Changing from /64 to /48

TravisH

Hello all,

I am trying to get my feet wet with adding an IPv6 network. My ISP (in Australia) does not support IPv6 native at the moment so I have set up an HE tunnel using the instructions at https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker

I had a /64 but requested a /48 as I would like to break the network up slightly. Ideally, i would love to prefix the network into multiple /64's. My main need is actually the VPN which needs to be a TUN interface (i can't use TAP because end clients don't support it) so if I could not segment the entire network I would only need to segment the main network (e.g. home/servers/guest) into one subnet and the OpenVPN server into another.

My question is, can DHCPv6 Server & RA be configured to give out different subnets to different networks like IPv4 DHCP?
Secondly, how do I go about adding the different subnets (e.g. Home & VPN). Do i need to just enter one subnet into the LAN side of things, and another into the OpenVPN and create a route between them, or do I need to create more routes between subnets and the 'parent /48'.

If it helps, my planned assignment is below, and also the IPv4 addresses. I am just not entirely sure how I go about the subnetting. Like for example do I put the /48 address in the LAN, and tell the DHCP server to issue /64 subnets, as well as OpenVPN or should it be done a different way?

Apologies if these are stupid questions, IPv6 is mind blowing even in sheer numbers of subnets and available questions!

Many Thanks!

2001:xx:xx::/48

HOME:                2001:xx:xx:0004:0000:0000:0000:0000/64 10.30.23.0/24
SERVERS:            2001:xx:xx:0005:0000:0000:0000:0000/64 10.31.23.0/24
WLAN_GUEST:      2001:xx:xx:0006:0000:0000:0000:0000/64 10.32.23.0/24
VPN:                  2001:xx:xx:0007:0000:0000:0000:0000/64 10.33.23.0/24

JKnott

My question is, can DHCPv6 Server & RA be configured to give out different subnets to different networks like IPv4 DHCP?
Secondly, how do I go about adding the different subnets (e.g. Home & VPN). Do i need to just enter one subnet into the LAN side of things, and another into the OpenVPN and create a route between them, or do I need to create more routes between subnets and the 'parent /48'.

On each network, you can choose the IPv6 prefix ID to be used.  With a /48, the values range from 0 - ffff.  For OpenVPN, you have to specify the network address in the IPv6 tunnel network box. eg. 2001:xx:xx:0007::/64.

TravisH

Thanks JKnott,

Presumably, i need to set up routing on each interface to the gateway for the tunnel?

johnpoz

"Presumably, i need to set up routing on each interface to the gateway for the tunnel?"

No.. Why would you think that?  Your just attaching a network to pfsense, just like a ipv4 network..  Pfsense will be the gateway to the clients on that network.

Pfsense knows what its default gateway is for wan, and it knows what it is for ipv6 via your tunnel you setup - you would not setup a gateway on an interface unless it was a wan connection.