Ipv6 + Track Interface + Unique Local Virtual IP = No Go ?



  • On my pfSense I have 2 VLANs: VLAN20 for my own personal use and VLAN30 for guests.

    From my provider I get a 56bit prefix, and i have now added ipv6 functionality to my pfSense and the rest of my network.
    I have set up Track Interface on both of the VLAN interfaces and i have used:
    for VLAN 30 (guests)

    • RA = Assisted
    • DHCPv6 Server on pfSense = enabled

    for VLAN 20 (me)

    • RA = Stateless DHCP
    • DHCPv6 Server on pfSense = disabled

    The VLAN30 part works as expected.

    The reason I chose a different setup for VLAN20 is because I use Microsoft Active Directory, and so DNS needs to handled by my Windows severs.
    Since I can't get a fixed IP for Internet subscription, I have no guarantee for a fixed ipv6 prefix either.
    Note: In the past 3 weeks I have no seen it change. I do know from past experiences that the ipv4 changes from time to time, although not frequently.
    At work I have the same provider, but with a business subscription.
    I do  get a fixed IP(v4) there, and a fixed ipv6 frefix after I registered my pfSense's DUID.I do not have that option on my subscription though.
    So: no guarantees…

    So, on my VLAN20 interface, I added a Unique Local subnet (a randomly selected 64 bit subnet in the FD00-range).
    I gave both my Windows servers a fixed IP in that FD-range, and told the DHCPv6-server to announce both servers with their FD-address as DNS-servers for my domain.

    I think that is the right way to do it.

    My clients computers now get both a ULA address and a Global address, as should be expected.
    As far as I can tell, everything works as intended.

    The only thing I cannot seem to do is reach my pfSense's webinterface via IPv6 by anything else but its Global address.
    pfSense itself does not have a Unique Local address, and I can't seem to get that working either.

    Once I add a Virtual IP on VLAN20 and reboot pfSense, the clients on VLAN20 no longer get their Global address.

    I removed the Virtual IP and tried a few other things:

    • I added a new VLAN interface (VLAN40) and added a Virtual IP there.
      From a VLAN20 client I CAN ping the VLAN40 ipv4 interface (10.10.40.1) and the Global ipv6 on that interface but not the Virtual IP attached to it.
      I have no idea why that doesn't work.

    • I removed 'track interface' from the default LAN interface (which in itself isn't used anyway), and added a static FD-address instead.
      I can't ping it from a VLAN20 client, where I could ping that interface's Global address while Track Interface was still applied.

    So far, I have not found a way to access my pfSense webGUI by means of ipv6 other than a global address.
    Does anyone see what I am doing wrong? Or is it just not possible?



  • Nobody has any idea if this is possible or not?



  • I also have ULA and GUA on my LAN and pfsense does not have a ULA on the LAN interface.  It does on another one, that's ULA only.  I have no idea why it does not get a ULA on the interface when there's a GUA.  I tried manually assigning a ULA on that interface, but then things got flakey (sorry for the technical jargon  ;) ), so I removed it.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy