Multiple interfaces with their own /64 using RA and DHCPv6


  • Hi,
    New to pfSense, but trying to mimic a setup we got on our old firewall, hopefully moving to pfSense, mainly due to OpenVPN support.

    I got a pfSense installation up and running, on the LAN side I got a LAN interface and a OPT interface.
    The LAN interface is setup with RA in assisted mode and the DHCPv6 server is a standalone server on the LAN (Windows)
    The OPT interface is setup with RA in assisted mode and the DHCPv6 server is local on the pfSense device.

    The /64 prefixes assigned to the interfaces are different ala 2001:db8:1000:1000::/64 and 2001:db8:1000:2000::/64

    My problem is that the the devices that are connected to the OPT interface gets an IPv6 address from the LAN prefix and not from the OPT interface.
    For IPv4 there is the same setup with DHCP ie Relay for LAN and local DHCP server for OPT and that works just fine.

    The ingress rules for the OPT interface allows access to * except for LAN IP subnet and pfSense IP's.

    Must I explicitly block so that RS and DHCPv6 from hosts on the OPT interface can not send to anything to the LAN prefix?


  • Nermind, need to go home, way to tired, host was connected to the wrong port and moving it, made everything work as expected. Sorry for the noise.