HE tunnel and 2 WAN interfaces question
-
Hello fellow Netgate community members can you please help?
I have been using HE tunnel, and I want to also add ipv6 to my other interfaces however when I attempt to do this, I get the following error...
The following input errors were detected: IPv6 address REDACTED::/64 is being used by or overlaps with: WLAN (REDACTED::/64)
Do I just split them up if so, how do I do that? It is not like subnetting ipv4 here...
Goal: What I want to happen is use my secure lan with my HE tunnel and use my guest wifi with my HE tunnel, I do not wnat them to talk to each other at all, only access outbound IPv6 gateway
-
@JonathanLee did you get the /48 from them, so you can then create your /64s out of that for your different networks?
-
@johnpoz Thanks for your help yes I got one line that states routed /48
Do I use that in place of the routed /64 on the interface assignments change it to that one? If so how would I subnet that one into two /64s? Just use a subnet calculator like in the old days?
So like REDACTED::/48
Can be changed to...
Change to REDACTED:1::/64 and REDACTED:1:100::/64 -
@JonathanLee yes you would subnet out your /48 into /64s and then you would use those on your different networks. A /48 gives you what like 65k /64s to work with - so you have plenty to choose from ;)
Sure you can use a ipv6 calc if you so want.. But /64s are pretty easy from a /48 I use number that matches up with my IPv4s
So for example my IPv4 is 192.168.9.0/24
So for my IPv6 out of my /48
2001:470:xxxx::/48
I just use
2001:470:xxxx:9::/64
Then I can just match up the ipv6 with my IPv4 address in a way
pfsense is 192.168.9.253, so its IPv6 is 2001:470:xxxx:9::253/64, my pc at 192.168.9.100 would be 2001:470:xxxx:9::100/64
One of my other segments is 192.168.3.0/24 so the IPv6 is 2001:470:xxxx:3::/64
-
@johnpoz Thank you so much for that information. That fixed it spot on understandable info.
-
@johnpoz To use SLAC do you just use Assisted RA Flags?
How do I enable IPv6 EUI-64 ??
-
@johnpoz how can I make the Two interfaces can’t talk to each other? Do just make a lan rule approve any !securelan? Would that understand IPv6 also?
-
@JonathanLee don't use bang rules.. If you don't want lan net to talk to opt net, then put in a block rule for opt net above your allow. Yes the network/subnet aliases would be the ipv4 or ipv6 networks on said interfaces.