• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

NPt should allow to use a dynamic delegated prefix as source too

Scheduled Pinned Locked Moved IPv6
4 Posts 2 Posters 489 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    Bob.Dig LAYER 8
    last edited by Mar 8, 2023, 1:02 PM

    Because my redmines never got read, I post it here. 😉

    The NPt dialog does allow to select a delegated prefix as a destination prefix.
    It should allow to do the same for a source prefix.
    Example: I use my delegated prefix as my source and only want to use, lets say, tunnelbroker as my second option. This doesn't work now because my dynamic delegated prefix can't be selected.

    M 1 Reply Last reply Mar 9, 2023, 7:53 AM Reply Quote 0
    • M
      mhillmann @Bob.Dig
      last edited by Mar 9, 2023, 7:53 AM

      @bob-dig Use ULA's on the internal network. This way you can easily have any external prefix and get a stable internal address.

      B 1 Reply Last reply Mar 9, 2023, 9:11 AM Reply Quote 0
      • B
        Bob.Dig LAYER 8 @mhillmann
        last edited by Bob.Dig Mar 9, 2023, 10:15 AM Mar 9, 2023, 9:11 AM

        @mhillmann There is a problem with that, (unsolicited) inbound connections. They only will work for the first NPt. So if you have two v6 WANs, it is better to use GUA of one of them for the LAN, where there is no problem with inbound connections and have the other one dealt by NPt, inbound works too.

        M 1 Reply Last reply Mar 9, 2023, 9:48 AM Reply Quote 0
        • M
          mhillmann @Bob.Dig
          last edited by Mar 9, 2023, 9:48 AM

          @bob-dig You're right on this, I don't use two GUA prefixes simultaneously pointing to the same internal ULA prefix, only as failover from one to the other if either ISP gets disconnected, as this is fairly common here. As far as I've tested, this works correctly if the primary ISP fails with pfSense changing the default GW to the next one in its Gateway Group after dpinger detects the failure of the previous one. You have to take care to arrange NPt rules in the same order (from top to bottom) as the matching GW's (1 to n), otherwise it won't work. It even fails back correctly when the previous ISP comes back online.

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received