using virtualbox on my laptop, no control of accesspoint, cox upstream
-
What is the recommended way to setup ipv6 for testing in a lab environment like this?
-
It might help if you provide some info we can work with.
-
@jknott So this is my first time working with ipv6, i'm understanding that the router i'm connecting to is handing out a prefix, and that since that router is handing out a /64, there are no further subnets allowed. if im wrong, please illuminate me. so ive tried to setup the wan in several different ways, using the forum for guidance, but i've yet to get the pfsense box to assign actual addresses to any of the clients or the lan interface.
I've tried any number of combinations of slaac and ra/dhcp6, to no avail. so i decided to sleep on it. I guess since the /64 cant be further subnetted, is it possible to set this up to have the router pass out /128's to the client devices that will route? I have no control of the upstream at all, and as these networks are mobile, i'm unsure how any static configuration would serve me anyway taking into account that at best the bridged wan will be handed a /64.
Please right my mind on this.
-
further, for clarification of my setup i have pfsense, and opnsense with their wan intrefaces bridged to the laptops wifi card, and each of these boxes have their own internal network on their lan interfaces. several clients are attached to the inernal networks of each.
my laptop has 50GB of ram. what a world we live in.
-
@wentoo said in using virtualbox on my laptop, no control of accesspoint, cox upstream:
Please right my mind on this.
LANs are always /64. You can't change that without breaking things. Normally, ISPs will provide a larger prefix, such as /56, which pfSense can split into multiple /64s.
-
@jknott I did understand that. Is it possible to have pfsense accept the /64 that the home gateway hands to it and have pfsense send 128's to the internal devices?
-
Perhaps you should describe what you're trying to do. You can have smaller prefixes, including /128, but not on a LAN. You could, for example use a /127 on a point to point link. A /128 is just a device address and nothing else. You can't even pass data through it. You'll often see a /128 on the WAN connection.
-
I thought I did explain what I am doing. I have a subnet connected to the lan interface of pfsense. I have the wan interface of pfsense bridged with the wifi card on my laptop. The laptop is connected to a wifi gateway from cox that I don't have control over, so I need to somehow get addresses from the cox gateway to the internal network that are valid. So far I've only got this to work by bridging the lan and wan interface of the pfsense box, which is less than ideal.
Ip6 is all pretty new to me so not having nat is confusing me. If I have to setup pfsense as a firewalled bridge, it would be the first time I've done that.
So I guess I'm just wanting to know how this should be done, if there's a better way to build a lab network that gets valid ip6 addresses, or if I must use ula or link local addresses, which everything I'm reading says that I really shouldn't do that.
Is there anything like pat for ip6?
-
Do you get a bigger prefix than /64 from your ISP? If so, you have to split off some chunk of it for a downstream router to further split. You can use a manual configuration for the link between pfSense and the next router and not worry about using DHCPv6-PD there.
As I mentioned above, you can split a /64, but not for a LAN, which must be a /64 for things to work right.
