Issue configuring IPv6 with ULA, but works fine with Track Interface.
-
@lamboalpha said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:
I set the following for v6: WAN: SLAAC, LAN: Track Interface . Firewall: Virtual IP fd00... I disabled DHCP IPv6 and left RA enabled with fd00... the subnet. I also added the virtual IP address.
Normally, the WAN is set to DHCP6 and the LAN SLAAC.
Get things working properly without ULA first. Then add ULA as per my instructions. I suspect you're getting things mixed up.
-
@jknott Corrected, but still no IPv6 connectivity for the base configuration (no ULA). I have to have track interface and RA enabled to get IPv6 to work. RA is not possible with SLACC.
-
@lamboalpha said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:
RA is not possible with SLACC.
It most certainly is. That's how it works. A router advertisement tells the network what the prefix is and the client provides the suffix. Maybe you can show your Router Advertisement page.
BTW, why are you blocking out your IPv4 addresses? They're RFC1918 private addresses, which means they're meaningless outside of your LAN.
-
@jknott pfSense will not let me enable RA with SLAAC enabled on the LAN. The RA was included with the previous post. There is nothing else below the error (for the Services/DHCPv6 Server & RA page).
If I try to enable RA prior to selecting SLAAC, I get the following error.
You are right on the LAN IPv4 address, but I don't need to share it.
-
@lamboalpha said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:
pfSense will not let me enable RA with SLAAC enabled on the LAN.
No. You should do what it says if you already stuck... change RA first or disable it or disable IPv6 first.
-
@lamboalpha said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:
the application requires the servers have a static IP address. The applications are not on the pfSense box.
So what is this application... and where are they?
-
Change the IPv6 Configuration Type to track interface.
-
@jknott Ok, the LAN interface has a IPv6 address. But, there is no IPv6 on the LAN. I only enabled RA, but no DHCPv6. What step do I need to next? I have not used IPv6 before and apparently need to study up on it. I thinking I would need some type of NAT or NPt, but I don't know how to setup this up on pfSense when the WAN has a dynamic IPv6 assignment. It seems like a simple ask but hard to do.
@Bob-Dig I said static, I should have said reserved and assigned by DHCP. There is DNS on the network, but some servers need/should have a static IP address, e.g. like the local DNS or network equipment or servers. For example: the DNS server was changing IPv6 address due to the ISP was causing issues, the system would have to fallback to IPv4 when doing DNS lookups. IPv6 had preference.
-
Can you post screen captures of your WAN, LAN and Router Advertisement pages?
You do not need NAT, etc.. I would expect your ISP provides a /56 prefix, which provides 256 /64 prefixes, though some ISPs provide a different size. You use the /64s for each LAN or VLAN.
-
-
Change DHCPv6 Prefix Delegation size to whatever your ISP provides. Many, including mine, provide a /56, so 56 would go in that box.
Also, for Router mode I have Unmanaged - RA Flags.
-
@lamboalpha And don't use /128 for subnet on RA...
-
@JKnott @Bob-Dig Yes, I had the RA subnet wrong. I missed that when I redid all the settings. It is now set to /56, the same as the WAN. It had previously been at 64. JKnott, I changed the Router mode to Managed. When DHCPv6 is enabled, it works with assisted or managed fine.
Still nothing on the LAN is getting an IPv6 address.
Thanks...
-
Assuming your ISP is providing DHCPv6-PD, it should work. Maybe the best thing is to start fresh, as you may have messed up something. Keep it simple and get it working before adding any extras.
You can back up the existing config first, so you can compare. -
@lamboalpha said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:
Yes, I had the RA subnet wrong. I missed that when I redid all the settings. It is now set to /56, the same as the WAN. It had previously been at 64.
/64 was right.
-
@bob-dig said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:
/64 was right.
That would allow only a single /64 prefix. If the ISP provides a larger prefix, that's what should be used.
-
-
@lamboalpha said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:
but just confirming, there is not way with 1:1 or NPt to use the ISP range (which is dynamic) and set the internal network of FD00.
Maybe there is, haven't tried it yet, because you can use the dynamic ones too (with some caveats).
One thing one could try is maybe this, make an unused VLAN and give it a dynamic prefix via track interface. Then use that prefix to do NPt with your interface which is using the ULA and see how pfSense respond.
In the future it would be nice if pfSense would allow to reserve prefixes just for that cause. Or find another way of fixing the problems when using dynamic prefixes.
-
@lamboalpha said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:
but just confirming, there is not way with 1:1 or NPt to use the ISP range (which is dynamic) and set the internal network of FD00. Per the ULA comment.
Not that I'm aware of. Regardless, NAT is a bad idea on both IPv4 and IPv6. It's needed on IPv4 due to the address shortage, but not IPv6. However, your prefix should not be changing, provided Do not allow PD/Address release is selected, though I know there are some stupid ISPs that don't respect it. I've had the same prefix for a few years and it's survived replacing both the modem and the computer I run pfSense on.
-
@jknott said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:
Do not allow PD/Address release
I don't have this option anymore or am I blind...
