How do I setup LAN to not use Track Interface?
-
Originally I was not able to route between my WAN and ISP Home Gateway. After a lot of playing I was able to get everything working as it should by changing the LAN IPv6 Configuration Type to Track Interface.
This good and all, but this means my ISP Home Gateway is assigning the DHCP address and I want pfSense to be my DHCP server within my private network. I originally acquired a private IPv6 address pool from http://www.simpledns.com/private-ipv6.aspx and assigned my LAN interface a Static IPv6 address. I need to be able to implement IPv6 on a managed network. Can someone give me some insight on how to configure my LAN so I don't have to depend on the Track Interface setting?
If I'm not understanding how IPv6 works please let me know. Im am still trying to wrap my brain around the whole process.
-
If I'm not understanding how IPv6 works please let me know. Im am still trying to wrap my brain around the whole process.
How many subnets do you get assigned by delegation by ISP ?
-
@hda:
If I'm not understanding how IPv6 works please let me know. Im am still trying to wrap my brain around the whole process.
How many subnets do you get assigned by delegation by ISP ?
My ISP Home Gateway settings page has a listing for "IPV6 Delegated LAN Prefix". Which is the following (cleared my global ID for my safety):
XXXX:XXXX:XXXX:5f0::
XXXX:XXXX:XXXX:5f8::Is that what your talking about?
-
So probably the :5f0: goes on the WAN, and then you can assign the :5f1: upto the :5f8: to LAN's. Then per each LAN you may setup a DHCP6-server for the last 64 bits per your choice in numbers for the pool.
-
@hda:
So probably the :5f0: goes on the WAN, and then you can assign the :5f1: upto the :5f8: to LAN's. Then per each LAN you may setup a DHCP6-server for the last 64 bits per your choice in numbers for the pool.
So I did try that and I still didn't have any internet access. But what I did try was look at what subnet the home gateway gave me, which was :5ff:, and setup DHCP-6 on that subnet. This worked, but I'm not sure where :5ff: came from since its beyond the scope of the the :5f1: to :5f8: range that it gave me. Any thoughts?
-
Well, you first have to assure what the /56 is you get assigned and is a (quasi-)static (permanent) number. It all goes from there…
Your LAN's should route with /64 to the world. How is your request of the prefix config'd on WAN ?
-
…
But what I did try was look at what subnet the home gateway gave me, which was :5ff:, and setup DHCP-6 on that subnet.
...You can not have WAN on :5FF: and LAN on it too. Each LAN has its own unique subnetnumber.
Screenshot [Status: Interfaces] (WAN) (IPv6 address) ??
-
@hda:
…
But what I did try was look at what subnet the home gateway gave me, which was :5ff:, and setup DHCP-6 on that subnet.
...You can not have WAN on :5FF: and LAN on it too. Each LAN has its own unique subnetnumber.
Screenshot [Status: Interfaces] (WAN) (IPv6 address) ??
My WAN address is :5F0: so its not using the same subnet as the LAN which has :5FF: when I manually configure it. I wonder is :5FF: is the DHCP range for my Home Gateway
-
So, if your Home-GateWay is another router, then pfSense(you) have to ask that H-GW with use of DHCP6(PD). Your pfSense is a slave of H-GW.
The H-GW decides & issues number for your pfSense-WAN and LAN's, therefore you must ask prefix-delegation of a certain size, say /62, with pfSense. Then next you can pick your subnet-number for a pfSense-LAN as Static, DHCP6-server or SLAAC.
-
If you want to actually use and manage ipv6 then yes I completely agree the track and getting from your isp is horrific.. You would be much better off getting a /48 from hurricane electric and just tunnel your ipv6 traffic. You then can setup static on your lan interfaces in those subnets and do what you want with dhcpv6 and RA in pfsense.
Been very stable, been using them for years.. While your there do the cert testing and you can get a free tshirt wants you reach sage level. Love to wear mine to promote ipv6 ;)
-
They forced the default behavior to be this way in 2.2.1. You aren't the only one that did not like this change (there are a lot of reasons not to use Track Interface, IMO but there are other discussions here about that).
This is what I had to do in order to be able to enable DHCPv6 as it was prior to 2.2.1: http://www.cmoullas.net/pfsense-2-2-1-breaks-teksavvy-ipv6-on-the-lan/
For a very complete video guide on how to configure IPv6 you can see this series of videos: https://www.youtube.com/watch?v=zdSI7Ez0Xhs
