Issue configuring IPv6 with ULA, but works fine with Track Interface.

JKnott · Sep 6, 2022, 2:05 PM

Change the IPv6 Configuration Type to track interface.

lamboalpha · Sep 13, 2022, 3:39 AM

@jknott Ok, the LAN interface has a IPv6 address. But, there is no IPv6 on the LAN. I only enabled RA, but no DHCPv6. What step do I need to next? I have not used IPv6 before and apparently need to study up on it. I thinking I would need some type of NAT or NPt, but I don't know how to setup this up on pfSense when the WAN has a dynamic IPv6 assignment. It seems like a simple ask but hard to do.

@Bob-Dig I said static, I should have said reserved and assigned by DHCP. There is DNS on the network, but some servers need/should have a static IP address, e.g. like the local DNS or network equipment or servers. For example: the DNS server was changing IPv6 address due to the ISP was causing issues, the system would have to fallback to IPv4 when doing DNS lookups. IPv6 had preference.

JKnott · Sep 13, 2022, 2:26 PM

@lamboalpha

Can you post screen captures of your WAN, LAN and Router Advertisement pages?

You do not need NAT, etc.. I would expect your ISP provides a /56 prefix, which provides 256 /64 prefixes, though some ISPs provide a different size. You use the /64s for each LAN or VLAN.

lamboalpha · Sep 17, 2022, 5:11 PM

@jknott

JKnott · Sep 17, 2022, 5:22 PM

@lamboalpha

Change DHCPv6 Prefix Delegation size to whatever your ISP provides. Many, including mine, provide a /56, so 56 would go in that box.

Also, for Router mode I have Unmanaged - RA Flags.

Bob.Dig · Sep 17, 2022, 6:09 PM

@lamboalpha And don't use /128 for subnet on RA...

lamboalpha · Sep 17, 2022, 9:35 PM

@JKnott @Bob-Dig Yes, I had the RA subnet wrong. I missed that when I redid all the settings. It is now set to /56, the same as the WAN. It had previously been at 64. JKnott, I changed the Router mode to Managed. When DHCPv6 is enabled, it works with assisted or managed fine.

Still nothing on the LAN is getting an IPv6 address.

Thanks...

JKnott · Sep 18, 2022, 12:02 AM

@lamboalpha

Assuming your ISP is providing DHCPv6-PD, it should work. Maybe the best thing is to start fresh, as you may have messed up something. Keep it simple and get it working before adding any extras.
You can back up the existing config first, so you can compare.

Bob.Dig · Sep 18, 2022, 6:19 AM

@lamboalpha said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:

Yes, I had the RA subnet wrong. I missed that when I redid all the settings. It is now set to /56, the same as the WAN. It had previously been at 64.

/64 was right.

JKnott · Sep 19, 2022, 3:57 AM

@bob-dig said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:

/64 was right.

That would allow only a single /64 prefix. If the ISP provides a larger prefix, that's what should be used.

lamboalpha · Sep 19, 2022, 3:57 AM

@jknott Everything works fine the moment I enable DHCPv6 (with PD). I have enabled the IP alias, but just confirming, there is not way with 1:1 or NPt to use the ISP range (which is dynamic) and set the internal network of FD00. Per the ULA comment.

Bob.Dig · Sep 19, 2022, 7:27 AM

@lamboalpha said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:

but just confirming, there is not way with 1:1 or NPt to use the ISP range (which is dynamic) and set the internal network of FD00.

Maybe there is, haven't tried it yet, because you can use the dynamic ones too (with some caveats).

One thing one could try is maybe this, make an unused VLAN and give it a dynamic prefix via track interface. Then use that prefix to do NPt with your interface which is using the ULA and see how pfSense respond.

In the future it would be nice if pfSense would allow to reserve prefixes just for that cause. Or find another way of fixing the problems when using dynamic prefixes.

JKnott · Sep 19, 2022, 1:09 PM

@lamboalpha said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:

but just confirming, there is not way with 1:1 or NPt to use the ISP range (which is dynamic) and set the internal network of FD00. Per the ULA comment.

Not that I'm aware of. Regardless, NAT is a bad idea on both IPv4 and IPv6. It's needed on IPv4 due to the address shortage, but not IPv6. However, your prefix should not be changing, provided Do not allow PD/Address release is selected, though I know there are some stupid ISPs that don't respect it. I've had the same prefix for a few years and it's survived replacing both the modem and the computer I run pfSense on.

Bob.Dig · Sep 19, 2022, 1:10 PM

@jknott said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:

Do not allow PD/Address release

I don't have this option anymore or am I blind...

JKnott · Sep 19, 2022, 5:37 PM

@bob-dig said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:

or am I blind...

Yes. It's on the WAN page.

Bob.Dig · Sep 19, 2022, 5:43 PM

@jknott Not for me.

JKnott · Sep 19, 2022, 6:07 PM

@bob-dig

How old is your version of pfSense? It was added a few years ago. It wasn't there when I started using pfSense around 6.5 years ago, but was added not long afterward. Before then, simply disconnecting/reconnecting the WAN cable was enough to cause a prefix change.

Bob.Dig · Sep 19, 2022, 6:10 PM

@jknott said in Issue configuring IPv6 with ULA, but works fine with Track Interface.:

@bob-dig

How old is your version of pfSense?

I am on 22.05-RELEASE

JKnott · Sep 19, 2022, 6:12 PM

@bob-dig

I'm on 2.6.0. I have no experience with 22. Perhaps you should contact the Netgate people about this.

Bob.Dig · Sep 19, 2022, 6:21 PM

Maybe @stephenw10 can confirm, that that option (Do not allow PD/Address release) is missing in 22.05-RELEASE.