IPv6 manual PD
-
No. You will want to delete everything if you are getting a DHCP6 PD and using tracking interfaces.
What, exactly, is your goal.
When you deal with NATting IPsec connections because both sides chose the same RFC1918 subnet and nobody wants to renumber you will see the value of doing a globally-unique local /48 at every site from the beginning.
-
@Derelict said in IPv6 manual PD:
No. You will want to delete everything if you are getting a DHCP6 PD and using tracking interfaces.
Delete everything ... Sorry, I totally lost you there.
What, exactly, is your goal.
Local IPv6 addresses registered in the DNS resolver to allow contacting machines from the internal LAN when the Global prefix isn't being delegated.
When you deal with NATting IPsec connections because both sides chose the same RFC1918 subnet and nobody wants to renumber you will see the value of doing a globally-unique local /48 at every site from the beginning.
The idea is to move away from anything IPv4 related. IPv4 is only used as a backup and in some scenarios where IPv6 isn't fully supported.
-
@JKnott said in IPv6 manual PD:
I was thinking he should have both ULA and GUA. If he doesn't have either, there's some other problem.
Which is what I believe as well.
-
This post is deleted! -
There are problems with that.
https://redmine.pfsense.org/issues/5999
When I have to reboot I:
- Delete the ULA IP Alias VIPs from LAN and DMZ
- Edit/Save WAN to kick off DHCP6 and Track interface
- Put the ULA VIPs back on LAN and DMZ
After that I am good until I have to reboot the firewall again. That is the current state of things. If that is unacceptable for you then pfSense, as it exists right now, might not be a good fit for your requirements.
$ ifconfig vlan0 vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=3<RXCSUM,TXCSUM> ether a8:60:b6:19:15:fe inet6 fe80::18f3:9042:2cd0:8d8%vlan0 prefixlen 64 secured scopeid 0xd inet6 2600:face:0ff:9501:ca2:7504:b2dc:4842 prefixlen 64 autoconf secured inet6 2600:face:0ff:9501:b567:3b2f:300f:398c prefixlen 64 deprecated autoconf temporary inet6 fd8c:9857:66db:1:4c9:e132:ee:396a prefixlen 64 autoconf secured inet6 fd8c:9857:66db:1:10d2:3eb7:aefc:d655 prefixlen 64 deprecated autoconf temporary inet 192.168.223.6 netmask 0xffffff00 broadcast 192.168.223.255 inet6 2600:face:0ff:9501::145a prefixlen 64 dynamic inet6 2600:face:0ff:9501:1123:95df:fb97:3e4c prefixlen 64 deprecated autoconf temporary inet6 fd8c:9857:66db:1:1123:95df:fb97:3e4c prefixlen 64 deprecated autoconf temporary inet6 2600:face:0ff:9501:b529:c61f:f4f5:ba3a prefixlen 64 deprecated autoconf temporary inet6 fd8c:9857:66db:1:b529:c61f:f4f5:ba3a prefixlen 64 deprecated autoconf temporary inet6 2600:face:0ff:9501:1dd:5877:4758:d9d2 prefixlen 64 deprecated autoconf temporary inet6 fd8c:9857:66db:1:1dd:5877:4758:d9d2 prefixlen 64 deprecated autoconf temporary inet6 2600:face:0ff:9501:551d:4e96:bb81:e2f7 prefixlen 64 deprecated autoconf temporary inet6 fd8c:9857:66db:1:551d:4e96:bb81:e2f7 prefixlen 64 deprecated autoconf temporary inet6 2600:face:0ff:9501:ecb6:32ad:85b6:8a8e prefixlen 64 deprecated autoconf temporary inet6 fd8c:9857:66db:1:ecb6:32ad:85b6:8a8e prefixlen 64 deprecated autoconf temporary inet6 2600:face:0ff:9501:3c69:b7aa:a84:284 prefixlen 64 autoconf temporary inet6 fd8c:9857:66db:1:3c69:b7aa:a84:284 prefixlen 64 autoconf temporary nd6 options=201<PERFORMNUD,DAD> vlan: 223 parent interface: en0 media: autoselect (1000baseT <full-duplex>) status: active
-
LAN:
And:
-
This post is deleted! -
This post is deleted! -
This post is deleted! -
@Derelict said in IPv6 manual PD:
Delete the ULA IP Alias VIPs from LAN and DMZ
Edit/Save WAN to kick off DHCP6 and Track interface
Put the ULA VIPs back on LAN and DMZ@Derelict, would you mind elaborating on deleting and putting back the ULA VIPs as referred to above ?
-
Firewall > Virtual IPs
-
@Derelict Would you believe it. That was the last place I never check. Doh ! Thanks.