Ipv6 + Track Interface + Unique Local Virtual IP = No Go ?
KlaverenBoer last edited by
On my pfSense I have 2 VLANs: VLAN20 for my own personal use and VLAN30 for guests.
From my provider I get a 56bit prefix, and i have now added ipv6 functionality to my pfSense and the rest of my network.
I have set up Track Interface on both of the VLAN interfaces and i have used:
for VLAN 30 (guests)
- RA = Assisted
- DHCPv6 Server on pfSense = enabled
for VLAN 20 (me)
- RA = Stateless DHCP
- DHCPv6 Server on pfSense = disabled
The VLAN30 part works as expected.
The reason I chose a different setup for VLAN20 is because I use Microsoft Active Directory, and so DNS needs to handled by my Windows severs.
Since I can't get a fixed IP for Internet subscription, I have no guarantee for a fixed ipv6 prefix either.
Note: In the past 3 weeks I have no seen it change. I do know from past experiences that the ipv4 changes from time to time, although not frequently.
At work I have the same provider, but with a business subscription.
I do get a fixed IP(v4) there, and a fixed ipv6 frefix after I registered my pfSense's DUID.I do not have that option on my subscription though.
So: no guarantees…
So, on my VLAN20 interface, I added a Unique Local subnet (a randomly selected 64 bit subnet in the FD00-range).
I gave both my Windows servers a fixed IP in that FD-range, and told the DHCPv6-server to announce both servers with their FD-address as DNS-servers for my domain.
I think that is the right way to do it.
My clients computers now get both a ULA address and a Global address, as should be expected.
As far as I can tell, everything works as intended.
The only thing I cannot seem to do is reach my pfSense's webinterface via IPv6 by anything else but its Global address.
pfSense itself does not have a Unique Local address, and I can't seem to get that working either.
Once I add a Virtual IP on VLAN20 and reboot pfSense, the clients on VLAN20 no longer get their Global address.
I removed the Virtual IP and tried a few other things:
I added a new VLAN interface (VLAN40) and added a Virtual IP there.
From a VLAN20 client I CAN ping the VLAN40 ipv4 interface (10.10.40.1) and the Global ipv6 on that interface but not the Virtual IP attached to it.
I have no idea why that doesn't work.
I removed 'track interface' from the default LAN interface (which in itself isn't used anyway), and added a static FD-address instead.
I can't ping it from a VLAN20 client, where I could ping that interface's Global address while Track Interface was still applied.
So far, I have not found a way to access my pfSense webGUI by means of ipv6 other than a global address.
Does anyone see what I am doing wrong? Or is it just not possible?
KlaverenBoer last edited by
Nobody has any idea if this is possible or not?
JKnott last edited by
I also have ULA and GUA on my LAN and pfsense does not have a ULA on the LAN interface. It does on another one, that's ULA only. I have no idea why it does not get a ULA on the interface when there's a GUA. I tried manually assigning a ULA on that interface, but then things got flakey (sorry for the technical jargon ;) ), so I removed it.