Ask help about BASIC ipv6 setup with /48 static address
-
Hi everyone,
I recently doing something on Proxmox VE(KVM) + Pfsense + IPv6 address block.
Here is what happened on me :
I setup two brs:
vmbr0 to physical interface (enp5s0f0) as pfSense WAN running on a KVM VM
vmbr1 to none as p'fSense LAN running on the same KVM VM
the server IDC provide an IPv6 address block 2607:fca8:1a::/48 and Gateway address on ::1
I tested setup VM on vmbr0 setup address like 2607:fca8:1a::f/48 and 2607:fca8:1a:1000::2/48 (Both gateway ::1/48), they all works fine ping google dns or something else.
So I delete the test VM , then set pfsense VM WAN address 2607:fca8:1a::f/48 (Use pfsense gui),but then I try to setup LAN address as I thought (2607:fca8:1a:1000::1/56), it says address already in use by WAN
So I searched some article says I should select DHCPv6 Client mode on WAN , so I can get PD to use on the LAN side.But the IDC i'm using now didn't enable DHCPv6.
Then I thought maybe I should try set /64 on WAN, set another /64 on LAN, but seems cant get access from LAN side to the world.And if I set WAN to second /64 it even cant reach the ::1/48 gateway address.
Sorry for my poor english, I have no choice but come here to ask help. What should I set the WAN(vmbr0 to physical interface) and LAN(vmbr1 to none interface but assign VMs to it) address to make VMs on the LAN(vmbr1) can access the world.
PS: vmbr0 set 2607:fca8:1a::2/48 with gw 2607:fca8:1a::1 on the host system ( cause need it to access host web panel)
-
You likely do not need any IPv6 on WAN. They are probably routing the /48 to a link-local address but that is just a guess.
| the server IDC provide an IPv6 address block 2607:fca8:1a::/48 and Gateway address on ::1
If they have that /48 on the interface and not routed to you that is hopelessly broken and idiotic. Post the exact instructions they gave you regarding the IPv6 provisioning on that interface.
-
@derelict said in Ask help about BASIC ipv6 setup with /48 static address:
You likely do not need any IPv6 on WAN.
You do not need a routeable IPv6 address on the WAN interface. However, you do need an IPv6 link local address. You normally get one of those when IPv6 is enabled on an interface.
-
Hi there ,
Sorry for the delay
I send a ticket ask about if they just forget to tell me about the ipv6 address which the /48 routed to , and they send me these:
"The default configuration is to assign the /48 to the switch port which it sounds like that is not what you need for your setup."
Seems that they just assign the address block to the port, then I tell them it should be routed to an IPv6 address outside the block , there were no respond several days......
Wanna to know if they didnt or unable to change the situation right now, will my address block work ?
-
No. That's a completely asinine way to do IPv6. They should route it to you, not put it on the interface. I can't think of any valid reason for 65536 /64 networks on one interface.
-
-
"The default configuration is to assign the /48 to the switch port which it sounds like that is not what you need for your setup."
It's not what anyone needs for any setup.