IPv6 with two or more LAN-side interfaces
-
Today I (Homeuser) added a second LAN-Interface (OPT1) to pfSense and the problems began.
Track Interface for both seems to be not possible, so what to do now?
Any chance of running DHCPv6 Server & RA on both interfaces?
I guess I don't want my ISP to give out the addresses so do I have to switch to SLAAC or what are my options? Any help is appreciated, especially from @JKnott . -
It most certainly is possible. I do it here. What you have to do is select a different IPv6 Prefix ID for each interface. I have a /56 from my ISP and I use ID 0 for my LAN, 4 for a test LAN and ff for my VPN. With this, I could have as many as 256 interfaces, each with a /64. How many you get depends on what your ISP provides.
-
@JKnott pfSense is telling me that only 0 is allowed and that 0 is already taken by LAN, witch is true. How to fix that, any ideas?
I am on Version 2.5.0-DEVELOPMENT, hope it is not related to that.
-
Is your modem in bridge or gateway mode? For this to work, your modem has to be in bridge mode and the ISP has to be providing more than a singe /64. As I mentioned, I have a /56, some other ISPs provide /48 and I have heard of /60. If your modem is in gateway mode, you will have only a single /64.
-
@JKnott It is in bridge-mode. Where can I see, what I get from the ISP? I know that pfSense says /64, but that must not be the truth or is it? Sorry for my bad English.
-
The allowed indices on tracking interfaces are controlled by the DHCPv6 Prefix Delegation Size on the WAN and what is received from the ISP. For /64 that means only one is allowed (0). For a /60 that would allow 16 networks, so the ID can be from 0-F (it's in hex).
If you do not know what your maximum prefix delegation size is, contact your ISP. You might be able to just try larger values and see what happens, or check in the DHCP logs, but the best way to know is to ask the ISP.
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp said in IPv6 with two or more LAN-side interfaces:
You might be able to just try larger values and see what happens, or check in the DHCP logs, but the best way to know is to ask the ISP.
Or, if you're handy with Packet Capture and Wireshark, you can see what is provided. The prefix size and address are provided in both the Advertise XID and Reply XID lines.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@JKnott I am not. So I tried 63 and 60 and none of my LAN-sided interfaces got an IPv6. So I am out of luck with my ISP.
Is there another solution to provide IPv6 to those Interfaces or is it just not possible, without using Hurricane Electric IPv6 Tunnel or something different?
-
First, find out what your ISP provides. Did you check /var/log/dhcpd.log as @jimp suggested? In it, you will see something like:
Feb 12 09:19:18 firewall dhcp6c[18217]: <3>[prefix] (6)
Feb 12 09:19:18 firewall dhcp6c[18217]: <3>[::] (2)
Feb 12 09:19:18 firewall dhcp6c[18217]: <3>[/] (1)
Feb 12 09:19:18 firewall dhcp6c[18217]: <3>[56] (2)
Feb 12 09:19:18 firewall dhcp6c[18217]: <3>[infinity] (8)
Feb 12 09:19:18 firewall dhcp6c[18217]: <3>end of sentence [;] (1)The 56 above is my prefix length.
You might also mention your ISP, so that someone else here might offer advice.
-
@JKnott Nothing like this in the logs.
-
You have Start DHCP6 client in debug mode enbled on the WAN interface ?
-
@NogBadTheBad Not till now, will give it a try.
-
@Bob-Dig said in IPv6 with two or more LAN-side interfaces:
@NogBadTheBad Not till now, will give it a try.
Just a thought, not sure if it will give you the answer you need.
-
@NogBadTheBad Looks like it:
Feb 14 17:01:41 pfSense dhcp6c[73783]: get DHCP option IA_PD, len 41 Feb 14 17:01:41 pfSense dhcp6c[73783]: IA_PD: ID=0, T1=302400, T2=483840 Feb 14 17:01:41 pfSense dhcp6c[73783]: get DHCP option IA_PD prefix, len 25 Feb 14 17:01:41 pfSense dhcp6c[73783]: IA_PD prefix: 2a02:xxxx:xxxx:xxxx::/64 pltime=604800 vltime=1209600 Feb 14 17:01:41 pfSense dhcp6c[73783]: get DHCP option preference, len 1 -
Might want to hide part of the IPv6 address.
-
So is there any option left with that ISP-IPv6 or no?
-
What lengths did you try? Only 64, 63, and 60? You should at least try some other common ones: 56, 48, etc. before ruling them out.
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp Ok, tried them now, not working.
-
@Bob-Dig said in IPv6 with two or more LAN-side interfaces:
So is there any option left with that ISP-IPv6 or no?
You could try mentioning what ISP that is. There might be someone here who has experience with them.
-
