4. Changing from /64 to /48

Changing from /64 to /48

  • T

    Hello all,

    I am trying to get my feet wet with adding an IPv6 network. My ISP (in Australia) does not support IPv6 native at the moment so I have set up an HE tunnel using the instructions at https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker

    I had a /64 but requested a /48 as I would like to break the network up slightly. Ideally, i would love to prefix the network into multiple /64's. My main need is actually the VPN which needs to be a TUN interface (i can't use TAP because end clients don't support it) so if I could not segment the entire network I would only need to segment the main network (e.g. home/servers/guest) into one subnet and the OpenVPN server into another.

    My question is, can DHCPv6 Server & RA be configured to give out different subnets to different networks like IPv4 DHCP?
    Secondly, how do I go about adding the different subnets (e.g. Home & VPN). Do i need to just enter one subnet into the LAN side of things, and another into the OpenVPN and create a route between them, or do I need to create more routes between subnets and the 'parent /48'.

    If it helps, my planned assignment is below, and also the IPv4 addresses. I am just not entirely sure how I go about the subnetting. Like for example do I put the /48 address in the LAN, and tell the DHCP server to issue /64 subnets, as well as OpenVPN or should it be done a different way?

    Apologies if these are stupid questions, IPv6 is mind blowing even in sheer numbers of subnets and available questions!

    Many Thanks!

    2001:xx:xx::/48

    HOME:                2001:xx:xx:0004:0000:0000:0000:0000/64 10.30.23.0/24
    SERVERS:            2001:xx:xx:0005:0000:0000:0000:0000/64 10.31.23.0/24
    WLAN_GUEST:      2001:xx:xx:0006:0000:0000:0000:0000/64 10.32.23.0/24
    VPN:                  2001:xx:xx:0007:0000:0000:0000:0000/64 10.33.23.0/24

    0

  • My question is, can DHCPv6 Server & RA be configured to give out different subnets to different networks like IPv4 DHCP?
    Secondly, how do I go about adding the different subnets (e.g. Home & VPN). Do i need to just enter one subnet into the LAN side of things, and another into the OpenVPN and create a route between them, or do I need to create more routes between subnets and the 'parent /48'.

    On each network, you can choose the IPv6 prefix ID to be used.  With a /48, the values range from 0 - ffff.  For OpenVPN, you have to specify the network address in the IPv6 tunnel network box. eg. 2001:xx:xx:0007::/64.

    0
  • T

    Thanks JKnott,

    Presumably, i need to set up routing on each interface to the gateway for the tunnel?

    0
  • LAYER 8 Global Moderator

    "Presumably, i need to set up routing on each interface to the gateway for the tunnel?"

    No.. Why would you think that?  Your just attaching a network to pfsense, just like a ipv4 network..  Pfsense will be the gateway to the clients on that network.

    Pfsense knows what its default gateway is for wan, and it knows what it is for ipv6 via your tunnel you setup - you would not setup a gateway on an interface unless it was a wan connection.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy