Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Working with Temporary IPv6 addresses.

    Scheduled Pinned Locked Moved IPv6
    6 Posts 3 Posters 865 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dhiru
      last edited by

      I have pfSense as OpenVPN client with multiple machines having IPv6 temporary addresses that are trying to access the internet. I want to route all of the IPv6 traffic on few of these machines through a VPN tunnel. I have accomplished this with IPv4 by creating an Alias with all of the static IPv4 addresses that need internet through VPN and created a LAN rule based on the source from the alias and set the gateway to the VPN gateway.

      I can't do the same with IPv6 with temporary addresses since the source address keeps changing all the time. I guess I would need some kind of source mac based routing, but it appears that pfSense doesn't support that. What options have I got? Sure I can turn off temporary IPv6 addresses, but are there any alternatives especially for mobile clients where the privacy extensions are enabled by default and cannot be turned off?

      JKnottJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        You need to rethink how IPv6 works ;) You push ipv4 through a vpn because its NATTING... IPv6 is not natted.. So how exactly do you think you can push this traffic through a vpn??

        if you want a client to use IPv6 through a vpn connection then the client would need to get his IPv6 address from the VPN server..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • D
          Dhiru
          last edited by

          Makes sense. I could assign an IPv6 address to pfSense OpenVPN client from the server, but how do I assign the IPv6 addresses to LAN clients behind pfSense? Does pfSense support this kind of setup?

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            What VPN service support this?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            D 1 Reply Last reply Reply Quote 0
            • JKnottJ
              JKnott @Dhiru
              last edited by

              @dhiru said in Working with Temporary IPv6 addresses.:

              I want to route all of the IPv6 traffic on few of these machines through a VPN tunne

              I assume the other end of the VPN has a different prefix. If so, it's just standard routing. All traffic for the far end of the VPN gets routed that way.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              1 Reply Last reply Reply Quote 0
              • D
                Dhiru @johnpoz
                last edited by

                @johnpoz said in Working with Temporary IPv6 addresses.:

                What VPN service support this?

                I am self-hosting the VPN server.

                @jknott said in Working with Temporary IPv6 addresses.:

                @dhiru said in Working with Temporary IPv6 addresses.:

                I want to route all of the IPv6 traffic on few of these machines through a VPN tunne

                I assume the other end of the VPN has a different prefix. If so, it's just standard routing. All traffic for the far end of the VPN gets routed that way.

                Yes. The VPN server is on a different ISP with a different prefix.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.