2.2.1: No IPv6 assigned to LAN anymore
-
Now I use my custom config file```
interface em0_vlan88 {
send ia-na 0; # request stateful address
send ia-pd 0; # request prefix delegation
request domain-name-servers;
request domain-name;
script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
prefix ::/48 infinity;
};I would like to use the advanced config section but I don’t know exactly how to fill up these fields. The first part works, but where should I put``` id-assoc na 0 { }; id-assoc pd 0 { prefix ::/48 infinity; ```for getting the right result? -
Of course setting a fixed ipv6 address on any device isn't backwards. Especially not if the chance that the assigned prefix ever changes is zero.
One would think that if this prefix does chance, it would be the least of your worries, as the number of dynamic dns services that support ipv6 is extremely low.
There are valid reasons to assigning a fixed IPv6 address on a router interface, even though in RA the router address used is the link local address. If for whatever reason, one has completely disabled RA on say a server, one could use the static IPv6 of the router interface + a static route and be done with it.
Having said that, at least using advanced options enables us to re-instate the old behavior, which to me makes much more sense, especially in enterprise.
It is clear this was a deliberate change, I am however not convinced that change makes a lot of sense and I doubt that people that have been bitten by this chance are a tiny group.
Edit to add, no I am not setting a static IPv6 address on the router interface just so that I can use the dhcpv6 server supplied by pfsense, that server isn't running on the router and for good reason to.
-
If you are using a service like comcast or time warner cable that assigns dynamic IPV6 addresses via DHCP and should be using a track interface and your are assigning static addresses here and there, you are screwing up. Your pain is your fault.
-
Yeah that is not good :)
But my provider gives me one /64 static connecting segment (pppoe) and a static /56 that I divided into 256 /64 networks and I HAVE TO USE STATIC on my VLANs :)
Trac interface is at no use to me…br,
m -
If you are using a service like comcast or time warner cable that assigns dynamic IPV6 addresses via DHCP and should be using a track interface and your are assigning static addresses here and there, you are screwing up. Your pain is your fault.
My point was that there are quite a few providers that provide STATIC ::/48 or ::/56, but rely on PD to get the prefix to a router, in such cases this change doesn't really make sense.
-
You described my case very well ;)
-
OK - I see.
-
Now I use my custom config file```
interface em0_vlan88 {
send ia-na 0; # request stateful address
send ia-pd 0; # request prefix delegation
request domain-name-servers;
request domain-name;
script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
prefix ::/48 infinity;
};I would like to use the advanced config section but I don’t know exactly how to fill up these fields. The first part works, but where should I put``` id-assoc na 0 { }; id-assoc pd 0 { prefix ::/48 infinity; ```for getting the right result?Configure advanced settings exactly how they appear in the image I posted, then add '::/48' in the 'Prefix ipv6-prefix' field and 'infinity' in 'pltime' field.
-
Yeah that is not good :)
But my provider gives me one /64 static connecting segment (pppoe) and a static /56 that I divided into 256 /64 networks and I HAVE TO USE STATIC on my VLANs :)
Trac interface is at no use to me…br,
mmaverick, why do you have to use static on your VLANs? I use DHCP6+PD with VLAN configured as track interface and everything works fine.
-
Because I need: XXXX:XXXX:XXXX:XXXX::X to be static and always the same.
I have 5 subnets that I chose and of course they need to be static… -
So essentially you are doing it because you want to have a short interface identifier (rightmost 64-bits) in your IPv6 address instead of having them be auto-configured, which would be the case if you used track interface. Did I understand that correctly?
-
My provider gives me static /56 which means 256 /64 subnets.
I cant use track interface for this config to work in my 5 subnets of /64… Also small ip size is cool to have but its not intended or needed in my case... -
Did you try following configuration? In your case you can have up to 256 track interfaces, so I still don't understand what exactly is not working for you.
-
WAN Configuration
-
IPv6 Configuration Type: DHCP6
-
DHCPv6 Prefix Delegation size: 56
-
VLAN1 Configuration
-
IPv6 Configuration Type: Track Interface
-
IPv6 Interface: WAN
-
IPv6 Prefix ID: 1
-
VLAN2 Configuration
-
IPv6 Configuration Type: Track Interface
-
IPv6 Interface: WAN
-
IPv6 Prefix ID: 2
-
VLAN3 Configuration
-
IPv6 Configuration Type: Track Interface
-
IPv6 Interface: WAN
-
IPv6 Prefix ID: 3
-
VLAN4 Configuration
-
IPv6 Configuration Type: Track Interface
-
IPv6 Interface: WAN
-
IPv6 Prefix ID: 4
-
VLAN5 Configuration
-
IPv6 Configuration Type: Track Interface
-
IPv6 Interface: WAN
-
IPv6 Prefix ID: 5
-
-
Oh man….
Sorry but you will have to learn to read what I posted.
It is all working for me with advanced options or custom conf file.For the last time I DON`T WANT TO USE TRACK INTERFACE OPTION! :)
-
Unless I'm confused, your setup will break eventually.
-
My setup?
Why? -
Unless I'm confused, your setup will break eventually.
Conclusion is the "Track Interface" is promoted to the default LAN config. Plus automated issuance of LAN IP using SLAAC.
The don't bother out-of-the-box solution for beginner. ;)All other LAN config goes by using WAN "Advanced". Fine with me.
-
Couldn't agree more.
My ipv6 setup works like this 3 years, last 2 years on pfsense…
Autoconfig of lan seems bad idea for me and my both networks, home and work... -
…
Autoconfig of lan seems bad idea for me and my both networks, home and work...IF or WHEN my native (quasi-)static number of IPv6 prefix, by DHCP(PD), is changed (by ISP) I want to have my LAN dropped !. Security. No secret unnoticed changes from the far side allowed. :)
-
IMHO its a bastardized solution and getting a tunnel would be better for what you guys are doing, but its cool. Sounds like you are well aware it is not ideal.