dhcpv6 private and public IP
-
Hello!
At the moment i'm running Pfsense 2.5 with multiple IPv4 subnets. I can route between the subnets and it works fine. My ISP doesn't provide IPv6 yet and so I made a tunnel with Hurricane Electric. That part works. Now I want to expand and IPv6 is really new to me.
Now, I want to add IPv6 support to my existing subnets (192.168.1.1, 192.168.2.1, etc.). I want to create the same situation for those subnets.
This is the part where it gets confusing to me. I understand that I can get an /48 prefix, so I can create multiple /64 subnets. I am able to create those.
The clients on the subnets all receive a public IPv6 address and there is internetconnectivity. I have this enabled with dhcpv6
Finally, the questions:
- Do I need to create private adresses in the fd range? So when my public IP changes (for example when my ISP supports native IPv6 and I want to leave the tunnel)
- If so, how do I do that and how do I route between the subnets?
I get that these are some noob questions, but I have just recently started to understand IPv6.
Thanks in advance!
-
You do not have to create ULA prefixes, if you don't need them. However, you can do so on the Router Advertisements page. One issue though is you will then have to specifically add a prefix for your global addresses. I have no idea why that's necessary and consider it a bug. This means if your prefixes change, you will have to change the global prefix as well.
-
@jknott Thanks for you reply!
Well, I think I need ULA, because I want to be able to let clients talk to eachother internally.
I created an ULA adress via RA and the clients get a ULA address in the range I provided.In the firewall rules I made a rule that the clients of both networks have access to each other on all protocols.
I can access the clients via the public IP's on both interfaces, but when I use the ULA they can't reach one another.
I used simple dns's page to generate ULA: https://simpledns.plus/private-ipv6
Then I specified to each subnet (example): fd19:c5bc:0ba3:ea1e::/64, where i changed "ea1e" for each subnet.
Is that the correct way?
-
Well, you don't need to use a web site, just create a 48 bit random number, starting with fc or fd. There are a variety of ways to do that. A simple way is with the command ps aux|sha256 and pull off the required 40 bits to append to fc or fd. Since you get a /48, the last 16 bits should be 0000, so that you then add the prefix ID between 0 - ffff. Once you have that working, you can add the addresses to the DNS server, just as you would for public addresses.
-
@jknott Thanks for your help! I am gonna try that when I have the day off. I'll let you know if I got it to work!