IPv6 Router Advertisement DHCP Question/Issue

meluvalli · Dec 24, 2021, 11:04 AM

I have a little bit of a problem.

My ISP uses DHCP for IPv6 addresses. So, sometimes my IPv6 address changes.

I have a /64 network. So, the first 4 sections of my IPv6 address could change at any given time. The problem I'm having is I use a separate DNS server other than pfSense and also, the "subnets" under RA is set as well, but can change when IP changes.

So, anytime my IPv6 address changes, I manually have to go into pfSense and change these addresses!

Example: Under Services/DHCPv6 Server & RA/LAN/Router Advertisements, I have my current IPv6 subnet as 1111:2222:3333:4444:: / 64.
and
DNS Server 1: 1111:2222:3333:4444:4321:4321:4321:4321.

When my IPv6 address changes from ISP, my 1111:2222:3333:4444 may change to something like 6789:6789:6789:6789.

I would like a way to programmatically update these two fields based on my IPv6 address. Otherwise, when my ISP changes my IPv6 address, I loose IPv6 on my network completely until I manually login and change these addresses!

Is this possible? Is there a variable I could use in place of the numbers that I don't know about or an alias or something?

I can't imagine I'm the only one with this issue?

JKnott · Dec 26, 2021, 9:58 AM

@meluvalli

First off, ensure Do not allow PD/Address release on the WAN page is selected. If that doesn't work, you can use Unique Local Addresses when accessing local devices.

meluvalli · Dec 26, 2021, 9:58 AM

@jknott
Thanks for the response. I just "enabled" (checked) the box for "Do NOt allow PD/Address release".

I will give this a go and see if this solves the problem! Thank you!!! I appreciate it!

I'm still kind of shocked it's not an option to use some kind of alias or something. Because even in firewall rules, if you are using IPv6, you need to update these addresses as well evetime the IP changes.

JKnott · Dec 28, 2021, 7:08 AM

@meluvalli

You can use names in the firewall rules for thing like "LAN" and "WAN". What would be nice is filtering by MAC address, but that's not supported.

meluvalli · Dec 28, 2021, 7:08 AM

@jknott
I know you can use WAN and LAN, but that doesn't help if you want to allow a rule for a client inside the IPv6 pool.

My address for WAN maybe 1111:2222:3333:4444:AAAA:BBBB:CCCC:DDDD, but my client maybe
1111:2222:3333:4444:AAAA:BBBB:CCCC:FFFF. So, I need my firewall to point to the FFFF address in the forward and if my IPv6 address changes, then I have to manually go into the firewall and update them.