA daemon that advertises the route and the prefix does absolutely nothing else but those functions, selection of the address from the advertised prefix happens completely on the client (of course assisted with duplicate address detection but even that does not involve the RA daemon).
ok, thanks for your help, I'm learning a lot!!!! :)
Just one more… I cannot make my clients to ping a host on internet, the names resolve ok to the IPv6 addresses, but somehow I guess I do not have a gateway configured properly or something is "closed" at the pfSense box that blocks traffic.
-
ok, and is there a way to check what IP addresses have been asigned by SLAAC? (like the way I can see the DHCP Leases)
No. You can only check on the device. There is no server, as there is with DHCP.
-
@kpa:
And the addresses being leased by SLAAC cant't be viewed on the DHCPv6 lease status, right?
SLAAC has nothing to do with DHCPv6. It gets the prefix via RADVD and provides the rest of the address, using either a MAC based or random 64 bit number. If DHCPv6 is used, it's generally for providing things like server addresses. However, it's not needed for DNS servers, as that can be provided by RDNSS.
ok, and is there a way to check what IP addresses have been asigned by SLAAC? (like the way I can see the DHCP Leases)
No such way. The RA daemon that advertises the route and the prefix does absolutely nothing else but those functions, selection of the address from the advertised prefix happens completely on the client (of course assisted with duplicate address detection but even that does not involve the RA daemon).
ok, thanks for your help, I'm learning a lot!!!! :)
Just one more… I cannot make my clients to ping a host on internet, the names resolve ok to the IPv6 addresses, but somehow I guess I do not have a gateway configured properly or something is "closed" at the pfSense box that blocks traffic.
I had this issue when I first setup a 6rd tunnel. The fix for me was to disable gateway monitoring on the ipv6 gateway. It wasn't responding to pings so pfSense would treat it as being down.
