DHCPv6 Server tab should not depend on static IPv6
-
I have an ISP that hands out a dynamic /64 prefix via DHCPv6 prefix delegation. To use that dynamic /64 prefix on the LAN interface I need to use the "Track interface" IPv6 config with the option to track the WAN interface. This means the IPv6 config on the LAN interface is not static. That works fine for setting an IPv6 on the LAN interface of the firewall, but there is no way to hand out IPv6 addresses from that /64 dynamic prefix to other hosts connected to the LAN interface. One valid way of handing out IPv6 addresses on the LAN interface in this case would be via router advertisements, but that option is locked away on the DHCPv6 Server page. This is because there is a check on the DHCPv6 Server page to allow configurations to be made only if you have a static IPv6 configured. As you can see, in my case I can't have a static IPv6 configured on the LAN interface, yet I should be allowed to hand out IPv6 to the LAN clients.
One possible solution for this problem would be to only deny access to the DHCPv6 specific options if there is no static IPv6 configured, leaving the other options available even for those cases where no static IPv6 is configured.
-
I use the track interface on my LAN and router advertisement is working. DHCPv6 seems to be enabled when I turn that option on. I am using 6to4 so I don't know if that makes different.
-
You are right. I made a capture on the LAN interface and found that the LAN client PC was making router solicitations and the router would respond with router adverisements. This would repeat a couple of times and then the client would ask for DHCPv6 information. I have found that disabling the Windows firewall (default config) on the LAN client would allow the PC to obtain the correct IPv6 information.
Still, would it be possible to separate the router advertisement status/config page from the DHCPv6 page?
-
If you set the LAN interface to track the dynamic WAN interface we will automatically setup a DHCPv6 server for the LAN too for DNS and domain.
I agree that we might need to allow for dynamic entries too. It is possible iirc. But for some with dynamic prefixes that is a bit hard to do.
So if you know that your prefix is allocated statically by your ISP you should be fine.
If the prefix your ISP sends you is large enough we also setup DHCPv6 prefix delegation automatically by allocating a small chunk of the /56 or larger.