Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    ISP requires "SLAAC + DHCPv6", supported?

    IPv6
    4
    8
    1851
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      carlpett last edited by

      Hi,
      My ISP has just started a IPv6 pilot, and I'd like to try it out. The requirements state:

      Your router must support SLAAC+DHCPv6. That is, your router will have it's external IPv6 address via SLAAC, and then the router receives a prefix via DHCPv6.

      I've tried to set this up in pfSense, by setting my WAN interface to SLAAC, and then I get an address. However, I can't seem to configure prefixes on this configuration. Is it possible?

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        That sounds kind of hokey.  You might want to ask them if your prefix is static or dynamic.  If they answer dynamic, they are clueless.  They should be assigning you a static /48 or, if they're stingy/conservative, a /56.  But even if it's a single /64 you can use it - on one LAN segment - until they pull their heads out if it's assigned to you and automatically routed to your WAN interface.  Just ignore their DHCPv6 advice and configure it statically.

        IF they want to have you get your WAN interface address via SLAAC, that's ok I suppose.

        1 Reply Last reply Reply Quote 0
        • K
          kejianshi last edited by

          Who is your ISP?

          1 Reply Last reply Reply Quote 0
          • C
            carlpett last edited by

            @Derelict:

            That sounds kind of hokey.  You might want to ask them if your prefix is static or dynamic.  If they answer dynamic, they are clueless.  They should be assigning you a static /48 or, if they're stingy/conservative, a /56.  But even if it's a single /64 you can use it - on one LAN segment - until they pull their heads out if it's assigned to you and automatically routed to your WAN interface.  Just ignore their DHCPv6 advice and configure it statically.

            IF they want to have you get your WAN interface address via SLAAC, that's ok I suppose.

            From some correspondence with their tech support, it's a /64. But as far as I can tell I'm not even able to get a prefix using the SLAAC setting in pfSense? If I'd choose DHCP6 instead, there are a bunch of settings for prefix size, but not for SLAAC. Right now for instance, I'm given <64 bits of ISP net>:20c:29ff:fef9:b914. That's not something I can use, right? There's "no space left" to delegate?

            @kejianshi:

            Who is your ISP?

            Small Swedish one

            1 Reply Last reply Reply Quote 0
            • H
              hda last edited by

              @carlpett:

              From some correspondence with their tech support, it's a /64. But as far as I can tell I'm not even able to get a prefix using the SLAAC setting in pfSense? If I'd choose DHCP6 instead, there are a bunch of settings for prefix size, but not for SLAAC. Right now for instance, I'm given <64 bits of ISP net>:20c:29ff:fef9:b914. That's not something I can use, right? There's "no space left" to delegate?

              Hmmm. Most ISP's work with prefix delegation, using your DHCP6 (PD) request towards them.

              Your prefix "location frontdoor number" is a /64, because you said: <64 bits of ISP net>. Then the last 64 bits are yours, which you can manipulate as you like.

              However, pfSense needs at least a /63 (ISP) prefix to make a /64 WAN and a different /64 LAN, based upon the first 64 bits.
              I.e. 2002:babe:face:6660::/64 and LAN: 2002:babe:face:6661::/64.

              So, I doubt if SLAAC(WAN) with SLAAC(LAN) or STATIC(LAN), and then next with SLAAC for LAN-clients, will work.
              Maybe with a DHCPv6server/RA for the LAN-side (where you specify the useable range for the last 64 bits).

              Or ask ISP for offering a prefix smaller than /64 (i.e. /62).

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                You shouldn't need to get a prefix from a dynamic source.  They should just route it to you and you should be able to configure it on your LAN statically.

                What happens if you set the WAN interface IPv6 config to DHCP6 but tell the DHCP client to only get a prefix, not an address?  Note that it is still asking for a prefix length that has to be provided by your ISP…

                ![Screen Shot 2014-09-28 at 1.49.29 PM.png](/public/imported_attachments/1/Screen Shot 2014-09-28 at 1.49.29 PM.png)
                ![Screen Shot 2014-09-28 at 1.49.29 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-09-28 at 1.49.29 PM.png_thumb)

                1 Reply Last reply Reply Quote 0
                • Derelict
                  Derelict LAYER 8 Netgate last edited by

                  Nevermind.  I just tested it.  It looks like you can configure SLAAC or DHCPv6 on WAN but not both.

                  I'm feeling a little out of my lane so I'm going to move right.

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    I guess I'm confused by the "Only request a IPv6 prefix, don't request a IPv6 address" checkbox.

                    That setting is only available if DHCPv6 is selected as an interface type and there's no alternate way to set an IPv6 interface address.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense Plus
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy