How do I create a Static IPv6 address

attewell · Jul 26, 2018, 10:28 AM

I have setup my pfsense with IPv6, my ISP gave me a /56 static IP..

But Now I want to assign my devices a static IPV6.. But everytime I restart pfsense.. or am logged out of network for a number of house..
DHCPv6 creates a new IPv6 address for my devices..

Something to do with the DUID?

How can i create a permanent IPv6 static address for my devices on LAN?

NogBadTheBad · Jul 26, 2018, 10:30 AM

@attewell said in How do I create a Static IPv6 address:

ve setup my pfsense with IPv6, my ISP gave me a /56 static IP..
But Now I want to assign my devices a static IPV6.. But everytime I restart pfsense.. or am logged out of network for a number of house..
DHCPv6 creates a new IPv6 address for my devices..
Something to do with the DUID?
How can i create a permanent IPv6 static address fo

Are you talking about your WAN interface ?

attewell · Jul 26, 2018, 10:35 AM

@nogbadthebad I have DHCP6 on WAN, and I have assigned a static IPv6 address only LAN.
In my DHCPv6 Server & RA LAN DHCPv6 Server, I have setup a range,
Then i go to DHCPv6 leases, and I see it has generated addresses..
And I (+) to set this address as static.. but doesn't seem to assign, when I to a reboot.. or come back a day later..

NogBadTheBad · Jul 26, 2018, 10:47 AM

Go to the Status -> DHCPv6 Leases Table does the DUID differ to the entry in the static ?

Are the devices Andriod ?

attewell · Jul 26, 2018, 10:51 AM

@nogbadthebad Yes the DUID does differ
eg
00:01:00:01:1e:c1:15:1f:bc:6c:21:16:3c:e1
00:01:00:01:22:ea:11:47:bc:6c:21:16:3c:e1

NogBadTheBad · Jul 26, 2018, 10:52 AM

It's a client issue if the DUID differs.

Out of interest what are the devices ?

attewell · Jul 26, 2018, 10:55 AM

@nogbadthebad xbox and mac, pc

NogBadTheBad · Jul 26, 2018, 11:09 AM

I have several Macs and the DUID doesn't change, I always have consistent IPv6 addresses post pfSense reboot / Mac reboot.

mac-mini:~ andy$ sudo plutil -p /var/db/dhcpclient/DUID_IA.plist
Password:
{
"DUID" => <00010001 20e52264 a8206610 fcb7>
"HostUUID" => <f8f0911a 6b7e59fa a6f50479 e7a70753>
"IAIDList" => [
0 => "en0"
1 => "vlan0"
2 => "vlan1"
3 => "vlan2"
]
}
mac-mini:~ andyk$

00:01:00:01:20:e5:22:64:a8:20:66:10:fc:b7 << my mac-mini DUID from the lease page.

JKnott · Jul 26, 2018, 11:10 AM

One thing to bear in mind, with IPv6 you generally have multiple addresses. With SLAAC, the method commonly used to assign addresses, you will likely have one address, based on the MAC address, which does not change and one or more privacy addresses that change frequently. You'd use the MAC based address when you want to connect to that device and the privacy address for outgoing connections.

NogBadTheBad · Jul 26, 2018, 1:10 PM

@jknott said in How do I create a Static IPv6 address:

One thing to bear in mind, with IPv6 you generally have multiple addresses. With SLAAC, the method commonly used to assign addresses, you will likely have one address, based on the MAC address, which does not change and one or more privacy addresses that change frequently. You'd use the MAC based address when you want to connect to that device and the privacy address for outgoing connections.

Indeed:-

mac-mini:~ andy$ ifconfig en0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether a8:20:66:10:fc:b7
inet6 fe80::188e:a68d:917f:ffa3%en0 prefixlen 64 secured scopeid 0x7
inet 172.16.1.23 netmask 0xffffff00 broadcast 172.16.1.255
inet6 2a02:xxxx:xxxx:xxxx::17 prefixlen 64 dynamic
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (1000baseT <full-duplex,energy-efficient-ethernet>)
status: active
mac-mini:~ andy$

JKnott · Jul 26, 2018, 1:10 PM

@nogbadthebad said in How do I create a Static IPv6 address:

Indeed:-

Not quite. I see a dynamic address, which I assume is a privacy address and a link local. Don't confuse link local with a MAC based global address. They're both based on the MAC address, but link local addresses are irrelevant beyond the local LAN. On my computer, when I first start it, I have, in addition to the link local, one MAC based global address and one privacy address, which is based on a random number. A new privacy address is created every day and added to the list, with those older than 7 days being deleted. An outgoing connection will use the most recent privacy address and the others remain valid, to support connections that existed prior to the latest address being created. I don't know much about Apple computers, but on Linux and Windows, it's possible to configure for whether MAC or privacy addresses are created or both. Based on what you posted, I suspect MAC based addresses are not enabled.

Derelict · Jul 27, 2018, 10:32 AM

Right.

If you use SLAAC the host should establish a "permanent" address based on the MAC address but randomly generate temporary addresses.

In general the "permanent" address can be used for connections to the host, while the random address is used for connections from the host.

This is all controlled by settings on the host itself, not the routers or firewalls.