Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How do I setup LAN to not use Track Interface?

    IPv6
    4
    11
    2431
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      codeblue2k last edited by

      Originally I was not able to route between my WAN and ISP Home Gateway. After a lot of playing I was able to get everything working as it should by changing the LAN IPv6 Configuration Type to Track Interface.

      This good and all, but this means my ISP Home Gateway is assigning the DHCP address and I want pfSense to be my DHCP server within my private network. I originally acquired a private IPv6 address pool from http://www.simpledns.com/private-ipv6.aspx and assigned my LAN interface a Static IPv6 address. I need to be able to implement IPv6 on a managed network. Can someone give me some insight on how to configure my LAN so I don't have to depend on the Track Interface setting?

      If I'm not understanding how IPv6 works please let me know. Im am still trying to wrap my brain around the whole process.

      1 Reply Last reply Reply Quote 0
      • H
        hda last edited by

        @codeblue2k:

        If I'm not understanding how IPv6 works please let me know. Im am still trying to wrap my brain around the whole process.

        How many subnets do you get assigned by delegation by ISP ?

        1 Reply Last reply Reply Quote 0
        • C
          codeblue2k last edited by

          @hda:

          @codeblue2k:

          If I'm not understanding how IPv6 works please let me know. Im am still trying to wrap my brain around the whole process.

          How many subnets do you get assigned by delegation by ISP ?

          My ISP Home Gateway settings page has a listing for "IPV6 Delegated LAN Prefix". Which is the following (cleared my global ID for my safety):

          XXXX:XXXX:XXXX:5f0::
          XXXX:XXXX:XXXX:5f8::

          Is that what your talking about?

          1 Reply Last reply Reply Quote 0
          • H
            hda last edited by

            So probably the :5f0: goes on the WAN, and then you can assign the :5f1: upto the :5f8: to LAN's. Then per each LAN you may setup a DHCP6-server for the last 64 bits per your choice in numbers for the pool.

            1 Reply Last reply Reply Quote 0
            • C
              codeblue2k last edited by

              @hda:

              So probably the :5f0: goes on the WAN, and then you can assign the :5f1: upto the :5f8: to LAN's. Then per each LAN you may setup a DHCP6-server for the last 64 bits per your choice in numbers for the pool.

              So I did try that and I still didn't have any internet access. But what I did try was look at what subnet the home gateway gave me, which was :5ff:, and setup DHCP-6 on that subnet. This worked, but I'm not sure where :5ff: came from since its beyond the scope of the the :5f1: to :5f8: range that it gave me. Any thoughts?

              1 Reply Last reply Reply Quote 0
              • H
                hda last edited by

                Well, you first have to assure what the /56 is you get assigned and is a (quasi-)static (permanent) number. It all goes from there…

                Your LAN's should route with /64 to the world. How is your request of the prefix config'd on WAN ?

                1 Reply Last reply Reply Quote 0
                • H
                  hda last edited by

                  @codeblue2k:

                  …
                  But what I did try was look at what subnet the home gateway gave me, which was :5ff:, and setup DHCP-6 on that subnet.
                  ...

                  You can not have WAN on :5FF: and LAN on it too. Each LAN has its own unique subnetnumber.

                  Screenshot [Status: Interfaces] (WAN) (IPv6 address) ??

                  1 Reply Last reply Reply Quote 0
                  • C
                    codeblue2k last edited by

                    @hda:

                    @codeblue2k:

                    …
                    But what I did try was look at what subnet the home gateway gave me, which was :5ff:, and setup DHCP-6 on that subnet.
                    ...

                    You can not have WAN on :5FF: and LAN on it too. Each LAN has its own unique subnetnumber.

                    Screenshot [Status: Interfaces] (WAN) (IPv6 address) ??

                    My WAN address is :5F0: so its not using the same subnet as the LAN which has :5FF: when I manually configure it. I wonder is :5FF: is the DHCP range for my Home Gateway

                    1 Reply Last reply Reply Quote 0
                    • H
                      hda last edited by

                      So, if your Home-GateWay is another router, then pfSense(you) have to ask that H-GW with use of DHCP6(PD). Your pfSense is a slave of H-GW.

                      The H-GW decides & issues number for your pfSense-WAN and LAN's, therefore you must ask prefix-delegation of a certain size, say /62, with pfSense. Then next you can pick your subnet-number for a pfSense-LAN as Static, DHCP6-server or SLAAC.

                      1 Reply Last reply Reply Quote 0
                      • johnpoz
                        johnpoz LAYER 8 Global Moderator last edited by

                        If you want to actually use and manage ipv6 then yes I completely agree the track and getting from your isp is horrific.. You would be much better off getting a /48 from hurricane electric and just tunnel your ipv6 traffic.  You then can setup static on your lan interfaces in those subnets and do what you want with dhcpv6 and RA in pfsense.

                        Been very stable, been using them for years.. While your there do the cert testing and you can get a free tshirt wants you reach sage level.  Love to wear mine to promote ipv6 ;)

                        http://he.net/

                        1 Reply Last reply Reply Quote 0
                        • C
                          c0re last edited by

                          They forced the default behavior to be this way in 2.2.1. You aren't the only one that did not like this change (there are a lot of reasons not to use Track Interface, IMO but there are other discussions here about that).

                          This is what I had to do in order to be able to enable DHCPv6 as it was prior to 2.2.1: http://www.cmoullas.net/pfsense-2-2-1-breaks-teksavvy-ipv6-on-the-lan/

                          For a very complete video guide on how to configure IPv6 you can see this series of videos: https://www.youtube.com/watch?v=zdSI7Ez0Xhs

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post

                          Products

                          • Platform Overview
                          • TNSR
                          • pfSense Plus
                          • Appliances

                          Services

                          • Training
                          • Professional Services

                          Support

                          • Subscription Plans
                          • Contact Support
                          • Product Lifecycle
                          • Documentation

                          News

                          • Media Coverage
                          • Press
                          • Events

                          Resources

                          • Blog
                          • FAQ
                          • Find a Partner
                          • Resource Library
                          • Security Information

                          Company

                          • About Us
                          • Careers
                          • Partners
                          • Contact Us
                          • Legal
                          Our Mission

                          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                          Subscribe to our Newsletter

                          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                          © 2021 Rubicon Communications, LLC | Privacy Policy