Using IPv6 Gateway outside of /64 Subnet

  • Hi There,

    To cut a long story short, I know this is not a good setup by any stretch of the imagination. But it is something I would really like to conker given half the chance.

    I have a Dedicated Server from So You Start (a budget version from OVH) and they have provided me with some IPv4 Addresses and a /64 IPv6 Subnet.

    For my IPv4 I have got the following commands in the config.xml file.

    <shellcmd>route add -iface em0</shellcmd>
    <shellcmd>route add default</shellcmd>

    This allows me to set my IP Address on a /32 Subnet. OVH don't allow Virtual Machines to use a /24 Subnet as it causes ARP Floods and they helpfully block the IP. It's not something I am particularly happy with having to do. But it works so I'll leave that there.

    However for IPv6 it is a completely different story.

    route add -6 2001:41d0:4:47ff:ff:ff:ff:ff/128 -iface em0
    route add  default 2001:41d0:4:47ff:ff:ff:ff:ff

    Appear to be accepted in the CLI. However when I attempt to ping anything I get the following error:

    I have managed to get around this using one method which is the following:

    • Set the 2001:41d0:4:47a::1 on the /56 Prefix

    • Use a different gateway which is: 2001:41d0:4:4ff:ff:ff:ff:ff

    This allows me to ping 2001:4860:4860::8888

    However I cannot then add any further IP addresses on the LAN Side. I have tried using the Power^16 rule and using a /80 and /112 Subnet on the LAN Side.

    I also tried setting the WAN Address to /128 Prefix but this also didn't help.

    So that left me with some choices. The insidious NAT66, NPt, Giving Up Altogether, HE Tunnel or moving the server.

    I asked OVH / SYS for another /64 or /48 Network and they declined this saying it was not possible. (More like too much trouble if we play devils advocate)

    Now I know this exact setup can work. I have a server with lesser spec over at Hetzner. They provided me with a /56 Subnet which I installed on the WAN Interface. On my LAN and 2 other LAN Interfaces I split 3 /64s from the /56. This configuration worked out of the box.

    However I am not a fan of Hetzners compulsory Flexipack @ 12Euros for a /56 Subnet and additional costs for a Block of 8 IPv4 Addresses :-\

    I am happy to devote alot of time to this project. As there is very little on the net about it and I have far too much time on my hands through ill health right now. That to conker said spanner in the works would be of huge morale boost!

    So my questions are. Can the /64 Address be used across LAN and WAN whether split in /80 /112 or /64?

    Has anyone successfully got this working? If so, how did you manage to work it out? I've spent the best part of a week taking the pfSense apart playing with this. Multiple reinstalls and I just won't accept defeat (yet!)

    When I tried NPt I used an ULA address and put my /64 OVH Prefix and a /fd00:: /7 allocation in /64 to match that too. This didn't work either. However the article on pFsense website is contradicting as it says use ULA Address and then further down says it's not supported.

    So anyone got any recommendations on how to approach this?

    Use of HE Tunnel seems unnecessary to me, but does work albeit with heavy bandwidth reductions. I've had that do weird things with VPN before however :(

    Any help would be gratefully appreciated.

    Warm Regards,

    Dominic :-)

    Edited to correct /Code Brackets

  • I'm on the same scenario. Did you manage slice the /64 subnet on pfSense?

  • LAYER 8 Global Moderator

    So you have a /64 that your trying to break up and use /80s of that /64 on the lan side of a pfsense install on a VM?

    So the /64 they gave you is not routed to you just have use of it that is routed to them..  Even if they gave you another /64 that wouldn't be routed to that /64, etc.  What your attempting to do breaks all networking standards..  Why don't you just use a HE so you would actually have 2 /64s with the 2nd one being routed to your address in the first /64 or a /48 actually routed to you down the tunnel you create with them..

    Lets say I gave you an IP or even a few on a ipv4 /24 to use..  You can not just break up that /24 into /28's and use them on the back side of a router - since they are not routed to YOU.. You just have use of some IPs – that /24 is routed to me...  This sounds like what your trying to do with the /64 they gave you..

  • Banned

    Get /48 from HE and move on. The idea of splitting /64 is completely broken.

Log in to reply