Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static IPv6 address not adding Routed To

    Scheduled Pinned Locked Moved
    IPv6
    2
    3
    242
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Batman2099
      last edited by

      I'm on 2.7.2 and have /48 of IPv6 that I'm splitting up into /60 for downstream firewalls. Everything was working fine, the downstream firewall would pull a WAN address from the the first /60 which I set aside for that propose, it then would get a /60 delegated prefix for the LAN network and assign a IPv6 address. IPv6 traffic routed fine and everything worked. The issue started when I would set downstream firewalls with a static IPv6, pfsense would stop adding the "Routed To" and traffic would stop routing. Anyone got any ideas what I am doing wrong?msedge_3Sp9koBDkI.png

      1 Reply Last reply Reply Quote 0
      • P
        protocol6v
        last edited by

        I too am having issues with IPv6 statics/delegations and i'm not sure if it's a misunderstanding on my part or a lack of functionality so would love some clarification. I also have a /48 that I am trying to route from a PFSense HA setup as router-only (No firewall/nat) but can't seem to get things going in a sane manner on the latest versions...

        My biggest issue is that delegated prefixes are seemingly not able to be set "static" in any way. I was previously on 2.6, and in that version when I set a static address reservation for a downstream "tenant" firewall (mostly also PFSense virtual Firewalls), the downstream would still receive a functional PD, but if I did any maintenance on the upstream router, the PD would get lost and the downstream tenants would need to change their LAN PD and DNS statics and whatnot, which is not cool. Interestingly, the static assignment would show up twice in the DHCPv6 Leases list, once as a dynamic assignment, and once further down as the Static assignment. It would also then appear in the delegated prefixes list in routed to.

        Now, in 2.7.0+ any static entries no longer received a routable PD at all, and are only represented the once in the DHCPv6 Leases list. A prefix delegation exists in the next list, but it has no "routed to" entry and is not functional on the downstream firewall.

        All of the above are with the ISC server, forget even attempting this with Kea, there isn't a PD section at all! Not sure how deprecating a fairly critical functional feature without a suitable replacement works, but that's a separate discussion.

        Would love to have some light shed on this whole thing or be educated as to what I might be doing wrong. Maybe someone here knows how to manually edit the config via cli to add the prefix delegation manually to the config files, as there does seem to be that functionality, just not built into PF's frontend?

        1 Reply Last reply Reply Quote 0
        • P
          protocol6v
          last edited by

          Nobody has anything that could help us here? Are we posting in the wrong place?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post