IPv6 subneting and DHCP PD how to
-
Now pfsense have some big IPv6 limitation. If Wan has dynamic prefix you can't use private IPv6 addresses or DHCP PD. Both service require static WAN address. Until then pfsense can't handle IPv6 subnetworks.
-
????
I have set up interfaces with both GUA and ULA addresses. I use DHCPv6-PD to get my prefixes. Here is my ULA prefix, on the same interface as my GUA:
fd48:1a37:2160:0::
-
@JKnott Your GUA address is fix? My is dynamic. You can't use ULA because NPt alias NAT66 address has to be set manually.
I can receive prefix with DHCP PD but I want to send the unused prefixes in DHCP PD to an another router. -
Why are you using NAT? There's no need for it with all the addresses available with IPv6. NAT is a hack to get around the IPv4 address shortage. My GUA is obtained via DHCPv6-PD and SLAAC.
-
As I mentioned neither DHCPv6 PD nor NAT66 not working in a complex network. I'm not talking about one or two IPv6 network on pfsense's LAN port. Yes, I have IPv6 on pfsense. DHCPv6 PD client work perfectly on WAN, but I need a DHCP server on the LAN side! DHCPv6 server can't use dynamixc prefixes, only fix. I need that the pfsense send the unused prefixes to another routers. Inn my case. I receive /56 from my ISP, pfsense use 2 /64 prefixes on LAN1 and LAN2. The unused 254 pcs /64 prefix will be available in the DHCPv6 server, and other routers on LAN also can request one-one prefix from pfsense.
I tried NAT66 as a last resort, but it has the same limitation. Therefore I have to wait until pfsense can handle dynamic DHCPv6 Server prefixes, or NAT66 can use dynamic WAN address. -
How often do your prefixes change? They normally shouldn't change at all.
-
@ssjoco85 said in IPv6 subneting and DHCP PD how to:
can handle dynamic DHCPv6 Server prefixes
And exactly what box can do that now? That seems like something with no real world use case.. And who says you have to use dhcpv6 anyway for your clients?
If you have need of your prefix not changing - then go get your IPv6 block from Arin or your region of the worlds RIR and do whatever you want with your space.
Or just get a free tunnel from HE and now your /48 doesn't change and you can do whatever you want with it... Or get your ISP to actually assign you /xx that doesn't change so you don't have to go tracking shit via PD from your isp, etc.
-
Always when my WAN reconnect. I have PPPoE on WAN. Most of the ISPs use dynamic IPv6 prefixes on consumer lines.
-
@ssjoco85 said in IPv6 subneting and DHCP PD how to:
IPv6 prefixes on consumer lines.
Then don't use a consumer line - duh!!! Your trying to do business shit with user connection..
If your going to use consumer level connections, and you want to do fancy shit with IPv6 then just get your free /48 from HE and you can do whatever you want with that /48 - and it never changes... I have had my /48 since 2011..
With multiple isp over that period - just take my /48 with me no matter what ISP I use, etc. etc.
-
@ssjoco85 said in IPv6 subneting and DHCP PD how to:
Always when my WAN reconnect. I have PPPoE on WAN. Most of the ISPs use dynamic IPv6 prefixes on consumer lines.
I'm on a consumer service and my prefixes are solid, ever since the "Do not allow PD/Address release" option was added to pfSense. DHCPv6-PD uses something called "Device Unique IDentifier" (DUID) to lock the prefix to the customer.