• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Working with Temporary IPv6 addresses.

IPv6
3
6
836
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    Dhiru
    last edited by Oct 4, 2018, 10:08 AM

    I have pfSense as OpenVPN client with multiple machines having IPv6 temporary addresses that are trying to access the internet. I want to route all of the IPv6 traffic on few of these machines through a VPN tunnel. I have accomplished this with IPv4 by creating an Alias with all of the static IPv4 addresses that need internet through VPN and created a LAN rule based on the source from the alias and set the gateway to the VPN gateway.

    I can't do the same with IPv6 with temporary addresses since the source address keeps changing all the time. I guess I would need some kind of source mac based routing, but it appears that pfSense doesn't support that. What options have I got? Sure I can turn off temporary IPv6 addresses, but are there any alternatives especially for mobile clients where the privacy extensions are enabled by default and cannot be turned off?

    J 1 Reply Last reply Oct 4, 2018, 11:03 AM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Oct 4, 2018, 10:33 AM

      You need to rethink how IPv6 works ;) You push ipv4 through a vpn because its NATTING... IPv6 is not natted.. So how exactly do you think you can push this traffic through a vpn??

      if you want a client to use IPv6 through a vpn connection then the client would need to get his IPv6 address from the VPN server..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • D
        Dhiru
        last edited by Oct 4, 2018, 10:58 AM

        Makes sense. I could assign an IPv6 address to pfSense OpenVPN client from the server, but how do I assign the IPv6 addresses to LAN clients behind pfSense? Does pfSense support this kind of setup?

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Oct 4, 2018, 11:01 AM

          What VPN service support this?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          D 1 Reply Last reply Oct 4, 2018, 11:11 AM Reply Quote 0
          • J
            JKnott @Dhiru
            last edited by Oct 4, 2018, 11:03 AM

            @dhiru said in Working with Temporary IPv6 addresses.:

            I want to route all of the IPv6 traffic on few of these machines through a VPN tunne

            I assume the other end of the VPN has a different prefix. If so, it's just standard routing. All traffic for the far end of the VPN gets routed that way.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • D
              Dhiru @johnpoz
              last edited by Oct 4, 2018, 11:11 AM

              @johnpoz said in Working with Temporary IPv6 addresses.:

              What VPN service support this?

              I am self-hosting the VPN server.

              @jknott said in Working with Temporary IPv6 addresses.:

              @dhiru said in Working with Temporary IPv6 addresses.:

              I want to route all of the IPv6 traffic on few of these machines through a VPN tunne

              I assume the other end of the VPN has a different prefix. If so, it's just standard routing. All traffic for the far end of the VPN gets routed that way.

              Yes. The VPN server is on a different ISP with a different prefix.

              1 Reply Last reply Reply Quote 0
              1 out of 6
              • First post
                1/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.