Working with Temporary IPv6 addresses.



  • I have pfSense as OpenVPN client with multiple machines having IPv6 temporary addresses that are trying to access the internet. I want to route all of the IPv6 traffic on few of these machines through a VPN tunnel. I have accomplished this with IPv4 by creating an Alias with all of the static IPv4 addresses that need internet through VPN and created a LAN rule based on the source from the alias and set the gateway to the VPN gateway.

    I can't do the same with IPv6 with temporary addresses since the source address keeps changing all the time. I guess I would need some kind of source mac based routing, but it appears that pfSense doesn't support that. What options have I got? Sure I can turn off temporary IPv6 addresses, but are there any alternatives especially for mobile clients where the privacy extensions are enabled by default and cannot be turned off?


  • Rebel Alliance Global Moderator

    You need to rethink how IPv6 works ;) You push ipv4 through a vpn because its NATTING... IPv6 is not natted.. So how exactly do you think you can push this traffic through a vpn??

    if you want a client to use IPv6 through a vpn connection then the client would need to get his IPv6 address from the VPN server..



  • Makes sense. I could assign an IPv6 address to pfSense OpenVPN client from the server, but how do I assign the IPv6 addresses to LAN clients behind pfSense? Does pfSense support this kind of setup?


  • Rebel Alliance Global Moderator

    What VPN service support this?



  • @dhiru said in Working with Temporary IPv6 addresses.:

    I want to route all of the IPv6 traffic on few of these machines through a VPN tunne

    I assume the other end of the VPN has a different prefix. If so, it's just standard routing. All traffic for the far end of the VPN gets routed that way.



  • @johnpoz said in Working with Temporary IPv6 addresses.:

    What VPN service support this?

    I am self-hosting the VPN server.

    @jknott said in Working with Temporary IPv6 addresses.:

    @dhiru said in Working with Temporary IPv6 addresses.:

    I want to route all of the IPv6 traffic on few of these machines through a VPN tunne

    I assume the other end of the VPN has a different prefix. If so, it's just standard routing. All traffic for the far end of the VPN gets routed that way.

    Yes. The VPN server is on a different ISP with a different prefix.