IPv6 Routing
-
@JKnott said in IPv6 Routing:
I have been using ULA for well over a year. However, one thing I found is that the GUA prefix was no longer automatically assigned. I had to manually add both the ULA and GUA prefixes on the Router Advertisement page.
I’ve been thrown a loop with these interfaces changing on me, could you add a picture of your VIPs and RA pages please? I’be tied myself up in knots over the prefix size which I thought I had right, but folowing a reboot I’m not sure it was ever right. Thanks for useful posts elsewhere on IPv6 they’ve been useful.
Edit: ah, I think I’ve hit the issue around the interface addresses that reorder after a reboot that’s reported on Redmine.
-
Hers's the RA page. I had to include the prefix from my ISP, as for some reason pfSense doesn't do that when you use ULA
login-to-viewAnd the VIP page
-
Wouldn't this break though if your ipv6 prefix changed dynamically? Any devices on this interface would lose internet connectivity via ipv6.
I thought the only point of trying to use the ULA address, was to try to keep connectivity to things like external DNS, etc. if the prefix changed.
It seems that the real bug here, is that a route isn't automatically added when the subnet is added. If that was done, you wouldn't have to use a VIP which brings in its own issues.
Also are both of these subnets included in "LAN net"?
-
-
The prefix should not be changing. There's a setting to prevent pfSense from releasing the prefix, though, apparently, some ISPs don't comply. When I first started using pfSense, that setting wasn't available and my prefix did change for something as minor as disconnecting/reconnecting the WAN cable.
-
@JKnott said in IPv6 Routing:
The prefix should not be changing. There's a setting to prevent pfSense from releasing the prefix, though, apparently, some ISPs don't comply. When I first started using pfSense, that setting wasn't available and my prefix did change for something as minor as disconnecting/reconnecting the WAN cable.
My prefix doesn't change either, which is why I don't use ULA. Not sure of the point of ULA in that case.
Are both subnets you have added also get added to the "LAN net" for firewall rules?
-
The ULA addresses are not routed off my network, so there's no need for rules. ULA addresses are routeable, just like RFC 1918 on IPv4, but are not allowed on the Internet. You can use ULA in the same way as you might RFC 1918, except you can have both ULA and GUA addresses on the same network. One reason might be you still have local networking, even if your ISP connection fails.
-
@JKnott Thats exactly how I (would like to!) use my ULAs to ensure locally hosted services still function when my WAN connection goes down as that takes out all the GUA's across local subnets.
The family won't care about IPv6 blah blah if Emby isnt working.
-
@JKnott
Ok, I can see then why you would use ULA for that.I don't know FreeBSD, but isn't there a route command to just add the static route to the interface without creating a VIP?
You don't need a VIP since the gateway for both of these subnets is going to be fe80::1:1 anyway. If you look at the RA it is advertising itself for both subnets on the link local.
-
Yes, I know the RA has both. People have to get away from the IPv4 way of thinking. There are essentially unlimited addresses available. You can have multiple addresses on an interface. In my case, I have link local, GUA and ULA. I could even have multiple GUA & ULA if I wished. Sometimes you just want a local network for some devices that share the same network as the devices that connect to the Internet. As mentioned, there is an issue with pfSense where it forgets to apply the GUA prefix, when ULA is also used. As far as I'm concerned, that's a bug.