IPv6 DHCP to my Windows DHCP Server and DNS - how do I simplify this?



  • I just got to play around with IPv6 and what a nightmare.
    I've been using IPv4 for so long, passed ALL college classes with 100%'s, students shocked when I was done first and the professor smiled after grading a test with 100%, etc.
    I've been doing this my entire life.

    Now I am using IPV6 and the learning curve is like coming from Dreamweaver to Drupal.

    I learned that IPv6 does not need NAT, it's typically automatically assigned in most cases, and it's complicated for me lol.
    I am going to keep this short and hopefully you guys can surprise me with some answers.

    My home network consists of pfSense - Windows Active Directory, Windows DHCP, and Windows DNS.
    Works flawlessly.
    To be honest, there are more settings on pfSense DHCP and DNS than Windows, but people told me to stick with Windows because it's more seamless.

    I followed a tutorial to setting up IPv6.

    I have pfSense 2.3.4.
    1 WAN
    1 LAN
    1 IPv6 Tunnel since my ISP is slow with rolling out IPv6.

    LAN has IPv6 Static IP set - /64
    
    System > Advanced > Allow IPv6 - Allow IPv6 Tunnel.
    
    Firewall > WAN > PASS IPv4 ICMP- source being my Server IPv4 Address. 
    
    The IPv6 firewall tab I have PASS IPv6 ANY (testing). 
    

    There are SO many IPv6 addresses around here that I don't know which is which.

    I learned that the one is link-local and the other is the routed IPv6.

    With Router Advertisement, my phone and other devices gets an IPv6 within half a second. If I turn RA off, it disappears as quickly.
    It just WORKS.

    However, when I go to the list of DHCPv6 Leases, nothing is there. How am I supposed to control the flow of information through IPv6 when I don't know which client is which…?

    If I go back to DHCPv6 Server and enable the DHCPv6 server, RA does it's thing and forwards it to the DHCPv6 server in pfSense.
    Again, just MAC addresses. No host names. No IPv4 addresses.

    I'd REALLY like to have my DHCP v6 clients go to my Windows DHCP server so that I can see who is who -- OR BETTER YET, SOMEHOW HAVE MY WINDOWS DNS AND DHCP UPDATE TO PFSENSE. So then I have hostnames in pfSense logs, I'd have hostnames in DHCPv6 releases, and plenty more.

    I have been a Windows guru my whole life, but I really enjoy the look, the feel, and the settings that pfSense DHCP and DNS has to offer... but I'm a Systems Administrator who hosts his own email and using Windows is kind of critical for me.

    So is there any way to redirect DHCPv6 requests to my Windows DHCP? Also maybe use DNS and DHCP relays to 'sync' information between the two?


  • Netgate

    You should probably set the subnet to Managed, disable the DHCPv6 server on pfSense, and enable DHCPv6 on windows. Then consult windows documentation regarding DHCPv6 there, inserting addresses into DNS, etc.



  • So are you saying making my Windows machine the tunnel?

    The purpose with using pfSense was so that all of my clients can use it.

    It works with Router Advertisement PERFECTLY.
    I can see the IPv6 addresses and MAC addresses, but I can't see the hostname so I would have no clue on how to configure something for a particular host on the firewall part.


  • Netgate

    No. If you need to use Windows for DHCP and DNS on IPv4 it makes sense that you let Windows do DHCPv6 and DNS for IPv6 too.

    Setting the RA on pfSense to Managed says "I am the router you should use to route traffic. Get the rest of your configuration from DHCPv6." The DHCPv6 server does not have to be on pfSense.



  • @Derelict:

    No. If you need to use Windows for DHCP and DNS on IPv4 it makes sense that you let Windows do DHCPv6 and DNS for IPv6 too.

    Setting the RA on pfSense to Managed says "I am the router you should use to route traffic. Get the rest of your configuration from DHCPv6." The DHCPv6 server does not have to be on pfSense.

    I totally agree, and this is why I've been trying to do this for the last few hours.
    Under DHCPv6 Server & RA, it says "You do not need to enable DHCPv6 Server on this firewall. You can use a different DHCP server."

    I went to DHCP Relay, put in my IPv6 address on my DHCP machine, and it still is not forwarding requests.
    Even without DHCP relay, it does not register IPv6.

    So you're right - instead of looking up "IPv6 set-up pfsense", I need to look up "IPv6 Windows DHCP" which I've done but something was not set properly somewhere.

    Anyhow, I'll try it later on.
    I appreciate your help. Thank you


  • Netgate

    You don't have to do anything with DHCPv6 Relay unless the DHCPv6 server is on another subnet.