LAN interface static IPv6 trouble
-
Hi all. I'm looking for some guidance setting a static IPv6 address on my LAN interface.
Context: I have IPv6 working well:
- On the WAN side, my BNG delegates me a static /56 prefix using DHCPv6 and the CPE is then responsible for the delegated prefix. It uses IPv4 connectivity as parent interface, reqursts only an IPv6 prefix, and does not wait for RA.
- On the LAN side, IPv6 is currently set to track the WAN interface, prefix ID is 0.
- Please let me know if you need additional details.
Question: What is the correct way to set a static IPv6 address for my LAN interface?
Let's use 1000:1000:1000:1000::/56 as my static prefix, and assume I want to assign 1000:1000:1000:1000::1 to my LAN interface.
I can do this by setting the LAN interface configuration type to static IPv6, and specifying the address 1000:1000:1000:1000::1/64, but seem to break DHCPv6 on my LAN in the process. Clients stop getting DH Pv6 leases in my specified range (::1000 to ::2000), and seem to generate their addresses using SLAAC. Their prefixes are still correct, and my statically mapped addresses continue to work (e.g. I have a RPI with 1000:1000:1000:1000::2).
I have tried setting the DHCPv6 server range in full (1000:1000:1000:1000::1000 to 1000:1000:1000:1000::1000, instead of the default ::1000 to ::2000 format). And also tried specifying a subnet in the RA settings (1000:1000:1000:1000::/64). But neither helped get the DHCPv6 working again.
Many thanks in advance. I'm don't know very much about networking in general (even less about IPv6), but am very keen to learn.
-
Is there some reason you're using DHCPv6 on the LAN? Normally, you'd use SLAAC which means you'll automagically have a static address.
BTW, Android devices don't work with DHCPv6. You can thank some genius at Google for that one.
-
@jknott There's no particular reason and I'd be open to using just SLAAC. I have just assumed DHCPv6 is needed to map static addresses I can remember/recognize for a few devices, and I have a mild preference for doing that on the pfsense side (as opposed to doing it on each client).
If I was to use just SLAAC, can I please ask:
-
Do I just uncheck enable DHCPv6 server and change the RA mode to something other than "Assisted"? Or are there additional settings I need to change?
-
Is there any way to specify a static address from pfsense? Or does using SLAAC mean the address is always decided by the device?
-
-
I have unmanaged RA flags, though I don't know if that's the best choice. However it works.
If you absolutely must have an address you define, you can add an alias in the Subnets box. You will then have 2 consistent addresses and up to 14 temporary.
-
Sorry, my mistake. I was thinking of something else. To create an alias, you do it on Firewall > Virtual IPs.
-
@jknott Thanks for the RA flag info, much appreciated.
I've switched the DHCPv6 off (will just use SLAAC for now), but if anyone has an idea of how to make it work please let me know (I'd still like to understand what I was doing wrong for future reference).
-
EDIT: After a factory reset and trying again, it seems it will work if 1) I state the DHCPv6 range in full (including the prefix), and 2) I state the subnet in the router advertisements settings.
For anyone else struggling to make this work, the specific settings are:
Services / DHCPv6 Server & RA / LAN / DHCPv6 Server
Range = [your desired IPv6 range in full, e.g. 1000:1000:1000:1000::2000 to 1000:1000:1000:1000::3000]- Note: DO NOT omit the prefix when stating the range. This is one of the issues that seemed to prevent my DHCPv6 server working properly (if the LAN interface is set to IPv6 Configuration Type = Static IPv6). By default, the range is stated excluding the prefix, e.g. ::2000 to ::3000. I'm not sure why this should matter, if the subnet field is already populated and aware of 1000:1000:1000:1000::, and omitting the prefix does no harm when the LAN interface is set to IPv6 Configuration Type = Track interface.
- Also note: I also had some trouble keeping the "Provide DNS servers to DHCPv6 clients" checkbox ticked. It is ticked by default, but seemed to untick by itself when changing and saving settings on this page. When ticking it again and saving, it would just disappear. However, it was ticked after navigating to another page and coming back. So I didn't have an issue in the end.
Services / DHCPv6 Server & RA / LAN / Router Advertisements
Subnets = [your IPv6 prefix 1000:1000:1000:1000::/64]- Note: DO NOT leave this blank. This is one of the issues that seemed to prevent my DHCPv6 server working properly (if the LAN interface is set to IPv6 Configuration Type = Static IPv6). By default this is blank, and it does no harm leaving it blank when the LAN interface is set to IPv6 Configuration Type = Track interface. I'm not sure why this should matter.
I don't know if the above are supposed to be necessary or not - apologies if I'm posting something that should be obvious. But I hope that helps someone!
