How to deal with duplicate link local when testing

  • Hey all,

    I'm trying to troubleshoot my Comcast Business setup and finally have the time. To test, I've created a VM with a 2.1.2 release assigned to the IPV6 modem and the internal LAN. On my production firewall, I've turned off IPV6.

    I'm getting the following on the test pfSense VM:

    kernel: em0: DAD complete for fe80:1::1:1 - duplicate found

    Which makes sense, since both firewalls have rewritten the link-local address to this same value.

    From the production firewall, where the LAN PHY is VLANed out:


    And then on the test VM (just using access mode, no trunking):


    My guess is that pfSense rewrites the address w/o EUI-64 to make it easier to troubleshoot/test. But I'd like to know why the value is changed, as here is an example on my prod setup where I haven't attempted to "track interface":


    So, the questions are:

    • Understanding why the value is written that way in the first place?

    • Is there a way to change that value per-firewall? that way I can have both up w/o the duplicate error?

    • Why doesn't link local get reset back to the EUI-64 value once IPv6 is removed from an interface?

    Once I get past that point I'll attempt, again, to get Comcast BIS with my /56 operational. Thanks all!

  • Bumping to see where I can resolve this issue. As a lark I install m0n0wall and setup IPv6 there. PD allocation worked, yet still no LAN traffic passing the local netgear modem.

    But when I did enabled IPv6 on the LAN interface, the link-local always stayed in EUI64 format. So just trying to figure out what portion of pfSense code is changing the link-local addresses to fe80:1::1:1, and how to revert back to SLAAC-style addresses.

Log in to reply