Working with Temporary IPv6 addresses.
-
I have pfSense as OpenVPN client with multiple machines having IPv6 temporary addresses that are trying to access the internet. I want to route all of the IPv6 traffic on few of these machines through a VPN tunnel. I have accomplished this with IPv4 by creating an Alias with all of the static IPv4 addresses that need internet through VPN and created a LAN rule based on the source from the alias and set the gateway to the VPN gateway.
I can't do the same with IPv6 with temporary addresses since the source address keeps changing all the time. I guess I would need some kind of source mac based routing, but it appears that pfSense doesn't support that. What options have I got? Sure I can turn off temporary IPv6 addresses, but are there any alternatives especially for mobile clients where the privacy extensions are enabled by default and cannot be turned off?
-
You need to rethink how IPv6 works ;) You push ipv4 through a vpn because its NATTING... IPv6 is not natted.. So how exactly do you think you can push this traffic through a vpn??
if you want a client to use IPv6 through a vpn connection then the client would need to get his IPv6 address from the VPN server..
-
Makes sense. I could assign an IPv6 address to pfSense OpenVPN client from the server, but how do I assign the IPv6 addresses to LAN clients behind pfSense? Does pfSense support this kind of setup?
-
What VPN service support this?
-
@dhiru said in Working with Temporary IPv6 addresses.:
I want to route all of the IPv6 traffic on few of these machines through a VPN tunne
I assume the other end of the VPN has a different prefix. If so, it's just standard routing. All traffic for the far end of the VPN gets routed that way.
-
@johnpoz said in Working with Temporary IPv6 addresses.:
What VPN service support this?
I am self-hosting the VPN server.
@jknott said in Working with Temporary IPv6 addresses.:
@dhiru said in Working with Temporary IPv6 addresses.:
I want to route all of the IPv6 traffic on few of these machines through a VPN tunne
I assume the other end of the VPN has a different prefix. If so, it's just standard routing. All traffic for the far end of the VPN gets routed that way.
Yes. The VPN server is on a different ISP with a different prefix.