How to deal with duplicate link local when testing
-
Hey all,
I'm trying to troubleshoot my Comcast Business setup and finally have the time. To test, I've created a VM with a 2.1.2 release assigned to the IPV6 modem and the internal LAN. On my production firewall, I've turned off IPV6.
I'm getting the following on the test pfSense VM:
kernel: em0: DAD complete for fe80:1::1:1 - duplicate foundWhich makes sense, since both firewalls have rewritten the link-local address to this same value.
From the production firewall, where the LAN PHY is VLANed out:
fe80::1:1%em0_vlan10And then on the test VM (just using access mode, no trunking):
fe80::1:1%em0My guess is that pfSense rewrites the address w/o EUI-64 to make it easier to troubleshoot/test. But I'd like to know why the value is changed, as here is an example on my prod setup where I haven't attempted to "track interface":
fe80::200:24ff:fed0:38a4%em0_vlan600So, the questions are:
-
Understanding why the value is written that way in the first place?
-
Is there a way to change that value per-firewall? that way I can have both up w/o the duplicate error?
-
Why doesn't link local get reset back to the EUI-64 value once IPv6 is removed from an interface?
Once I get past that point I'll attempt, again, to get Comcast BIS with my /56 operational. Thanks all!
-
-
Bumping to see where I can resolve this issue. As a lark I install m0n0wall and setup IPv6 there. PD allocation worked, yet still no LAN traffic passing the local netgear modem.
But when I did enabled IPv6 on the LAN interface, the link-local always stayed in EUI64 format. So just trying to figure out what portion of pfSense code is changing the link-local addresses to fe80:1::1:1, and how to revert back to SLAAC-style addresses.