How do I create a Static IPv6 address



  • I have setup my pfsense with IPv6, my ISP gave me a /56 static IP..

    But Now I want to assign my devices a static IPV6.. But everytime I restart pfsense.. or am logged out of network for a number of house..
    DHCPv6 creates a new IPv6 address for my devices..

    Something to do with the DUID?

    How can i create a permanent IPv6 static address for my devices on LAN?


  • Galactic Empire

    @attewell said in How do I create a Static IPv6 address:

    ve setup my pfsense with IPv6, my ISP gave me a /56 static IP..
    But Now I want to assign my devices a static IPV6.. But everytime I restart pfsense.. or am logged out of network for a number of house..
    DHCPv6 creates a new IPv6 address for my devices..
    Something to do with the DUID?
    How can i create a permanent IPv6 static address fo

    Are you talking about your WAN interface ?



  • @nogbadthebad I have DHCP6 on WAN, and I have assigned a static IPv6 address only LAN.
    In my DHCPv6 Server & RA LAN DHCPv6 Server, I have setup a range,
    Then i go to DHCPv6 leases, and I see it has generated addresses..
    And I (+) to set this address as static.. but doesn't seem to assign, when I to a reboot.. or come back a day later..


  • Galactic Empire

    Go to the Status -> DHCPv6 Leases Table does the DUID differ to the entry in the static ?

    Are the devices Andriod ?



  • @nogbadthebad Yes the DUID does differ
    eg
    00:01:00:01:1e:c1:15:1f:bc:6c:21:16:3c:e1
    00:01:00:01:22:ea:11:47:bc:6c:21:16:3c:e1


  • Galactic Empire

    It's a client issue if the DUID differs.

    Out of interest what are the devices ?



  • @nogbadthebad xbox and mac, pc


  • Galactic Empire

    I have several Macs and the DUID doesn't change, I always have consistent IPv6 addresses post pfSense reboot / Mac reboot.

    mac-mini:~ andy$ sudo plutil -p /var/db/dhcpclient/DUID_IA.plist
    Password:
    {
    "DUID" => <00010001 20e52264 a8206610 fcb7>
    "HostUUID" => <f8f0911a 6b7e59fa a6f50479 e7a70753>
    "IAIDList" => [
    0 => "en0"
    1 => "vlan0"
    2 => "vlan1"
    3 => "vlan2"
    ]
    }
    mac-mini:~ andyk$

    00:01:00:01:20:e5:22:64:a8:20:66:10:fc:b7 << my mac-mini DUID from the lease page.



  • One thing to bear in mind, with IPv6 you generally have multiple addresses. With SLAAC, the method commonly used to assign addresses, you will likely have one address, based on the MAC address, which does not change and one or more privacy addresses that change frequently. You'd use the MAC based address when you want to connect to that device and the privacy address for outgoing connections.


  • Galactic Empire

    @jknott said in How do I create a Static IPv6 address:

    One thing to bear in mind, with IPv6 you generally have multiple addresses. With SLAAC, the method commonly used to assign addresses, you will likely have one address, based on the MAC address, which does not change and one or more privacy addresses that change frequently. You'd use the MAC based address when you want to connect to that device and the privacy address for outgoing connections.

    Indeed:-

    mac-mini:~ andy$ ifconfig en0
    en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
    ether a8:20:66:10:fc:b7
    inet6 fe80::188e:a68d:917f:ffa3%en0 prefixlen 64 secured scopeid 0x7
    inet 172.16.1.23 netmask 0xffffff00 broadcast 172.16.1.255
    inet6 2a02:xxxx:xxxx:xxxx::17 prefixlen 64 dynamic
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect (1000baseT <full-duplex,energy-efficient-ethernet>)
    status: active
    mac-mini:~ andy$



  • @nogbadthebad said in How do I create a Static IPv6 address:

    Indeed:-

    Not quite. I see a dynamic address, which I assume is a privacy address and a link local. Don't confuse link local with a MAC based global address. They're both based on the MAC address, but link local addresses are irrelevant beyond the local LAN. On my computer, when I first start it, I have, in addition to the link local, one MAC based global address and one privacy address, which is based on a random number. A new privacy address is created every day and added to the list, with those older than 7 days being deleted. An outgoing connection will use the most recent privacy address and the others remain valid, to support connections that existed prior to the latest address being created. I don't know much about Apple computers, but on Linux and Windows, it's possible to configure for whether MAC or privacy addresses are created or both. Based on what you posted, I suspect MAC based addresses are not enabled.


  • Netgate

    Right.

    If you use SLAAC the host should establish a "permanent" address based on the MAC address but randomly generate temporary addresses.

    In general the "permanent" address can be used for connections to the host, while the random address is used for connections from the host.

    This is all controlled by settings on the host itself, not the routers or firewalls.