IPv6 - static IP for pfSense
-
Hi!
We're using the IPv6 features of pfSense happily for quite some time now with the provider "Telekom" from germany.
The system is configured as follows:WAN:
-
IPv6 Configuration Type: DHCP6
-
DHCP6 Client Configuration (options not shown here are not checked/configured):
-
Request a IPv6 prefix/information through the IPv4 connectivity link
-
Only request an IPv6 prefix, do not request an IPv6 address
-
DHCPv6 Prefix Delegation size: 56
-
Send an IPv6 prefix hint to indicate the desired prefix size for delegation
-
LAN, OPT1, …
-
IPv6 Configuration Type: Track Interface
-
IPv6 Interface: WAN
-
Prefix ID: interface specific, 00, 01, 02, …
We configured the router mode in router advertisements to managed and enabled the DHCPv6 server of pfSense.
Clients receive IPv6 leases and are connected to the ipv6 world.When looking at the interface status page of pfSense, the system has received its own IPv6 addresses for every interface from the provider.
I'm wondering if it is possible to give the pfSense system a static IP for every interface while also retaining the functionality for router advertisements from the provider.Thanks for your help!
-
-
Firewall->Virtual IPs and then select "IP alias" as the type of the alias.
-
You could for sure give it a static inside whatever prefix you get. But if they happen to hand you a different prefix all your scopes can change on you.
Why they don't just assign customer prefix XYZ, /48 should be what they give you and be done with it..
If you want static and your ISP will not give you one - just head over to hurricane electric and grab the free /48 they will give you. Now you have all the statics you want ever.. And what is nice is even if you change ISP you can just keep that /48.. Even if your isp doesn't support ipv6 you still have that /48, etc..
I have had the same prefix since 2013.. And even can setup PTR on any of the IPs I want in that /48 and recently moved to isp that doesn't have any IPv6 and means nothing to me.. Since it took all of 2 seconds to setup my tunnel again with all my boxes able to have the same exact ipv6 address they had with the previous isp.
Really the only draw back to tunnel is a few extra ms latency vs native connectivity - depending on where the nearest pop and where HE peers with your isp, etc. But they have pops all over the world.
https://www.tunnelbroker.net/status.php